DATABASE RESOURCES PRICING ABOUT US

{"id": "OPENVAS:1361412562311220201350", "type": "openvas", "bulletinFamily": "scanner", "title": "Huawei EulerOS: Security Advisory for php (EulerOS-SA-2020-1350)", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "published": "2020-04-01T00:00:00", "modified": "2020-04-03T00:00:00", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201350", "reporter": "Copyright (C) 2020 Greenbone Networks GmbH", "references": ["2020-1350", "https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1350"], "cvelist": ["CVE-2019-11050", "CVE-2019-19204", "CVE-2017-7272", "CVE-2019-11046", "CVE-2019-19246", "CVE-2019-16163", "CVE-2019-11045", "CVE-2019-11047"], "lastseen": "2020-04-07T16:58:33", "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:3662"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2019-19204"]}, {"type": "amazon", "idList": ["ALAS-2020-1339", "ALAS2-2020-1380"]}, {"type": "cve", "idList": ["CVE-2017-7272", "CVE-2019-11045", "CVE-2019-11046", "CVE-2019-11047", "CVE-2019-11050", "CVE-2019-16163", "CVE-2019-19204", "CVE-2019-19246"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1490-1:AB1B2", "DEBIAN:DLA-1918-1:DAA1E", "DEBIAN:DLA-2020-1:A1433", "DEBIAN:DLA-2050-1:58506", "DEBIAN:DLA-2431-1:6BC5D", "DEBIAN:DLA-2431-1:BFD58", "DEBIAN:DLA-875-1:24A5F", "DEBIAN:DLA-875-1:2D95B", "DEBIAN:DSA-4626-1:0219B", "DEBIAN:DSA-4628-1:CE0DC"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-7272", "DEBIANCVE:CVE-2019-11045", "DEBIANCVE:CVE-2019-11046", "DEBIANCVE:CVE-2019-11047", "DEBIANCVE:CVE-2019-11050", "DEBIANCVE:CVE-2019-16163", "DEBIANCVE:CVE-2019-19204", "DEBIANCVE:CVE-2019-19246"]}, {"type": "f5", "idList": ["F5:K44650157", "F5:K48866433", "F5:K50301222"]}, {"type": "fedora", "idList": ["FEDORA:4A107604B000", "FEDORA:735A760C4528", "FEDORA:A505E6077833", "FEDORA:B8072601EDCC", "FEDORA:E0B4F6075B3D", "FEDORA:E804C60D0D7B"]}, {"type": "githubexploit", "idList": ["5A04D6D2-E51F-5BDE-9CA2-9F014E08F974", "E86A4378-613C-533C-B33F-FAA34DAF8B59"]}, {"type": "hackerone", "idList": ["H1:805013"]}, {"type": "kitploit", "idList": ["KITPLOIT:938862157373904649"]}, {"type": "mageia", "idList": ["MGASA-2019-0412", "MGASA-2020-0029"]}, {"type": "nessus", "idList": ["AL2_ALAS-2020-1380.NASL", "ALA_ALAS-2020-1339.NASL", "CENTOS8_RHSA-2020-3662.NASL", "DEBIAN_DLA-1490.NASL", "DEBIAN_DLA-1918.NASL", "DEBIAN_DLA-2020.NASL", "DEBIAN_DLA-2050.NASL", "DEBIAN_DLA-875.NASL", "DEBIAN_DSA-4626.NASL", "DEBIAN_DSA-4628.NASL", "EULEROS_SA-2019-2438.NASL", "EULEROS_SA-2019-2649.NASL", "EULEROS_SA-2020-1019.NASL", "EULEROS_SA-2020-1124.NASL", "EULEROS_SA-2020-1172.NASL", "EULEROS_SA-2020-1178.NASL", "EULEROS_SA-2020-1324.NASL", "EULEROS_SA-2020-1339.NASL", "EULEROS_SA-2020-1350.NASL", "EULEROS_SA-2020-1529.NASL", "EULEROS_SA-2020-1542.NASL", "EULEROS_SA-2020-1717.NASL", "EULEROS_SA-2020-1747.NASL", "EULEROS_SA-2020-2067.NASL", "EULEROS_SA-2020-2384.NASL", "FEDORA_2019-437D94E271.NASL", "FEDORA_2019-6A931C8EEC.NASL", "FEDORA_2019-73197FF9A0.NASL", "FEDORA_2019-A54A622670.NASL", "FEDORA_2019-D942ABD0D4.NASL", "FEDORA_2019-E4819C6510.NASL", "OPENSUSE-2020-80.NASL", "OPENSUSE-2021-1130.NASL", "OPENSUSE-2021-2575.NASL", "OPENSUSE-2021-2637.NASL", "OPENSUSE-2021-2795.NASL", "ORACLELINUX_ELSA-2020-3662.NASL", "PHOTONOS_PHSA-2019-2_0-0196_ONIGURUMA.NASL", "PHOTONOS_PHSA-2020-3_0-0047_ONIGURUMA.NASL", "PHP_7_2_26.NASL", "PHP_7_4_1.NASL", "REDHAT-RHSA-2020-3662.NASL", "SECURITYCENTER_5_19_0_TNS_2021_08.NASL", "SECURITYCENTER_5_19_0_TNS_2021_14.NASL", "SUSE_SU-2017-1585-1.NASL", "SUSE_SU-2017-1709-1.NASL", "SUSE_SU-2020-0101-1.NASL", "SUSE_SU-2020-0267-1.NASL", "SUSE_SU-2020-0352-1.NASL", "SUSE_SU-2020-0522-1.NASL", "SUSE_SU-2020-14289-1.NASL", "SUSE_SU-2021-2564-1.NASL", "SUSE_SU-2021-2636-1.NASL", "SUSE_SU-2021-2637-1.NASL", "SUSE_SU-2021-2638-1.NASL", "SUSE_SU-2021-2795-1.NASL", "UBUNTU_USN-4239-1.NASL", "WEB_APPLICATION_SCANNING_98925", "WEB_APPLICATION_SCANNING_98926", "WEB_APPLICATION_SCANNING_98927"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310108138", "OPENVAS:1361412562310108139", "OPENVAS:1361412562310143276", "OPENVAS:1361412562310143277", "OPENVAS:1361412562310143278", "OPENVAS:1361412562310143279", "OPENVAS:1361412562310704626", "OPENVAS:1361412562310704628", "OPENVAS:1361412562310844295", "OPENVAS:1361412562310853005", "OPENVAS:1361412562310877026", "OPENVAS:1361412562310877028", "OPENVAS:1361412562310877069", "OPENVAS:1361412562310877095", "OPENVAS:1361412562310877128", "OPENVAS:1361412562310877150", "OPENVAS:1361412562310890875", "OPENVAS:1361412562310891490", "OPENVAS:1361412562310891918", "OPENVAS:1361412562310892020", "OPENVAS:1361412562310892050", "OPENVAS:1361412562311220192438", "OPENVAS:1361412562311220192649", "OPENVAS:1361412562311220201019", "OPENVAS:1361412562311220201124", "OPENVAS:1361412562311220201172", "OPENVAS:1361412562311220201178", "OPENVAS:1361412562311220201324", "OPENVAS:1361412562311220201339", "OPENVAS:1361412562311220201529", "OPENVAS:1361412562311220201542", "OPENVAS:1361412562311220201717", "OPENVAS:1361412562311220201747"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-3662"]}, {"type": "osv", "idList": ["OSV:DLA-1490-1", "OSV:DLA-1918-1", "OSV:DLA-2020-1", "OSV:DLA-2050-1", "OSV:DLA-2431-1", "OSV:DLA-2431-2", "OSV:DLA-875-1", "OSV:DSA-4626-1", "OSV:DSA-4628-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:142013"]}, {"type": "photon", "idList": ["PHSA-2019-0036", "PHSA-2019-0196", "PHSA-2019-2.0-0196", "PHSA-2019-3.0-0036", "PHSA-2020-0047", "PHSA-2020-3.0-0047"]}, {"type": "redhat", "idList": ["RHSA-2020:3662", "RHSA-2020:5275"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-7272", "RH:CVE-2019-11045", "RH:CVE-2019-11046", "RH:CVE-2019-11047", "RH:CVE-2019-11050", "RH:CVE-2019-16163", "RH:CVE-2019-19204", "RH:CVE-2019-19246"]}, {"type": "seebug", "idList": ["SSV:92911"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:0080-1", "SUSE-SU-2017:1709-1"]}, {"type": "symantec", "idList": ["SMNTC-111239", "SMNTC-111241", "SMNTC-111242", "SMNTC-111314"]}, {"type": "ubuntu", "idList": ["USN-4239-1", "USN-4460-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-7272", "UB:CVE-2019-11045", "UB:CVE-2019-11046", "UB:CVE-2019-11047", "UB:CVE-2019-11050", "UB:CVE-2019-16163", "UB:CVE-2019-19204", "UB:CVE-2019-19246"]}, {"type": "veracode", "idList": ["VERACODE:21513", "VERACODE:28022", "VERACODE:28023", "VERACODE:28024", "VERACODE:28027"]}]}, "score": {"value": -0.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:3662"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2019-19204"]}, {"type": "amazon", "idList": ["ALAS-2020-1339"]}, {"type": "cve", "idList": ["CVE-2017-7272"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1490-1:AB1B2", "DEBIAN:DLA-2431-1:BFD58"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-16163", "DEBIANCVE:CVE-2019-19204", "DEBIANCVE:CVE-2019-19246"]}, {"type": "f5", "idList": ["F5:K44650157", "F5:K48866433", "F5:K50301222"]}, {"type": "fedora", "idList": ["FEDORA:4A107604B000", "FEDORA:735A760C4528", "FEDORA:A505E6077833", "FEDORA:B8072601EDCC", "FEDORA:E0B4F6075B3D", "FEDORA:E804C60D0D7B"]}, {"type": "githubexploit", "idList": ["5A04D6D2-E51F-5BDE-9CA2-9F014E08F974", "E86A4378-613C-533C-B33F-FAA34DAF8B59"]}, {"type": "hackerone", "idList": ["H1:805013"]}, {"type": "kitploit", "idList": ["KITPLOIT:938862157373904649"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/ALPINE-LINUX-CVE-2019-19246/", "MSF:ILITIES/CENTOS_LINUX-CVE-2019-19204/", "MSF:ILITIES/ORACLE_LINUX-CVE-2019-19204/", "MSF:ILITIES/REDHAT_LINUX-CVE-2019-19204/"]}, {"type": "nessus", "idList": ["AL2_ALAS-2020-1380.NASL", "ALA_ALAS-2020-1339.NASL", "EULEROS_SA-2020-1019.NASL", "FEDORA_2019-437D94E271.NASL", "FEDORA_2019-A54A622670.NASL", "OPENSUSE-2020-80.NASL", "PHOTONOS_PHSA-2019-2_0-0196_ONIGURUMA.NASL", "PHOTONOS_PHSA-2020-3_0-0047_ONIGURUMA.NASL", "PHP_7_2_26.NASL", "PHP_7_4_1.NASL", "REDHAT-RHSA-2020-3662.NASL", "SUSE_SU-2017-1709-1.NASL", "SUSE_SU-2020-0101-1.NASL", "SUSE_SU-2020-0267-1.NASL", "SUSE_SU-2020-0352-1.NASL", "SUSE_SU-2020-14289-1.NASL", "UBUNTU_USN-4239-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310108138", "OPENVAS:1361412562310108139", "OPENVAS:1361412562310844295", "OPENVAS:1361412562310853005", "OPENVAS:1361412562310877095", "OPENVAS:1361412562310877128", "OPENVAS:1361412562310877150", "OPENVAS:1361412562310892050", "OPENVAS:1361412562311220201019"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-3662"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:142013"]}, {"type": "photon", "idList": ["PHSA-2019-2.0-0196", "PHSA-2019-3.0-0036", "PHSA-2020-3.0-0047"]}, {"type": "redhat", "idList": ["RHSA-2020:3662"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-11045", "RH:CVE-2019-11046", "RH:CVE-2019-11047", "RH:CVE-2019-16163", "RH:CVE-2019-19204"]}, {"type": "seebug", "idList": ["SSV:92911"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:0080-1", "SUSE-SU-2017:1709-1"]}, {"type": "symantec", "idList": ["SMNTC-111239"]}, {"type": "ubuntu", "idList": ["USN-4239-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-11045", "UB:CVE-2019-11046", "UB:CVE-2019-11047", "UB:CVE-2019-11050", "UB:CVE-2019-16163", "UB:CVE-2019-19204", "UB:CVE-2019-19246"]}]}, "exploitation": null, "vulnersScore": -0.1}, "pluginID": "1361412562311220201350", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1350\");\n script_version(\"2020-04-03T06:07:41+0000\");\n script_cve_id(\"CVE-2017-7272\", \"CVE-2019-11045\", \"CVE-2019-11046\", \"CVE-2019-11047\", \"CVE-2019-11050\", \"CVE-2019-16163\", \"CVE-2019-19204\", \"CVE-2019-19246\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-03 06:07:41 +0000 (Fri, 03 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-01 13:54:33 +0000 (Wed, 01 Apr 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for php (EulerOS-SA-2020-1350)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.6\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1350\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1350\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'php' package(s) announced via the EulerOS-SA-2020-1350 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.(CVE-2019-11050)\n\nIn PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.(CVE-2019-11046)\n\nIn PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \\0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.(CVE-2019-11045)\n\nWhen PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.(CVE-2019-11047)\n\nPHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function.(CVE-2017-7272)\n\nOniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.(CVE-2019-16163)\n\nOniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.(CVE-2019-19246)\n\nAn issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.(CVE-2019-19204)\");\n\n script_tag(name:\"affected\", value:\"'php' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.6.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.6.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"php\", rpm:\"php~7.2.10~1.h13.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~7.2.10~1.h13.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~7.2.10~1.h13.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.6.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "naslFamily": "Huawei EulerOS Local Security Checks", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1660004461, "score": 1659875907}, "_internal": {"score_hash": "d2efb0beed88f38a6da7eaabe251b367"}}

{"openvas": [{"lastseen": "2020-03-04T16:49:46", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-02-25T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for php (EulerOS-SA-2020-1172)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11050", "CVE-2019-19204", "CVE-2017-7272", "CVE-2019-11046", "CVE-2019-19246", "CVE-2019-16163", "CVE-2019-11045", "CVE-2019-11047"], "modified": "2020-03-02T00:00:00", "id": "OPENVAS:1361412562311220201172", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201172", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1172\");\n script_version(\"2020-03-02T09:20:48+0000\");\n script_cve_id(\"CVE-2017-7272\", \"CVE-2019-11045\", \"CVE-2019-11046\", \"CVE-2019-11047\", \"CVE-2019-11050\", \"CVE-2019-16163\", \"CVE-2019-19204\", \"CVE-2019-19246\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-02 09:20:48 +0000 (Mon, 02 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-25 13:57:50 +0000 (Tue, 25 Feb 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for php (EulerOS-SA-2020-1172)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1172\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1172\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'php' package(s) announced via the EulerOS-SA-2020-1172 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.(CVE-2019-19204)\n\nOniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.(CVE-2019-16163)\n\nOniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.(CVE-2019-19246)\n\nPHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function.(CVE-2017-7272)\n\nIn PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \\0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.(CVE-2019-11045)\n\nIn PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.(CVE-2019-11046)\n\nWhen PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.(CVE-2019-11047)\n\nWhen PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.(CVE-2019-11050)\");\n\n script_tag(name:\"affected\", value:\"'php' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"php\", rpm:\"php~7.2.10~1.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~7.2.10~1.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~7.2.10~1.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-fpm\", rpm:\"php-fpm~7.2.10~1.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~7.2.10~1.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~7.2.10~1.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~7.2.10~1.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~7.2.10~1.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-process\", rpm:\"php-process~7.2.10~1.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~7.2.10~1.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~7.2.10~1.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~7.2.10~1.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~7.2.10~1.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-01-31T16:29:44", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-01-27T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for php7 (openSUSE-SU-2020:0080_1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11050", "CVE-2019-11046", "CVE-2019-11045", "CVE-2019-11047"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310853005", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310853005", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.853005\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2019-11045\", \"CVE-2019-11046\", \"CVE-2019-11047\", \"CVE-2019-11050\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-27 09:18:05 +0000 (Mon, 27 Jan 2020)\");\n script_name(\"openSUSE: Security Advisory for php7 (openSUSE-SU-2020:0080_1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2020:0080-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php7'\n package(s) announced via the openSUSE-SU-2020:0080-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for php7 fixes the following issues:\n\n - CVE-2019-11045: Fixed an issue with improper input validation in the\n filename handling of the DirectoryIterator class (bsc#1159923).\n\n - CVE-2019-11046: Fixed an information leak in bc_shift_addsub()\n (bsc#1159924).\n\n - CVE-2019-11047, CVE-2019-11050: Fixed multiple information leaks in\n exif_read_data() (bsc#1159922, bsc#1159927).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-80=1\");\n\n script_tag(name:\"affected\", value:\"'php7' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-mod_php7\", rpm:\"apache2-mod_php7~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-mod_php7-debuginfo\", rpm:\"apache2-mod_php7-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7\", rpm:\"php7~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-bcmath\", rpm:\"php7-bcmath~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-bcmath-debuginfo\", rpm:\"php7-bcmath-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-bz2\", rpm:\"php7-bz2~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-bz2-debuginfo\", rpm:\"php7-bz2-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-calendar\", rpm:\"php7-calendar~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-calendar-debuginfo\", rpm:\"php7-calendar-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-ctype\", rpm:\"php7-ctype~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-ctype-debuginfo\", rpm:\"php7-ctype-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-curl\", rpm:\"php7-curl~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-curl-debuginfo\", rpm:\"php7-curl-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-dba\", rpm:\"php7-dba~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-dba-debuginfo\", rpm:\"php7-dba-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-debuginfo\", rpm:\"php7-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-debugsource\", rpm:\"php7-debugsource~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-devel\", rpm:\"php7-devel~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-dom\", rpm:\"php7-dom~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-dom-debuginfo\", rpm:\"php7-dom-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-embed\", rpm:\"php7-embed~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-embed-debuginfo\", rpm:\"php7-embed-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-enchant\", rpm:\"php7-enchant~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-enchant-debuginfo\", rpm:\"php7-enchant-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-exif\", rpm:\"php7-exif~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-exif-debuginfo\", rpm:\"php7-exif-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-fastcgi\", rpm:\"php7-fastcgi~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-fastcgi-debuginfo\", rpm:\"php7-fastcgi-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-fileinfo\", rpm:\"php7-fileinfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-fileinfo-debuginfo\", rpm:\"php7-fileinfo-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-firebird\", rpm:\"php7-firebird~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-firebird-debuginfo\", rpm:\"php7-firebird-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-fpm\", rpm:\"php7-fpm~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-fpm-debuginfo\", rpm:\"php7-fpm-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-ftp\", rpm:\"php7-ftp~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-ftp-debuginfo\", rpm:\"php7-ftp-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-gd\", rpm:\"php7-gd~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-gd-debuginfo\", rpm:\"php7-gd-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-gettext\", rpm:\"php7-gettext~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-gettext-debuginfo\", rpm:\"php7-gettext-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-gmp\", rpm:\"php7-gmp~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-gmp-debuginfo\", rpm:\"php7-gmp-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-iconv\", rpm:\"php7-iconv~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-iconv-debuginfo\", rpm:\"php7-iconv-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-intl\", rpm:\"php7-intl~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-intl-debuginfo\", rpm:\"php7-intl-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-json\", rpm:\"php7-json~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-json-debuginfo\", rpm:\"php7-json-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-ldap\", rpm:\"php7-ldap~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-ldap-debuginfo\", rpm:\"php7-ldap-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-mbstring\", rpm:\"php7-mbstring~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-mbstring-debuginfo\", rpm:\"php7-mbstring-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-mysql\", rpm:\"php7-mysql~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-mysql-debuginfo\", rpm:\"php7-mysql-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-odbc\", rpm:\"php7-odbc~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-odbc-debuginfo\", rpm:\"php7-odbc-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-opcache\", rpm:\"php7-opcache~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-opcache-debuginfo\", rpm:\"php7-opcache-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-openssl\", rpm:\"php7-openssl~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-openssl-debuginfo\", rpm:\"php7-openssl-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pcntl\", rpm:\"php7-pcntl~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pcntl-debuginfo\", rpm:\"php7-pcntl-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pdo\", rpm:\"php7-pdo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pdo-debuginfo\", rpm:\"php7-pdo-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pgsql\", rpm:\"php7-pgsql~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pgsql-debuginfo\", rpm:\"php7-pgsql-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-phar\", rpm:\"php7-phar~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-phar-debuginfo\", rpm:\"php7-phar-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-posix\", rpm:\"php7-posix~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-posix-debuginfo\", rpm:\"php7-posix-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-readline\", rpm:\"php7-readline~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-readline-debuginfo\", rpm:\"php7-readline-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-shmop\", rpm:\"php7-shmop~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-shmop-debuginfo\", rpm:\"php7-shmop-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-snmp\", rpm:\"php7-snmp~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-snmp-debuginfo\", rpm:\"php7-snmp-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-soap\", rpm:\"php7-soap~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-soap-debuginfo\", rpm:\"php7-soap-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sockets\", rpm:\"php7-sockets~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sockets-debuginfo\", rpm:\"php7-sockets-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sodium\", rpm:\"php7-sodium~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sodium-debuginfo\", rpm:\"php7-sodium-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sqlite\", rpm:\"php7-sqlite~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sqlite-debuginfo\", rpm:\"php7-sqlite-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sysvmsg\", rpm:\"php7-sysvmsg~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sysvmsg-debuginfo\", rpm:\"php7-sysvmsg-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sysvsem\", rpm:\"php7-sysvsem~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sysvsem-debuginfo\", rpm:\"php7-sysvsem-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sysvshm\", rpm:\"php7-sysvshm~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sysvshm-debuginfo\", rpm:\"php7-sysvshm-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-test\", rpm:\"php7-test~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-tidy\", rpm:\"php7-tidy~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-tidy-debuginfo\", rpm:\"php7-tidy-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-tokenizer\", rpm:\"php7-tokenizer~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-tokenizer-debuginfo\", rpm:\"php7-tokenizer-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-wddx\", rpm:\"php7-wddx~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-wddx-debuginfo\", rpm:\"php7-wddx-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xmlreader\", rpm:\"php7-xmlreader~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xmlreader-debuginfo\", rpm:\"php7-xmlreader-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xmlrpc\", rpm:\"php7-xmlrpc~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xmlrpc-debuginfo\", rpm:\"php7-xmlrpc-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xmlwriter\", rpm:\"php7-xmlwriter~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xmlwriter-debuginfo\", rpm:\"php7-xmlwriter-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xsl\", rpm:\"php7-xsl~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xsl-debuginfo\", rpm:\"php7-xsl-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-zip\", rpm:\"php7-zip~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-zip-debuginfo\", rpm:\"php7-zip-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-zlib\", rpm:\"php7-zlib~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-zlib-debuginfo\", rpm:\"php7-zlib-debuginfo~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pear\", rpm:\"php7-pear~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pear-Archive_Tar\", rpm:\"php7-pear-Archive_Tar~7.2.5~lp151.6.19.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-01-08T13:05:04", "description": "PHP is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2019-12-19T00:00:00", "type": "openvas", "title": "PHP < 7.2.26 Multiple Vulnerabilities - Dec19 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11050", "CVE-2019-11046", "CVE-2019-11045", "CVE-2019-11047"], "modified": "2020-01-07T00:00:00", "id": "OPENVAS:1361412562310143276", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310143276", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:php:php\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.143276\");\n script_version(\"2020-01-07T08:25:23+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-07 08:25:23 +0000 (Tue, 07 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-12-19 08:49:01 +0000 (Thu, 19 Dec 2019)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n\n script_cve_id(\"CVE-2019-11046\", \"CVE-2019-11045\", \"CVE-2019-11050\", \"CVE-2019-11047\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"PHP < 7.2.26 Multiple Vulnerabilities - Dec19 (Linux)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_php_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"php/installed\", \"Host/runs_unixoide\");\n\n script_tag(name:\"summary\", value:\"PHP is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"PHP is prone to multiple vulnerabilities:\n\n - Buffer underflow in bc_shift_addsub (CVE-2019-11046)\n\n - DirectoryIterator class silently truncates after a null byte (CVE-2019-11045)\n\n - Use-after-free in exif parsing under memory sanitizer (CVE-2019-11050)\n\n - Heap-buffer-overflow READ in exif (CVE-2019-11047)\");\n\n script_tag(name:\"affected\", value:\"PHP versions before 7.2.26.\");\n\n script_tag(name:\"solution\", value:\"Update to version 7.2.26 or later.\");\n\n script_xref(name:\"URL\", value:\"https://www.php.net/ChangeLog-7.php#7.2.26\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (isnull(port = get_app_port(cpe: CPE)))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos[\"version\"];\nlocation = infos[\"location\"];\n\nif (version_is_less(version: version, test_version: \"7.2.26\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"7.2.26\", install_path: location);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-01-16T18:31:10", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-01-16T00:00:00", "type": "openvas", "title": "Ubuntu Update for php7.3 USN-4239-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11050", "CVE-2019-11046", "CVE-2019-11045", "CVE-2019-11047"], "modified": "2020-01-16T00:00:00", "id": "OPENVAS:1361412562310844295", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844295", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844295\");\n script_version(\"2020-01-16T07:19:44+0000\");\n script_cve_id(\"CVE-2019-11045\", \"CVE-2019-11046\", \"CVE-2019-11047\", \"CVE-2019-11050\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-16 07:19:44 +0000 (Thu, 16 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-16 04:00:13 +0000 (Thu, 16 Jan 2020)\");\n script_name(\"Ubuntu Update for php7.3 USN-4239-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU18\\.04 LTS|UBUNTU19\\.10|UBUNTU19\\.04|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"4239-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-January/005272.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php7.3'\n package(s) announced via the USN-4239-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that PHP incorrectly handled certain files. An attacker\ncould possibly use this issue to cause a denial of service. This issue only affected\nUbuntu 14.04 ESM, 16.04 LTS, 18.04 LTS, 19.04 and 19.10. (CVE-2019-11045)\n\nIt was discovered that PHP incorrectly handled certain inputs. An attacker\ncould possibly use this issue to expose sensitive information.\n(CVE-2019-11046)\n\nIt was discovered that PHP incorrectly handled certain images. An attacker\ncould possibly use this issue to access sensitive information.\n(CVE-2019-11047, CVE-2019-11050)\");\n\n script_tag(name:\"affected\", value:\"'php7.3' package(s) on Ubuntu 19.10, Ubuntu 19.04, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libapache2-mod-php7.2\", ver:\"7.2.24-0ubuntu0.18.04.2\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"php7.2-bcmath\", ver:\"7.2.24-0ubuntu0.18.04.2\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"php7.2-cgi\", ver:\"7.2.24-0ubuntu0.18.04.2\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"php7.2-cli\", ver:\"7.2.24-0ubuntu0.18.04.2\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"php7.2-fpm\", ver:\"7.2.24-0ubuntu0.18.04.2\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"php7.2-mbstring\", ver:\"7.2.24-0ubuntu0.18.04.2\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"php7.2-xmlrpc\", ver:\"7.2.24-0ubuntu0.18.04.2\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU19.10\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libapache2-mod-php7.3\", ver:\"7.3.11-0ubuntu0.19.10.2\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"php7.3-bcmath\", ver:\"7.3.11-0ubuntu0.19.10.2\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"php7.3-cgi\", ver:\"7.3.11-0ubuntu0.19.10.2\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"php7.3-cli\", ver:\"7.3.11-0ubuntu0.19.10.2\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"php7.3-fpm\", ver:\"7.3.11-0ubuntu0.19.10.2\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"php7.3-mbstring\", ver:\"7.3.11-0ubuntu0.19.10.2\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"php7.3-xmlrpc\", ver:\"7.3.11-0ubuntu0.19.10.2\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU19.04\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libapache2-mod-php7.2\", ver:\"7.2.24-0ubuntu0.19.04.2\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"php7.2-bcmath\", ver:\"7.2.24-0ubuntu0.19.04.2\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"php7.2-cgi\", ver:\"7.2.24-0ubuntu0.19.04.2\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"php7.2-cli\", ver:\"7.2.24-0ubuntu0.19.04.2\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"php7.2-fpm\", ver:\"7.2.24-0ubuntu0.19.04.2\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"php7.2-mbstring\", ver:\"7.2.24-0ubuntu0.19.04.2\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"php7.2-xmlrpc\", ver:\"7.2.24-0ubuntu0.19.04.2\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libapache2-mod-php7.0\", ver:\"7.0.33-0ubuntu0.16.04.9\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"php7.0-bcmath\", ver:\"7.0.33-0ubuntu0.16.04.9\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"php7.0-cgi\", ver:\"7.0.33-0ubuntu0.16.04.9\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"php7.0-cli\", ver:\"7.0.33-0ubuntu0.16.04.9\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"php7.0-fpm\", ver:\"7.0.33-0ubuntu0.16.04.9\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"php7.0-mbstring\", ver:\"7.0.33-0ubuntu0.16.04.9\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"php7.0-xmlrpc\", ver:\"7.0.33-0ubuntu0.16.04.9\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-01-29T19:30:19", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-12-30T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for php5 (DLA-2050-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11050", "CVE-2019-11046", "CVE-2019-11045", "CVE-2019-11047"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310892050", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892050", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892050\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2019-11045\", \"CVE-2019-11046\", \"CVE-2019-11047\", \"CVE-2019-11050\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-12-30 03:00:13 +0000 (Mon, 30 Dec 2019)\");\n script_name(\"Debian LTS: Security Advisory for php5 (DLA-2050-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-2050-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php5'\n package(s) announced via the DLA-2050-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Several security bugs have been identified and fixed in php5, a\nserver-side, HTML-embedded scripting language.\nThe affected components include the exif module and handling of filenames\nwith \\0 embedded.\");\n\n script_tag(name:\"affected\", value:\"'php5' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n5.6.40+dfsg-0+deb8u8.\n\nWe recommend that you upgrade your php5 packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.6.40+dfsg-0+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.6.40+dfsg-0+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libphp5-embed\", ver:\"5.6.40+dfsg-0+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.6.40+dfsg-0+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5\", ver:\"5.6.40+dfsg-0+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.6.40+dfsg-0+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.6.40+dfsg-0+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.6.40+dfsg-0+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.6.40+dfsg-0+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.6.40+dfsg-0+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.6.40+dfsg-0+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.6.40+dfsg-0+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.6.40+dfsg-0+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.6.40+dfsg-0+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.6.40+dfsg-0+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.6.40+dfsg-0+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.6.40+dfsg-0+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.6.40+dfsg-0+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.6.40+dfsg-0+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.6.40+dfsg-0+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.6.40+dfsg-0+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-mysqlnd\", ver:\"5.6.40+dfsg-0+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.6.40+dfsg-0+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.6.40+dfsg-0+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-phpdbg\", ver:\"5.6.40+dfsg-0+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.6.40+dfsg-0+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-readline\", ver:\"5.6.40+dfsg-0+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.6.40+dfsg-0+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.6.40+dfsg-0+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.6.40+dfsg-0+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.6.40+dfsg-0+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.6.40+dfsg-0+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.6.40+dfsg-0+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.6.40+dfsg-0+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-03-04T16:53:36", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-02-25T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2020-1178)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19204", "CVE-2019-19246", "CVE-2019-16163"], "modified": "2020-03-02T00:00:00", "id": "OPENVAS:1361412562311220201178", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201178", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1178\");\n script_version(\"2020-03-02T09:20:48+0000\");\n script_cve_id(\"CVE-2019-16163\", \"CVE-2019-19204\", \"CVE-2019-19246\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-02 09:20:48 +0000 (Mon, 02 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-25 13:58:04 +0000 (Tue, 25 Feb 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2020-1178)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1178\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1178\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'ruby' package(s) announced via the EulerOS-SA-2020-1178 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.(CVE-2019-19204)\n\nOniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.(CVE-2019-16163)\n\nOniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.(CVE-2019-19246)\");\n\n script_tag(name:\"affected\", value:\"'ruby' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~2.5.1~98.h6.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-irb\", rpm:\"ruby-irb~2.5.1~98.h6.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~2.5.1~98.h6.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-04-07T16:55:27", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-04-01T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2020-1339)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19204", "CVE-2019-19246", "CVE-2019-16163"], "modified": "2020-04-03T00:00:00", "id": "OPENVAS:1361412562311220201339", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201339", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1339\");\n script_version(\"2020-04-03T06:07:41+0000\");\n script_cve_id(\"CVE-2019-16163\", \"CVE-2019-19204\", \"CVE-2019-19246\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-03 06:07:41 +0000 (Fri, 03 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-01 13:54:00 +0000 (Wed, 01 Apr 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2020-1339)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.6\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1339\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1339\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'ruby' package(s) announced via the EulerOS-SA-2020-1339 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c(CVE-2019-16163)\n\nOniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.(CVE-2019-19246)\n\nAn out-of-bounds read vulnerability was found in Oniguruma in the way it handled regular expression quantifiers. A remote attacker could abuse this flaw by providing a malformed regular expression that, when processed by an application linked to Oniguruma, could possibly crash the application, resulting in a denial of service.(CVE-2019-19204)\");\n\n script_tag(name:\"affected\", value:\"'ruby' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.6.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.6.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~2.5.1~98.h6.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-irb\", rpm:\"ruby-irb~2.5.1~98.h6.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~2.5.1~98.h6.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-bigdecimal\", rpm:\"rubygem-bigdecimal~1.3.4~98.h6.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-io-console\", rpm:\"rubygem-io-console~0.4.6~98.h6.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-json\", rpm:\"rubygem-json~2.1.0~98.h6.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-openssl\", rpm:\"rubygem-openssl~2.1.0~98.h6.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-psych\", rpm:\"rubygem-psych~3.0.2~98.h6.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-rdoc\", rpm:\"rubygem-rdoc~6.0.1~98.h6.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygems\", rpm:\"rubygems~2.7.6~98.h6.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.6.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-03T13:04:04", "description": "PHP is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2019-12-19T00:00:00", "type": "openvas", "title": "PHP Multiple Vulnerabilities - Dec19 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11050", "CVE-2019-11049", "CVE-2019-11046", "CVE-2019-11045", "CVE-2019-11047"], "modified": "2019-12-19T00:00:00", "id": "OPENVAS:1361412562310143278", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310143278", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:php:php\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.143278\");\n script_version(\"2019-12-19T09:06:54+0000\");\n script_tag(name:\"last_modification\", value:\"2019-12-19 09:06:54 +0000 (Thu, 19 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-12-19 08:59:23 +0000 (Thu, 19 Dec 2019)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2019-11046\", \"CVE-2019-11045\", \"CVE-2019-11050\", \"CVE-2019-11047\", \"CVE-2019-11049\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"PHP Multiple Vulnerabilities - Dec19 (Linux)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_php_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"php/installed\", \"Host/runs_unixoide\");\n\n script_tag(name:\"summary\", value:\"PHP is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"PHP is prone to multiple vulnerabilities:\n\n - Buffer underflow in bc_shift_addsub (CVE-2019-11046)\n\n - DirectoryIterator class silently truncates after a null byte (CVE-2019-11045)\n\n - mail() may release string with refcount==1 twice (CVE-2019-11049)\n\n - Use-after-free in exif parsing under memory sanitizer (CVE-2019-11050)\n\n - Heap-buffer-overflow READ in exif (CVE-2019-11047)\");\n\n script_tag(name:\"affected\", value:\"PHP versions 7.3.x prior to 7.3.13 and 7.4.x prior to 7.4.1.\");\n\n script_tag(name:\"solution\", value:\"Update to version 7.3.13, 7.4.1 or later.\");\n\n script_xref(name:\"URL\", value:\"https://www.php.net/ChangeLog-7.php#7.3.13\");\n script_xref(name:\"URL\", value:\"https://www.php.net/ChangeLog-7.php#7.4.1\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (isnull(port = get_app_port(cpe: CPE)))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos[\"version\"];\nlocation = infos[\"location\"];\n\nif (version_in_range(version: version, test_version: \"7.3.0\", test_version2: \"7.3.12\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"7.3.13\", install_path: location);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif (version_is_equal(version: version, test_version: \"7.4.0\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"7.4.1\", install_path: location);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-08T13:05:04", "description": "PHP is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2019-12-19T00:00:00", "type": "openvas", "title": "PHP < 7.2.26 Multiple Vulnerabilities - Dec19 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11050", "CVE-2019-11044", "CVE-2019-11046", "CVE-2019-11045", "CVE-2019-11047"], "modified": "2020-01-07T00:00:00", "id": "OPENVAS:1361412562310143277", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310143277", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:php:php\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.143277\");\n script_version(\"2020-01-07T08:25:23+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-07 08:25:23 +0000 (Tue, 07 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-12-19 08:56:49 +0000 (Thu, 19 Dec 2019)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n\n script_cve_id(\"CVE-2019-11046\", \"CVE-2019-11045\", \"CVE-2019-11044\", \"CVE-2019-11050\", \"CVE-2019-11047\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"PHP < 7.2.26 Multiple Vulnerabilities - Dec19 (Windows)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_php_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"php/installed\", \"Host/runs_windows\");\n\n script_tag(name:\"summary\", value:\"PHP is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"PHP is prone to multiple vulnerabilities:\n\n - Buffer underflow in bc_shift_addsub (CVE-2019-11046)\n\n - link() silently truncates after a null byte on Windows (CVE-2019-11044)\n\n - DirectoryIterator class silently truncates after a null byte (CVE-2019-11045)\n\n - Use-after-free in exif parsing under memory sanitizer (CVE-2019-11050)\n\n - Heap-buffer-overflow READ in exif (CVE-2019-11047)\");\n\n script_tag(name:\"affected\", value:\"PHP versions before 7.2.26.\");\n\n script_tag(name:\"solution\", value:\"Update to version 7.2.26 or later.\");\n\n script_xref(name:\"URL\", value:\"https://www.php.net/ChangeLog-7.php#7.2.26\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (isnull(port = get_app_port(cpe: CPE)))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos[\"version\"];\nlocation = infos[\"location\"];\n\nif (version_is_less(version: version, test_version: \"7.2.26\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"7.2.26\", install_path: location);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-02-20T22:52:44", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-02-20T00:00:00", "type": "openvas", "title": "Debian: Security Advisory for php7.0 (DSA-4628-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11050", "CVE-2020-7059", "CVE-2019-11046", "CVE-2020-7060", "CVE-2019-11045", "CVE-2019-11047"], "modified": "2020-02-20T00:00:00", "id": "OPENVAS:1361412562310704628", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704628", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704628\");\n script_version(\"2020-02-20T04:00:14+0000\");\n script_cve_id(\"CVE-2019-11045\", \"CVE-2019-11046\", \"CVE-2019-11047\", \"CVE-2019-11050\", \"CVE-2020-7059\", \"CVE-2020-7060\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-02-20 04:00:14 +0000 (Thu, 20 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-20 04:00:14 +0000 (Thu, 20 Feb 2020)\");\n script_name(\"Debian: Security Advisory for php7.0 (DSA-4628-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2020/dsa-4628.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DSA-4628-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php7.0'\n package(s) announced via the DSA-4628-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple security issues were found in PHP, a widely-used open source\ngeneral purpose scripting language which could result in information\ndisclosure, denial of service or incorrect validation of path names.\");\n\n script_tag(name:\"affected\", value:\"'php7.0' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For the oldstable distribution (stretch), these problems have been fixed\nin version 7.0.33-0+deb9u7.\n\nWe recommend that you upgrade your php7.0 packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libapache2-mod-php7.0\", ver:\"7.0.33-0+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libphp7.0-embed\", ver:\"7.0.33-0+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0\", ver:\"7.0.33-0+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-bcmath\", ver:\"7.0.33-0+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-bz2\", ver:\"7.0.33-0+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-cgi\", ver:\"7.0.33-0+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-cli\", ver:\"7.0.33-0+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-common\", ver:\"7.0.33-0+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-curl\", ver:\"7.0.33-0+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-dba\", ver:\"7.0.33-0+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-dev\", ver:\"7.0.33-0+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-enchant\", ver:\"7.0.33-0+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-fpm\", ver:\"7.0.33-0+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-gd\", ver:\"7.0.33-0+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-gmp\", ver:\"7.0.33-0+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-imap\", ver:\"7.0.33-0+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-interbase\", ver:\"7.0.33-0+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-intl\", ver:\"7.0.33-0+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-json\", ver:\"7.0.33-0+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-ldap\", ver:\"7.0.33-0+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-mbstring\", ver:\"7.0.33-0+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-mcrypt\", ver:\"7.0.33-0+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-mysql\", ver:\"7.0.33-0+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-odbc\", ver:\"7.0.33-0+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-opcache\", ver:\"7.0.33-0+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-pgsql\", ver:\"7.0.33-0+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-phpdbg\", ver:\"7.0.33-0+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-pspell\", ver:\"7.0.33-0+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-readline\", ver:\"7.0.33-0+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-recode\", ver:\"7.0.33-0+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-snmp\", ver:\"7.0.33-0+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-soap\", ver:\"7.0.33-0+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-sqlite3\", ver:\"7.0.33-0+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-sybase\", ver:\"7.0.33-0+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-tidy\", ver:\"7.0.33-0+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-xml\", ver:\"7.0.33-0+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-xmlrpc\", ver:\"7.0.33-0+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-xsl\", ver:\"7.0.33-0+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-zip\", ver:\"7.0.33-0+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-01-14T14:48:04", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-01-08T00:00:00", "type": "openvas", "title": "Fedora Update for php FEDORA-2019-437d94e271", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11050", "CVE-2019-11049", "CVE-2019-11044", "CVE-2019-11046", "CVE-2019-11045", "CVE-2019-11047"], "modified": "2020-01-13T00:00:00", "id": "OPENVAS:1361412562310877095", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877095", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877095\");\n script_version(\"2020-01-13T11:49:13+0000\");\n script_cve_id(\"CVE-2019-11046\", \"CVE-2019-11044\", \"CVE-2019-11045\", \"CVE-2019-11049\", \"CVE-2019-11050\", \"CVE-2019-11047\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-13 11:49:13 +0000 (Mon, 13 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-08 11:19:03 +0000 (Wed, 08 Jan 2020)\");\n script_name(\"Fedora Update for php FEDORA-2019-437d94e271\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-437d94e271\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php'\n package(s) announced via the FEDORA-2019-437d94e271 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"PHP is an HTML-embedded scripting language. PHP attempts to make it\neasy for developers to write dynamically generated web pages. PHP also\noffers built-in database integration for several commercial and\nnon-commercial database management systems, so writing a\ndatabase-enabled webpage with PHP is fairly simple. The most common\nuse of PHP coding is probably as a replacement for CGI scripts.\n\nThe php package contains the module (often referred to as mod_php)\nwhich adds support for the PHP language to Apache HTTP Server.\");\n\n script_tag(name:\"affected\", value:\"'php' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"php\", rpm:\"php~7.3.13~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-14T14:48:53", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-01-09T00:00:00", "type": "openvas", "title": "Fedora Update for php FEDORA-2019-a54a622670", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11050", "CVE-2019-11049", "CVE-2019-11044", "CVE-2019-11046", "CVE-2019-11045", "CVE-2019-11047"], "modified": "2020-01-13T00:00:00", "id": "OPENVAS:1361412562310877150", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877150", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877150\");\n script_version(\"2020-01-13T11:49:13+0000\");\n script_cve_id(\"CVE-2019-11046\", \"CVE-2019-11044\", \"CVE-2019-11045\", \"CVE-2019-11049\", \"CVE-2019-11050\", \"CVE-2019-11047\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-13 11:49:13 +0000 (Mon, 13 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 07:28:48 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"Fedora Update for php FEDORA-2019-a54a622670\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2019-a54a622670\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php'\n package(s) announced via the FEDORA-2019-a54a622670 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"PHP is an HTML-embedded scripting language. PHP attempts to make it\neasy for developers to write dynamically generated web pages. PHP also\noffers built-in database integration for several commercial and\nnon-commercial database management systems, so writing a\ndatabase-enabled webpage with PHP is fairly simple. The most common\nuse of PHP coding is probably as a replacement for CGI scripts.\n\nThe php package contains the module (often referred to as mod_php)\nwhich adds support for the PHP language to Apache HTTP Server.\");\n\n script_tag(name:\"affected\", value:\"'php' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"php\", rpm:\"php~7.3.13~1.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-03T13:04:04", "description": "PHP is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2019-12-19T00:00:00", "type": "openvas", "title": "PHP Multiple Vulnerabilities - Dec19 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11050", "CVE-2019-11049", "CVE-2019-11044", "CVE-2019-11046", "CVE-2019-11045", "CVE-2019-11047"], "modified": "2019-12-19T00:00:00", "id": "OPENVAS:1361412562310143279", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310143279", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:php:php\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.143279\");\n script_version(\"2019-12-19T09:06:54+0000\");\n script_tag(name:\"last_modification\", value:\"2019-12-19 09:06:54 +0000 (Thu, 19 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-12-19 09:05:01 +0000 (Thu, 19 Dec 2019)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2019-11046\", \"CVE-2019-11044\", \"CVE-2019-11045\", \"CVE-2019-11050\", \"CVE-2019-11047\",\n \"CVE-2019-11049\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"PHP Multiple Vulnerabilities - Dec19 (Windows)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_php_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"php/installed\", \"Host/runs_windows\");\n\n script_tag(name:\"summary\", value:\"PHP is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"PHP is prone to multiple vulnerabilities:\n\n - Buffer underflow in bc_shift_addsub (CVE-2019-11046)\n\n - link() silently truncates after a null byte on Windows (CVE-2019-11044)\n\n - DirectoryIterator class silently truncates after a null byte (CVE-2019-11045)\n\n - mail() may release string with refcount==1 twice (CVE-2019-11049)\n\n - Use-after-free in exif parsing under memory sanitizer (CVE-2019-11050)\n\n - Heap-buffer-overflow READ in exif (CVE-2019-11047)\");\n\n script_tag(name:\"affected\", value:\"PHP versions 7.3.x prior to 7.3.13 and 7.4.x prior to 7.4.1.\");\n\n script_tag(name:\"solution\", value:\"Update to version 7.3.13, 7.4.1 or later.\");\n\n script_xref(name:\"URL\", value:\"https://www.php.net/ChangeLog-7.php#7.3.13\");\n script_xref(name:\"URL\", value:\"https://www.php.net/ChangeLog-7.php#7.4.1\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (isnull(port = get_app_port(cpe: CPE)))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos[\"version\"];\nlocation = infos[\"location\"];\n\nif (version_in_range(version: version, test_version: \"7.3.0\", test_version2: \"7.3.12\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"7.3.13\", install_path: location);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif (version_is_equal(version: version, test_version: \"7.4.0\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"7.4.1\", install_path: location);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-19T16:49:36", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for oniguruma (EulerOS-SA-2020-1019)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19204", "CVE-2019-19203", "CVE-2019-19246", "CVE-2019-16163"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220201019", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201019", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1019\");\n script_version(\"2020-01-23T13:16:31+0000\");\n script_cve_id(\"CVE-2019-16163\", \"CVE-2019-19203\", \"CVE-2019-19204\", \"CVE-2019-19246\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:16:31 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:16:31 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for oniguruma (EulerOS-SA-2020-1019)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1019\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1019\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'oniguruma' package(s) announced via the EulerOS-SA-2020-1019 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.(CVE-2019-16163)\n\nAn issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read.(CVE-2019-19203)\n\nAn issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.(CVE-2019-19204)\n\nOniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.(CVE-2019-19246)\");\n\n script_tag(name:\"affected\", value:\"'oniguruma' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"oniguruma\", rpm:\"oniguruma~6.9.0~2.h4.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-05-08T09:01:59", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-04-30T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for php (EulerOS-SA-2020-1542)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10397", "CVE-2019-11050", "CVE-2019-19204", "CVE-2017-7272", "CVE-2017-16642", "CVE-2019-19246", "CVE-2019-11047", "CVE-2017-11145", "CVE-2016-7412"], "modified": "2020-05-04T00:00:00", "id": "OPENVAS:1361412562311220201542", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201542", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1542\");\n script_version(\"2020-05-04T12:56:06+0000\");\n script_cve_id(\"CVE-2016-10397\", \"CVE-2016-7412\", \"CVE-2017-11145\", \"CVE-2017-16642\", \"CVE-2017-7272\", \"CVE-2019-11047\", \"CVE-2019-11050\", \"CVE-2019-19204\", \"CVE-2019-19246\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-05-04 12:56:06 +0000 (Mon, 04 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-30 12:13:02 +0000 (Thu, 30 Apr 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for php (EulerOS-SA-2020-1542)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.2\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1542\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1542\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'php' package(s) announced via the EulerOS-SA-2020-1542 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the 'chunked' value were not being correctly rejected. The impact was limited but if combined with the 'http-reuse always' setting, it could be used to help construct an HTTP request smuggling attack against a vulnerable component employing a lenient parser that would ignore the content-length header as soon as it saw a transfer-encoding one (even if not entirely valid according to the specification).(CVE-2017-16642)\n\nIn PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.(CVE-2017-11145)\n\next/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.(CVE-2016-10397)\n\nDouble free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP through 5.5.20 and 5.6.x through 5.6.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.(CVE-2016-7412)\n\nOniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.(CVE-2019-19246)\n\nWhen PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.(CVE-2019-11047)\n\nmain/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread safety, which allows remote attackers to cause a denial of service (race condition and heap memory corruption) by leveraging an application that performs many temporary-file accesses.(CVE-2017-7272)\n\nWhen PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'php' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.2.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.2.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"php\", rpm:\"php~5.4.16~45.h29\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.4.16~45.h29\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.4.16~45.h29\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-20T18:52:55", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-02-19T00:00:00", "type": "openvas", "title": "Debian: Security Advisory for php7.3 (DSA-4626-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11050", "CVE-2019-11049", "CVE-2020-7059", "CVE-2019-11046", "CVE-2020-7060", "CVE-2019-11045", "CVE-2019-11047"], "modified": "2020-02-19T00:00:00", "id": "OPENVAS:1361412562310704626", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704626", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704626\");\n script_version(\"2020-02-19T04:00:20+0000\");\n script_cve_id(\"CVE-2019-11045\", \"CVE-2019-11046\", \"CVE-2019-11047\", \"CVE-2019-11049\", \"CVE-2019-11050\", \"CVE-2020-7059\", \"CVE-2020-7060\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-02-19 04:00:20 +0000 (Wed, 19 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-19 04:00:20 +0000 (Wed, 19 Feb 2020)\");\n script_name(\"Debian: Security Advisory for php7.3 (DSA-4626-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB10\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2020/dsa-4626.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DSA-4626-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php7.3'\n package(s) announced via the DSA-4626-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple security issues were found in PHP, a widely-used open source\ngeneral purpose scripting language which could result in information\ndisclosure, denial of service or incorrect validation of path names.\");\n\n script_tag(name:\"affected\", value:\"'php7.3' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For the stable distribution (buster), these problems have been fixed in\nversion 7.3.14-1~deb10u1.\n\nWe recommend that you upgrade your php7.3 packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libapache2-mod-php7.3\", ver:\"7.3.14-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libphp7.3-embed\", ver:\"7.3.14-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3\", ver:\"7.3.14-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-bcmath\", ver:\"7.3.14-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-bz2\", ver:\"7.3.14-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-cgi\", ver:\"7.3.14-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-cli\", ver:\"7.3.14-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-common\", ver:\"7.3.14-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-curl\", ver:\"7.3.14-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-dba\", ver:\"7.3.14-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-dev\", ver:\"7.3.14-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-enchant\", ver:\"7.3.14-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-fpm\", ver:\"7.3.14-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-gd\", ver:\"7.3.14-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-gmp\", ver:\"7.3.14-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-imap\", ver:\"7.3.14-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-interbase\", ver:\"7.3.14-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-intl\", ver:\"7.3.14-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-json\", ver:\"7.3.14-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-ldap\", ver:\"7.3.14-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-mbstring\", ver:\"7.3.14-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-mysql\", ver:\"7.3.14-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-odbc\", ver:\"7.3.14-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-opcache\", ver:\"7.3.14-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-pgsql\", ver:\"7.3.14-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-phpdbg\", ver:\"7.3.14-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-pspell\", ver:\"7.3.14-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-readline\", ver:\"7.3.14-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-recode\", ver:\"7.3.14-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-snmp\", ver:\"7.3.14-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-soap\", ver:\"7.3.14-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-sqlite3\", ver:\"7.3.14-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-sybase\", ver:\"7.3.14-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-tidy\", ver:\"7.3.14-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-xml\", ver:\"7.3.14-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-xmlrpc\", ver:\"7.3.14-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-xsl\", ver:\"7.3.14-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.3-zip\", ver:\"7.3.14-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-26T16:48:16", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-02-24T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for php (EulerOS-SA-2020-1124)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10397", "CVE-2017-7272", "CVE-2017-16642", "CVE-2016-7411", "CVE-2019-19246", "CVE-2019-11045", "CVE-2019-11047", "CVE-2017-11145", "CVE-2016-7412"], "modified": "2020-02-24T00:00:00", "id": "OPENVAS:1361412562311220201124", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201124", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1124\");\n script_version(\"2020-02-24T09:06:59+0000\");\n script_cve_id(\"CVE-2016-10397\", \"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2017-11145\", \"CVE-2017-16642\", \"CVE-2017-7272\", \"CVE-2019-11045\", \"CVE-2019-11047\", \"CVE-2019-19246\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-02-24 09:06:59 +0000 (Mon, 24 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-24 09:06:59 +0000 (Mon, 24 Feb 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for php (EulerOS-SA-2020-1124)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1124\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1124\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'php' package(s) announced via the EulerOS-SA-2020-1124 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.(CVE-2016-7412)\n\next/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.(CVE-2016-7411)\n\nIn PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:80#@good.example.com/ and evil.example.com:80?@good.example.com/ inputs to the parse_url function (implemented in the php_url_parse_ex function in ext/standard/url.c).(CVE-2016-10397)\n\nIn PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: the correct fix is in the e8b7698f5ee757ce2c8bd10a192a491a498f891c commit, not the bd77ac90d3bdf31ce2a5251ad92e9e75 gist.(CVE-2017-11145)\n\nIn PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.(CVE-2017-16642)\n\nIn PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \\0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.(CVE-2019-11045)\n\nOniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.(CVE-2019-19246)\n\nPHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specifi ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'php' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"php\", rpm:\"php~5.4.16~45.h27.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.4.16~45.h27.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.4.16~45.h27.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.4.16~45.h27.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.4.16~45.h27.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.4.16~45.h27.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.4.16~45.h27.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.4.16~45.h27.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.4.16~45.h27.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-process\", rpm:\"php-process~5.4.16~45.h27.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.4.16~45.h27.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.4.16~45.h27.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.4.16~45.h27.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.4.16~45.h27.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T19:29:36", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-12-05T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for libonig (DLA-2020-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19012", "CVE-2019-19204", "CVE-2019-19246"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310892020", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892020", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892020\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2019-19012\", \"CVE-2019-19204\", \"CVE-2019-19246\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-12-05 03:00:09 +0000 (Thu, 05 Dec 2019)\");\n script_name(\"Debian LTS: Security Advisory for libonig (DLA-2020-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/12/msg00002.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-2020-1\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/944959\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/945313\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libonig'\n package(s) announced via the DLA-2020-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Several vulnerabilities were discovered in the Oniguruma regular\nexpressions library, notably used in PHP mbstring.\n\nCVE-2019-19012\n\nAn integer overflow in the search_in_range function in regexec.c\nleads to an out-of-bounds read, in which the offset of this read\nis under the control of an attacker. (This only affects the 32-bit\ncompiled version). Remote attackers can cause a denial-of-service\nor information disclosure, or possibly have unspecified other\nimpact, via a crafted regular expression.\n\nCVE-2019-19204\n\nIn the function fetch_range_quantifier in regparse.c, PFETCH is\ncalled without checking PEND. This leads to a heap-based buffer\nover-read and lead to denial-of-service via a crafted regular\nexpression.\n\nCVE-2019-19246\n\nHeap-based buffer over-read in str_lower_case_match in regexec.c\ncan lead to denial-of-service via a crafted regular expression.\");\n\n script_tag(name:\"affected\", value:\"'libonig' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n5.9.5-3.2+deb8u4.\n\nWe recommend that you upgrade your libonig packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libonig-dev\", ver:\"5.9.5-3.2+deb8u4\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libonig2\", ver:\"5.9.5-3.2+deb8u4\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libonig2-dbg\", ver:\"5.9.5-3.2+deb8u4\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-19T14:46:02", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-12-08T00:00:00", "type": "openvas", "title": "Fedora Update for oniguruma FEDORA-2019-73197ff9a0", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19012", "CVE-2019-19204", "CVE-2019-19203", "CVE-2019-13224", "CVE-2019-13225", "CVE-2019-19246", "CVE-2019-16163"], "modified": "2019-12-18T00:00:00", "id": "OPENVAS:1361412562310877069", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877069", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877069\");\n script_version(\"2019-12-18T09:57:42+0000\");\n script_cve_id(\"CVE-2019-19204\", \"CVE-2019-19203\", \"CVE-2019-19012\", \"CVE-2019-16163\", \"CVE-2019-19246\", \"CVE-2019-13225\", \"CVE-2019-13224\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-12-18 09:57:42 +0000 (Wed, 18 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-12-08 03:30:47 +0000 (Sun, 08 Dec 2019)\");\n script_name(\"Fedora Update for oniguruma FEDORA-2019-73197ff9a0\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-73197ff9a0\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3MBNW6Z4DOXSCNWGBLQ7OA3OGUJ44WL\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'oniguruma'\n package(s) announced via the FEDORA-2019-73197ff9a0 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Oniguruma is a regular expressions library.\nThe characteristics of this library is that different character encoding\nfor every regular expression object can be specified.\n(supported APIs: GNU regex, POSIX and Oniguruma native)\");\n\n script_tag(name:\"affected\", value:\"'oniguruma' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"oniguruma\", rpm:\"oniguruma~6.9.2~4.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-14T14:48:49", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-01-09T00:00:00", "type": "openvas", "title": "Fedora Update for oniguruma FEDORA-2019-d942abd0d4", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19012", "CVE-2019-19204", "CVE-2019-19203", "CVE-2019-19246"], "modified": "2020-01-13T00:00:00", "id": "OPENVAS:1361412562310877128", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877128", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877128\");\n script_version(\"2020-01-13T11:49:13+0000\");\n script_cve_id(\"CVE-2019-19246\", \"CVE-2019-19204\", \"CVE-2019-19203\", \"CVE-2019-19012\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-13 11:49:13 +0000 (Mon, 13 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 07:26:53 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"Fedora Update for oniguruma FEDORA-2019-d942abd0d4\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2019-d942abd0d4\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NO267PLHGYZSWX3XTRPKYBKD4J3YOU5V\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'oniguruma'\n package(s) announced via the FEDORA-2019-d942abd0d4 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Oniguruma is a regular expressions library.\nThe characteristics of this library is that different character encoding\nfor every regular expression object can be specified.\n(supported APIs: GNU regex, POSIX and Oniguruma native)\");\n\n script_tag(name:\"affected\", value:\"'oniguruma' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"oniguruma\", rpm:\"oniguruma~6.9.4~1.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:26", "description": "This host is installed with PHP and is prone\n to a security bypass vulnerability.", "cvss3": {}, "published": "2017-04-18T00:00:00", "type": "openvas", "title": "PHP Server Side Request Forgery Security Bypass Vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7272"], "modified": "2018-10-19T00:00:00", "id": "OPENVAS:1361412562310108139", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108139", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_97178_win.nasl 11982 2018-10-19 08:49:21Z mmartin $\n#\n# PHP Server Side Request Forgery Security Bypass Vulnerability (Windows)\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108139\");\n script_version(\"$Revision: 11982 $\");\n script_cve_id(\"CVE-2017-7272\");\n script_bugtraq_id(97178);\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-19 10:49:21 +0200 (Fri, 19 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-18 06:00:00 +0200 (Tue, 18 Apr 2017)\");\n script_name(\"PHP Server Side Request Forgery Security Bypass Vulnerability (Windows)\");\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_php_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"php/installed\", \"Host/runs_windows\");\n\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-7.php\");\n script_xref(name:\"URL\", value:\"http://bugs.php.net/74216\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PHP and is prone\n to a security bypass vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to the php_wddx_pop_element\n function in ext/wddx/wddx.c via an inapplicable class name in a wddxPacket XML document,\n leading to mishandling in a wddx_deserialize call.\");\n\n script_tag(name:\"impact\", value:\"An attacker can exploit this issue to bypass security\n restrictions and perform unauthorized actions. This may aid in further attacks.\");\n\n script_tag(name:\"affected\", value:\"PHP versions 7.0.x before 7.0.18 and 7.1.x before 7.1.4.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to PHP version 7.0.18, 7.1.4\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( version_in_range( version:vers, test_version:\"7.0\", test_version2:\"7.0.17\" ) ) {\n vuln = TRUE;\n fix = \"7.0.18\";\n}\n\nif( vers =~ \"^7\\.1\") {\n if( version_is_less( version:vers, test_version:\"7.1.4\" ) ) {\n vuln = TRUE;\n fix = \"7.1.4\";\n }\n}\n\nif( vuln ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:fix );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:34:21", "description": "This host is installed with PHP and is prone\n to a security bypass vulnerability.", "cvss3": {}, "published": "2017-04-18T00:00:00", "type": "openvas", "title": "PHP Server Side Request Forgery Security Bypass Vulnerability (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7272"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:1361412562310108138", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108138", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_97178_lin.nasl 11874 2018-10-12 11:28:04Z mmartin $\n#\n# PHP Server Side Request Forgery Security Bypass Vulnerability (Linux)\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108138\");\n script_version(\"$Revision: 11874 $\");\n script_cve_id(\"CVE-2017-7272\");\n script_bugtraq_id(97178);\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 13:28:04 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-18 06:00:00 +0200 (Tue, 18 Apr 2017)\");\n script_name(\"PHP Server Side Request Forgery Security Bypass Vulnerability (Linux)\");\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_php_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"php/installed\", \"Host/runs_unixoide\");\n\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-7.php\");\n script_xref(name:\"URL\", value:\"http://bugs.php.net/74216\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PHP and is prone\n to a security bypass vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to the php_wddx_pop_element\n function in ext/wddx/wddx.c via an inapplicable class name in a wddxPacket XML document,\n leading to mishandling in a wddx_deserialize call.\");\n\n script_tag(name:\"impact\", value:\"An attacker can exploit this issue to bypass security\n restrictions and perform unauthorized actions. This may aid in further attacks.\");\n\n script_tag(name:\"affected\", value:\"PHP versions 7.0.x before 7.0.18 and 7.1.x before 7.1.4.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to PHP version 7.0.18, 7.1.4\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( version_in_range( version:vers, test_version:\"7.0\", test_version2:\"7.0.17\" ) ) {\n vuln = TRUE;\n fix = \"7.0.18\";\n}\n\nif( vers =~ \"^7\\.1\") {\n if( version_is_less( version:vers, test_version:\"7.1.4\" ) ) {\n vuln = TRUE;\n fix = \"7.1.4\";\n }\n}\n\nif( vuln ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:fix );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-01-29T19:29:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-09-13T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for libonig (DLA-1918-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16163"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891918", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891918", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891918\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2019-16163\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-09-13 02:00:06 +0000 (Fri, 13 Sep 2019)\");\n script_name(\"Debian LTS: Security Advisory for libonig (DLA-1918-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/09/msg00010.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-1918-1\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/939988\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libonig'\n package(s) announced via the DLA-1918-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The Oniguruma regular expressions library, notably used in PHP\nmbstring, is vulnerable to stack exhaustion. A crafted regular\nexpression can crash the process.\");\n\n script_tag(name:\"affected\", value:\"'libonig' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', this problem has been fixed in version\n5.9.5-3.2+deb8u3.\n\nWe recommend that you upgrade your libonig packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libonig-dev\", ver:\"5.9.5-3.2+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libonig2\", ver:\"5.9.5-3.2+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libonig2-dbg\", ver:\"5.9.5-3.2+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-29T20:10:34", "description": "Two vulnerabilities have been discovered in php5, a server-side,\nHTML-embedded scripting language. One (CVE-2018-14851) results in a\npotential denial of service (out-of-bounds read and application crash)\nvia a crafted JPEG file. The other (CVE-2018-14883) is an Integer\nOverflow that leads to a heap-based buffer over-read.\n\nAdditionally, a previously introduced patch for CVE-2017-7272 was found\nto negatively affect existing PHP applications (#890266). As a result\nof the negative effects and the fact that the security team has marked\nthe CVE in question as ", "cvss3": {}, "published": "2018-09-03T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for php5 (DLA-1490-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7272", "CVE-2018-14851", "CVE-2018-14883"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891490", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891490", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891490\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-7272\", \"CVE-2018-14851\", \"CVE-2018-14883\");\n script_name(\"Debian LTS: Security Advisory for php5 (DLA-1490-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-09-03 00:00:00 +0200 (Mon, 03 Sep 2018)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/09/msg00000.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"php5 on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n5.6.37+dfsg-0+deb8u1.\n\nWe recommend that you upgrade your php5 packages.\");\n\n script_tag(name:\"summary\", value:\"Two vulnerabilities have been discovered in php5, a server-side,\nHTML-embedded scripting language. One (CVE-2018-14851) results in a\npotential denial of service (out-of-bounds read and application crash)\nvia a crafted JPEG file. The other (CVE-2018-14883) is an Integer\nOverflow that leads to a heap-based buffer over-read.\n\nAdditionally, a previously introduced patch for CVE-2017-7272 was found\nto negatively affect existing PHP applications (#890266). As a result\nof the negative effects and the fact that the security team has marked\nthe CVE in question as 'ignore, ' the patch has been dropped.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.6.37+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.6.37+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libphp5-embed\", ver:\"5.6.37+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.6.37+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5\", ver:\"5.6.37+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.6.37+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.6.37+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.6.37+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.6.37+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.6.37+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.6.37+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.6.37+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.6.37+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.6.37+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.6.37+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.6.37+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.6.37+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.6.37+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.6.37+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.6.37+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.6.37+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-mysqlnd\", ver:\"5.6.37+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.6.37+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.6.37+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-phpdbg\", ver:\"5.6.37+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.6.37+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-readline\", ver:\"5.6.37+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.6.37+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.6.37+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.6.37+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.6.37+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.6.37+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.6.37+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.6.37+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-12-04T15:40:33", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-11-21T00:00:00", "type": "openvas", "title": "Fedora Update for oniguruma FEDORA-2019-6a931c8eec", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13224", "CVE-2019-13225", "CVE-2019-16163"], "modified": "2019-12-04T00:00:00", "id": "OPENVAS:1361412562310877028", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877028", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877028\");\n script_version(\"2019-12-04T09:04:42+0000\");\n script_cve_id(\"CVE-2019-16163\", \"CVE-2019-13225\", \"CVE-2019-13224\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-12-04 09:04:42 +0000 (Wed, 04 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-11-21 03:39:38 +0000 (Thu, 21 Nov 2019)\");\n script_name(\"Fedora Update for oniguruma FEDORA-2019-6a931c8eec\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-6a931c8eec\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZW47MSFZ6WYOAOFXHBDGU4LYACFRKC2Y\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'oniguruma'\n package(s) announced via the FEDORA-2019-6a931c8eec advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Oniguruma is a regular expressions library.\nThe characteristics of this library is that different character encoding\nfor every regular expression object can be specified.\n(supported APIs: GNU regex, POSIX and Oniguruma native)\");\n\n script_tag(name:\"affected\", value:\"'oniguruma' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"oniguruma\", rpm:\"oniguruma~6.9.1~3.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-04T15:43:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-11-21T00:00:00", "type": "openvas", "title": "Fedora Update for oniguruma FEDORA-2019-e4819c6510", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13224", "CVE-2019-13225", "CVE-2019-16163"], "modified": "2019-12-04T00:00:00", "id": "OPENVAS:1361412562310877026", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877026", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877026\");\n script_version(\"2019-12-04T09:04:42+0000\");\n script_cve_id(\"CVE-2019-16163\", \"CVE-2019-13225\", \"CVE-2019-13224\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-12-04 09:04:42 +0000 (Wed, 04 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-11-21 03:39:35 +0000 (Thu, 21 Nov 2019)\");\n script_name(\"Fedora Update for oniguruma FEDORA-2019-e4819c6510\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-e4819c6510\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NWOWZZNFSAWM3BUTQNAE3PD44A6JU4KE\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'oniguruma'\n package(s) announced via the FEDORA-2019-e4819c6510 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Oniguruma is a regular expressions library.\nThe characteristics of this library is that different character encoding\nfor every regular expression object can be specified.\n(supported APIs: GNU regex, POSIX and Oniguruma native)\");\n\n script_tag(name:\"affected\", value:\"'oniguruma' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"oniguruma\", rpm:\"oniguruma~6.9.2~3.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-19T17:57:05", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-03-24T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2020-1324)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-15845", "CVE-2019-19204", "CVE-2019-16255"], "modified": "2020-03-24T00:00:00", "id": "OPENVAS:1361412562311220201324", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201324", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1324\");\n script_version(\"2020-03-24T07:32:10+0000\");\n script_cve_id(\"CVE-2019-15845\", \"CVE-2019-16255\", \"CVE-2019-19204\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-24 07:32:10 +0000 (Tue, 24 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-24 07:32:10 +0000 (Tue, 24 Mar 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2020-1324)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1324\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1324\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'ruby' package(s) announced via the EulerOS-SA-2020-1324 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions.(CVE-2019-15845)\n\nRuby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the 'command' argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.(CVE-2019-16255)\n\nAn issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.(CVE-2019-19204)\");\n\n script_tag(name:\"affected\", value:\"'ruby' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~2.0.0.648~33.h22.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-irb\", rpm:\"ruby-irb~2.0.0.648~33.h22.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~2.0.0.648~33.h22.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T20:09:21", "description": "Several issues have been discovered in PHP (recursive acronym for PHP:\nHypertext Preprocessor), a widely-used open source general-purpose\nscripting language that is especially suited for web development and can\nbe embedded into HTML.\n\nCVE-2016-7478:\nZend/zend_exceptions.c in PHP allows remote attackers to\ncause a denial of service (infinite loop) via a crafted Exception\nobject in serialized data, a related issue to CVE-2015-8876.\n\nCVE-2016-7479:\nDuring the unserialization process, resizing the ", "cvss3": {}, "published": "2018-01-12T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for php5 (DLA-875-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7478", "CVE-2017-7272", "CVE-2016-7479", "CVE-2015-8876"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310890875", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310890875", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.890875\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2015-8876\", \"CVE-2016-7478\", \"CVE-2016-7479\", \"CVE-2017-7272\");\n script_name(\"Debian LTS: Security Advisory for php5 (DLA-875-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-12 00:00:00 +0100 (Fri, 12 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/03/msg00033.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"php5 on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n5.4.45-0+deb7u8.\n\nWe recommend that you upgrade your php5 packages.\");\n\n script_tag(name:\"summary\", value:\"Several issues have been discovered in PHP (recursive acronym for PHP:\nHypertext Preprocessor), a widely-used open source general-purpose\nscripting language that is especially suited for web development and can\nbe embedded into HTML.\n\nCVE-2016-7478:\nZend/zend_exceptions.c in PHP allows remote attackers to\ncause a denial of service (infinite loop) via a crafted Exception\nobject in serialized data, a related issue to CVE-2015-8876.\n\nCVE-2016-7479:\nDuring the unserialization process, resizing the 'properties' hash\ntable of a serialized object may lead to use-after-free. A remote\nattacker may exploit this bug to gain the ability of arbitrary code\nexecution. Even though the property table issue only affects PHP 7\nthis change also prevents a wide range of other __wakeup() based\nattacks.\n\nCVE-2017-7272:\nThe fsockopen() function will use the port number which is defined\nin hostname instead of the port number passed to the second\nparameter of the function. This misbehavior may introduce another\nattack vector for an already known application vulnerability (e.g.\nServer Side Request Forgery).\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.4.45-0+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.4.45-0+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libphp5-embed\", ver:\"5.4.45-0+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.4.45-0+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5\", ver:\"5.4.45-0+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.4.45-0+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.4.45-0+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.4.45-0+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.4.45-0+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.4.45-0+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.4.45-0+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.4.45-0+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.4.45-0+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.4.45-0+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.4.45-0+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.4.45-0+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.4.45-0+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.4.45-0+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.4.45-0+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.4.45-0+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.4.45-0+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-mysqlnd\", ver:\"5.4.45-0+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.4.45-0+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.4.45-0+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.4.45-0+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.4.45-0+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.4.45-0+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.4.45-0+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.4.45-0+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.4.45-0+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.4.45-0+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.4.45-0+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-06T01:04:09", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-04-30T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2020-1529)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-15845", "CVE-2019-19204", "CVE-2019-16255", "CVE-2019-16254", "CVE-2019-16201"], "modified": "2020-04-30T00:00:00", "id": "OPENVAS:1361412562311220201529", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201529", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1529\");\n script_version(\"2020-04-30T12:11:47+0000\");\n script_cve_id(\"CVE-2019-15845\", \"CVE-2019-16201\", \"CVE-2019-16254\", \"CVE-2019-16255\", \"CVE-2019-19204\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-30 12:11:47 +0000 (Thu, 30 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-30 12:11:47 +0000 (Thu, 30 Apr 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2020-1529)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.2\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1529\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1529\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'ruby' package(s) announced via the EulerOS-SA-2020-1529 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service.(CVE-2019-16254)\n\nAn issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.(CVE-2019-19204)\n\nRuby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the 'command' argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.(CVE-2019-16255)\n\nRuby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions.(CVE-2019-15845)\n\nWEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network.(CVE-2019-16201)\");\n\n script_tag(name:\"affected\", value:\"'ruby' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.2.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.2.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~2.0.0.648~33.h24\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-irb\", rpm:\"ruby-irb~2.0.0.648~33.h24\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~2.0.0.648~33.h24\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-bigdecimal\", rpm:\"rubygem-bigdecimal~1.2.0~33.h24\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-io-console\", rpm:\"rubygem-io-console~0.4.2~33.h24\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-json\", rpm:\"rubygem-json~1.7.7~33.h24\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-psych\", rpm:\"rubygem-psych~2.0.0~33.h24\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-rdoc\", rpm:\"rubygem-rdoc~4.0.0~33.h24\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygems\", rpm:\"rubygems~2.0.14.1~33.h24\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-07-21T19:54:19", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-07-03T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2020-1717)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-15845", "CVE-2019-19204", "CVE-2013-0269", "CVE-2020-10663", "CVE-2019-16255", "CVE-2019-16201"], "modified": "2020-07-03T00:00:00", "id": "OPENVAS:1361412562311220201717", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201717", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1717\");\n script_version(\"2020-07-03T06:18:33+0000\");\n script_cve_id(\"CVE-2019-15845\", \"CVE-2019-16201\", \"CVE-2019-16255\", \"CVE-2019-19204\", \"CVE-2020-10663\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-03 06:18:33 +0000 (Fri, 03 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-03 06:18:33 +0000 (Fri, 03 Jul 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2020-1717)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.6\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1717\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1717\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'ruby' package(s) announced via the EulerOS-SA-2020-1717 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.(CVE-2019-19204)\n\nRuby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the 'command' argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.(CVE-2019-16255)\n\nRuby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions.(CVE-2019-15845)\n\nWEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network.(CVE-2019-16201)\n\nThe JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.(CVE-2020-10663)\");\n\n script_tag(name:\"affected\", value:\"'ruby' package(s) on Huawei EulerOS Virtualization 3.0.6.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.6.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~2.0.0.648~33.h25\", rls:\"EULEROSVIRT-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-irb\", rpm:\"ruby-irb~2.0.0.648~33.h25\", rls:\"EULEROSVIRT-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~2.0.0.648~33.h25\", rls:\"EULEROSVIRT-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-bigdecimal\", rpm:\"rubygem-bigdecimal~1.2.0~33.h25\", rls:\"EULEROSVIRT-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-io-console\", rpm:\"rubygem-io-console~0.4.2~33.h25\", rls:\"EULEROSVIRT-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-json\", rpm:\"rubygem-json~1.7.7~33.h25\", rls:\"EULEROSVIRT-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-psych\", rpm:\"rubygem-psych~2.0.0~33.h25\", rls:\"EULEROSVIRT-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-rdoc\", rpm:\"rubygem-rdoc~4.0.0~33.h25\", rls:\"EULEROSVIRT-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygems\", rpm:\"rubygems~2.0.14.1~33.h25\", rls:\"EULEROSVIRT-3.0.6.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-07-21T20:00:02", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-07-03T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for php (EulerOS-SA-2020-1747)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10397", "CVE-2014-9767", "CVE-2016-7414", "CVE-2017-12933", "CVE-2019-11050", "CVE-2014-9912", "CVE-2016-6288", "CVE-2011-4718", "CVE-2017-9226", "CVE-2016-4540", "CVE-2015-8879", "CVE-2016-9935", "CVE-2016-5772", "CVE-2016-3185", "CVE-2018-10545", "CVE-2017-11143", "CVE-2018-5712", "CVE-2015-8867", "CVE-2019-19204", "CVE-2016-7125", "CVE-2016-4542", "CVE-2019-11041", "CVE-2017-11628", "CVE-2017-7272", "CVE-2016-2554", "CVE-2018-14851", "CVE-2019-11042", "CVE-2017-16642", "CVE-2015-6833", "CVE-2016-4070", "CVE-2015-8874", "CVE-2016-6292", "CVE-2016-9934", "CVE-2015-4116", "CVE-2015-6831", "CVE-2017-11147", "CVE-2016-10159", "CVE-2019-9641", "CVE-2016-4539", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-7124", "CVE-2016-4073", "CVE-2019-11043", "CVE-2016-6294", "CVE-2016-7128", "CVE-2015-8935", "CVE-2015-7803", "CVE-2016-7418", "CVE-2018-17082", "CVE-2015-8866", "CVE-2019-19246", "CVE-2016-10161", "CVE-2016-3141", "CVE-2018-10547", "CVE-2016-6291", "CVE-2016-10158", "CVE-2019-11047", "CVE-2017-11145", "CVE-2017-11144", "CVE-2015-6832", "CVE-2016-3142", "CVE-2018-5711", "CVE-2015-7804", "CVE-2016-7412"], "modified": "2020-07-03T00:00:00", "id": "OPENVAS:1361412562311220201747", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201747", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1747\");\n script_version(\"2020-07-03T06:19:30+0000\");\n script_cve_id(\"CVE-2011-4718\", \"CVE-2014-9767\", \"CVE-2014-9912\", \"CVE-2015-4116\", \"CVE-2015-6831\", \"CVE-2015-6832\", \"CVE-2015-6833\", \"CVE-2015-7803\", \"CVE-2015-7804\", \"CVE-2015-8866\", \"CVE-2015-8867\", \"CVE-2015-8874\", \"CVE-2015-8879\", \"CVE-2015-8935\", \"CVE-2016-10158\", \"CVE-2016-10159\", \"CVE-2016-10161\", \"CVE-2016-10397\", \"CVE-2016-2554\", \"CVE-2016-3141\", \"CVE-2016-3142\", \"CVE-2016-3185\", \"CVE-2016-4070\", \"CVE-2016-4073\", \"CVE-2016-4539\", \"CVE-2016-4540\", \"CVE-2016-4542\", \"CVE-2016-5093\", \"CVE-2016-5094\", \"CVE-2016-5772\", \"CVE-2016-6288\", \"CVE-2016-6291\", \"CVE-2016-6292\", \"CVE-2016-6294\", \"CVE-2016-7124\", \"CVE-2016-7125\", \"CVE-2016-7128\", \"CVE-2016-7412\", \"CVE-2016-7414\", \"CVE-2016-7418\", \"CVE-2016-9934\", \"CVE-2016-9935\", \"CVE-2017-11143\", \"CVE-2017-11144\", \"CVE-2017-11145\", \"CVE-2017-11147\", \"CVE-2017-11628\", \"CVE-2017-12933\", \"CVE-2017-16642\", \"CVE-2017-7272\", \"CVE-2017-9226\", \"CVE-2018-10545\", \"CVE-2018-10547\", \"CVE-2018-14851\", \"CVE-2018-17082\", \"CVE-2018-5711\", \"CVE-2018-5712\", \"CVE-2019-11041\", \"CVE-2019-11042\", \"CVE-2019-11043\", \"CVE-2019-11047\", \"CVE-2019-11050\", \"CVE-2019-19204\", \"CVE-2019-19246\", \"CVE-2019-9641\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-03 06:19:30 +0000 (Fri, 03 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-03 06:19:30 +0000 (Fri, 03 Jul 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for php (EulerOS-SA-2020-1747)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.6\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1747\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1747\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'php' package(s) announced via the EulerOS-SA-2020-1747 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.(CVE-2019-11042)\n\nWhen PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.(CVE-2019-11041)\n\nAn issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.(CVE-2018-5712)\n\ngd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.(CVE-2018-5711)\n\nThe Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a 'Transfer-Encoding: chunked' request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c.(CVE-2018-17082)\n\nexif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.(CVE-2018-14851)\n\nAn issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712.(CVE-2018-10547)\n\nAn issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensitive information from the process memory of a second user's PHP applications by running gcore on the PID of the ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'php' package(s) on Huawei EulerOS Virtualization 3.0.6.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.6.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"php\", rpm:\"php~5.4.16~45.h30\", rls:\"EULEROSVIRT-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.4.16~45.h30\", rls:\"EULEROSVIRT-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.4.16~45.h30\", rls:\"EULEROSVIRT-3.0.6.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:36:54", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for php (EulerOS-SA-2019-2438)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10397", "CVE-2014-9767", "CVE-2017-9224", "CVE-2016-7414", "CVE-2017-12933", "CVE-2014-9912", "CVE-2016-6288", "CVE-2011-4718", "CVE-2017-9228", "CVE-2017-9226", "CVE-2016-4540", "CVE-2015-8879", "CVE-2016-9935", "CVE-2016-3185", "CVE-2018-10545", "CVE-2017-11143", "CVE-2018-5712", "CVE-2017-9229", "CVE-2015-8382", "CVE-2015-8867", "CVE-2016-7125", "CVE-2016-4543", "CVE-2016-4542", "CVE-2017-9227", "CVE-2016-4541", "CVE-2019-11041", "CVE-2017-11628", "CVE-2017-7272", "CVE-2016-2554", "CVE-2018-14851", "CVE-2019-11042", "CVE-2015-8835", "CVE-2017-16642", "CVE-2015-6833", "CVE-2016-4070", "CVE-2015-8874", "CVE-2016-6292", "CVE-2016-9934", "CVE-2015-6831", "CVE-2017-11147", "CVE-2016-6293", "CVE-2019-11040", "CVE-2016-7411", "CVE-2016-4539", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-7124", "CVE-2016-7480", "CVE-2019-11043", "CVE-2016-6294", "CVE-2016-7128", "CVE-2015-8935", "CVE-2015-7803", "CVE-2016-7418", "CVE-2018-17082", "CVE-2015-5589", "CVE-2016-3141", "CVE-2018-10547", "CVE-2016-6291", "CVE-2017-11144", "CVE-2015-6832", "CVE-2016-3142", "CVE-2015-7804", "CVE-2016-7412"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192438", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192438", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2438\");\n script_version(\"2020-01-23T12:56:51+0000\");\n script_cve_id(\"CVE-2011-4718\", \"CVE-2014-9767\", \"CVE-2014-9912\", \"CVE-2015-5589\", \"CVE-2015-6831\", \"CVE-2015-6832\", \"CVE-2015-6833\", \"CVE-2015-7803\", \"CVE-2015-7804\", \"CVE-2015-8382\", \"CVE-2015-8835\", \"CVE-2015-8867\", \"CVE-2015-8874\", \"CVE-2015-8879\", \"CVE-2015-8935\", \"CVE-2016-10397\", \"CVE-2016-2554\", \"CVE-2016-3141\", \"CVE-2016-3142\", \"CVE-2016-3185\", \"CVE-2016-4070\", \"CVE-2016-4539\", \"CVE-2016-4540\", \"CVE-2016-4541\", \"CVE-2016-4542\", \"CVE-2016-4543\", \"CVE-2016-5093\", \"CVE-2016-5094\", \"CVE-2016-6288\", \"CVE-2016-6291\", \"CVE-2016-6292\", \"CVE-2016-6293\", \"CVE-2016-6294\", \"CVE-2016-7124\", \"CVE-2016-7125\", \"CVE-2016-7128\", \"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7414\", \"CVE-2016-7418\", \"CVE-2016-7480\", \"CVE-2016-9934\", \"CVE-2016-9935\", \"CVE-2017-11143\", \"CVE-2017-11144\", \"CVE-2017-11147\", \"CVE-2017-11628\", \"CVE-2017-12933\", \"CVE-2017-16642\", \"CVE-2017-7272\", \"CVE-2017-9224\", \"CVE-2017-9226\", \"CVE-2017-9227\", \"CVE-2017-9228\", \"CVE-2017-9229\", \"CVE-2018-10545\", \"CVE-2018-10547\", \"CVE-2018-14851\", \"CVE-2018-17082\", \"CVE-2018-5712\", \"CVE-2019-11040\", \"CVE-2019-11041\", \"CVE-2019-11042\", \"CVE-2019-11043\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:56:51 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:56:51 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for php (EulerOS-SA-2019-2438)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2438\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2438\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'php' package(s) announced via the EulerOS-SA-2019-2438 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.(CVE-2019-11043)\n\nThe finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP.(CVE-2017-12933)\n\next/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call.(CVE-2016-7124)\n\nThe match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))<pipe>(((?:(?:(?:(?:abc<pipe>(?:abcdef))))b)abcdefghi)abc)<pipe>((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.(CVE-2015-8382)\n\nAn issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.(CVE-2018-5712)\n\nexif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.(CVE-2018-14851)\n\nThe SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.(CVE-2016-7480)\n\next/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.(CVE-2016-7411)\n\nThe odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_ ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'php' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"php\", rpm:\"php~5.4.16~42.h63\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.4.16~42.h63\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.4.16~42.h63\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.4.16~42.h63\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.4.16~42.h63\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.4.16~42.h63\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.4.16~42.h63\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.4.16~42.h63\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.4.16~42.h63\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-process\", rpm:\"php-process~5.4.16~42.h63\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.4.16~42.h63\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.4.16~42.h63\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.4.16~42.h63\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.4.16~42.h63\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:37:52", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for php (EulerOS-SA-2019-2649)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10397", "CVE-2014-9767", "CVE-2017-9224", "CVE-2016-7414", "CVE-2017-12933", "CVE-2014-9912", "CVE-2016-6288", "CVE-2011-4718", "CVE-2017-9228", "CVE-2017-9226", "CVE-2016-4540", "CVE-2015-8879", "CVE-2016-9935", "CVE-2016-3185", "CVE-2018-10545", "CVE-2017-11143", "CVE-2018-5712", "CVE-2017-9229", "CVE-2016-7125", "CVE-2016-4543", "CVE-2016-4542", "CVE-2017-9227", "CVE-2016-4541", "CVE-2017-11628", "CVE-2017-7272", "CVE-2016-2554", "CVE-2018-14851", "CVE-2015-8835", "CVE-2017-16642", "CVE-2015-6833", "CVE-2016-4070", "CVE-2015-8874", "CVE-2016-6292", "CVE-2016-9934", "CVE-2015-4116", "CVE-2015-6831", "CVE-2017-11147", "CVE-2016-10159", "CVE-2016-7411", "CVE-2016-4539", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-7124", "CVE-2016-7480", "CVE-2019-11043", "CVE-2016-6294", "CVE-2016-7128", "CVE-2015-8935", "CVE-2015-7803", "CVE-2016-7418", "CVE-2018-17082", "CVE-2015-8866", "CVE-2016-10161", "CVE-2015-5589", "CVE-2016-3141", "CVE-2018-10547", "CVE-2016-6291", "CVE-2016-10158", "CVE-2017-11144", "CVE-2015-6832", "CVE-2016-3142", "CVE-2018-5711", "CVE-2015-7804", "CVE-2016-7412"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192649", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192649", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2649\");\n script_version(\"2020-01-23T13:11:07+0000\");\n script_cve_id(\"CVE-2011-4718\", \"CVE-2014-9767\", \"CVE-2014-9912\", \"CVE-2015-4116\", \"CVE-2015-5589\", \"CVE-2015-6831\", \"CVE-2015-6832\", \"CVE-2015-6833\", \"CVE-2015-7803\", \"CVE-2015-7804\", \"CVE-2015-8835\", \"CVE-2015-8866\", \"CVE-2015-8874\", \"CVE-2015-8879\", \"CVE-2015-8935\", \"CVE-2016-10158\", \"CVE-2016-10159\", \"CVE-2016-10161\", \"CVE-2016-10397\", \"CVE-2016-2554\", \"CVE-2016-3141\", \"CVE-2016-3142\", \"CVE-2016-3185\", \"CVE-2016-4070\", \"CVE-2016-4539\", \"CVE-2016-4540\", \"CVE-2016-4541\", \"CVE-2016-4542\", \"CVE-2016-4543\", \"CVE-2016-5093\", \"CVE-2016-5094\", \"CVE-2016-6288\", \"CVE-2016-6291\", \"CVE-2016-6292\", \"CVE-2016-6294\", \"CVE-2016-7124\", \"CVE-2016-7125\", \"CVE-2016-7128\", \"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7414\", \"CVE-2016-7418\", \"CVE-2016-7480\", \"CVE-2016-9934\", \"CVE-2016-9935\", \"CVE-2017-11143\", \"CVE-2017-11144\", \"CVE-2017-11147\", \"CVE-2017-11628\", \"CVE-2017-12933\", \"CVE-2017-16642\", \"CVE-2017-7272\", \"CVE-2017-9224\", \"CVE-2017-9226\", \"CVE-2017-9227\", \"CVE-2017-9228\", \"CVE-2017-9229\", \"CVE-2018-10545\", \"CVE-2018-10547\", \"CVE-2018-14851\", \"CVE-2018-17082\", \"CVE-2018-5711\", \"CVE-2018-5712\", \"CVE-2019-11043\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:11:07 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:11:07 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for php (EulerOS-SA-2019-2649)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2649\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2649\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'php' package(s) announced via the EulerOS-SA-2019-2649 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"** DISPUTED ** Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says 'Not sure if this qualifies as security issue (probably not).'(CVE-2016-4070)\n\nAn issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712.(CVE-2018-10547)\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption.(CVE-2017-9228)\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption.(CVE-2017-9226)\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg-dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition.(CVE-2017-9229)\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.(CVE-2017-9224)\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'php' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"php\", rpm:\"php~5.4.16~42.h51\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.4.16~42.h51\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.4.16~42.h51\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.4.16~42.h51\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.4.16~42.h51\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.4.16~42.h51\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.4.16~42.h51\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.4.16~42.h51\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.4.16~42.h51\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-process\", rpm:\"php-process~5.4.16~42.h51\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.4.16~42.h51\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.4.16~42.h51\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.4.16~42.h51\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.4.16~42.h51\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2022-08-12T16:31:34", "description": "According to the versions of the php packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.(CVE-2019-11050)\n\n - In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.(CVE-2019-11046)\n\n - In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \\0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.(CVE-2019-11045)\n\n - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.(CVE-2019-11047)\n\n - PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function.(CVE-2017-7272)\n\n - Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.(CVE-2019-16163)\n\n - Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.(CVE-2019-19246)\n\n - An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND.\n This leads to a heap-based buffer over-read.(CVE-2019-19204)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-04-02T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.6.0 : php (EulerOS-SA-2020-1350)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7272", "CVE-2019-11045", "CVE-2019-11046", "CVE-2019-11047", "CVE-2019-11050", "CVE-2019-16163", "CVE-2019-19204", "CVE-2019-19246"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:php", "p-cpe:/a:huawei:euleros:php-cli", "p-cpe:/a:huawei:euleros:php-common", "cpe:/o:huawei:euleros:uvp:3.0.6.0"], "id": "EULEROS_SA-2020-1350.NASL", "href": "https://www.tenable.com/plugins/nessus/135137", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135137);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\n \"CVE-2017-7272\",\n \"CVE-2019-11045\",\n \"CVE-2019-11046\",\n \"CVE-2019-11047\",\n \"CVE-2019-11050\",\n \"CVE-2019-16163\",\n \"CVE-2019-19204\",\n \"CVE-2019-19246\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.6.0 : php (EulerOS-SA-2020-1350)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the php packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerabilities :\n\n - When PHP EXIF extension is parsing EXIF information\n from an image, e.g. via exif_read_data() function, in\n PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and\n 7.4.0 it is possible to supply it with data what will\n cause it to read past the allocated buffer. This may\n lead to information disclosure or\n crash.(CVE-2019-11050)\n\n - In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13\n and 7.4.0, PHP bcmath extension functions on some\n systems, including Windows, can be tricked into reading\n beyond the allocated space by supplying it with string\n containing characters that are identified as numeric by\n the OS but aren't ASCII numbers. This can read to\n disclosure of the content of some memory\n locations.(CVE-2019-11046)\n\n - In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13\n and 7.4.0, PHP DirectoryIterator class accepts\n filenames with embedded \\0 byte and treats them as\n terminating at that byte. This could lead to security\n vulnerabilities, e.g. in applications checking paths\n that the code is allowed to access.(CVE-2019-11045)\n\n - When PHP EXIF extension is parsing EXIF information\n from an image, e.g. via exif_read_data() function, in\n PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and\n 7.4.0 it is possible to supply it with data what will\n cause it to read past the allocated buffer. This may\n lead to information disclosure or\n crash.(CVE-2019-11047)\n\n - PHP through 7.1.11 enables potential SSRF in\n applications that accept an fsockopen or pfsockopen\n hostname argument with an expectation that the port\n number is constrained. Because a :port syntax is\n recognized, fsockopen will use the port number that is\n specified in the hostname argument, instead of the port\n number in the second argument of the\n function.(CVE-2017-7272)\n\n - Oniguruma before 6.9.3 allows Stack Exhaustion in\n regcomp.c because of recursion in\n regparse.c.(CVE-2019-16163)\n\n - Oniguruma through 6.9.3, as used in PHP 7.3.x and other\n products, has a heap-based buffer over-read in\n str_lower_case_match in regexec.c.(CVE-2019-19246)\n\n - An issue was discovered in Oniguruma 6.x before\n 6.9.4_rc2. In the function fetch_interval_quantifier\n (formerly known as fetch_range_quantifier) in\n regparse.c, PFETCH is called without checking PEND.\n This leads to a heap-based buffer\n over-read.(CVE-2019-19204)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1350\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6edb8cba\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11050\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-11046\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"php-7.2.10-1.h13.eulerosv2r8\",\n \"php-cli-7.2.10-1.h13.eulerosv2r8\",\n \"php-common-7.2.10-1.h13.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-08-12T16:26:40", "description": "According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND.\n This leads to a heap-based buffer over-read.(CVE-2019-19204)\n\n - Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.(CVE-2019-16163)\n\n - Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.(CVE-2019-19246)\n\n - PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function.(CVE-2017-7272)\n\n - In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \\0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.(CVE-2019-11045)\n\n - In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.(CVE-2019-11046)\n\n - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.(CVE-2019-11047)\n\n - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.(CVE-2019-11050)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-02-25T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : php (EulerOS-SA-2020-1172)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7272", "CVE-2019-11045", "CVE-2019-11046", "CVE-2019-11047", "CVE-2019-11050", "CVE-2019-16163", "CVE-2019-19204", "CVE-2019-19246"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:php", "p-cpe:/a:huawei:euleros:php-cli", "p-cpe:/a:huawei:euleros:php-common", "p-cpe:/a:huawei:euleros:php-fpm", "p-cpe:/a:huawei:euleros:php-gd", "p-cpe:/a:huawei:euleros:php-ldap", "p-cpe:/a:huawei:euleros:php-odbc", "p-cpe:/a:huawei:euleros:php-pdo", "p-cpe:/a:huawei:euleros:php-process", "p-cpe:/a:huawei:euleros:php-recode", "p-cpe:/a:huawei:euleros:php-soap", "p-cpe:/a:huawei:euleros:php-xml", "p-cpe:/a:huawei:euleros:php-xmlrpc", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1172.NASL", "href": "https://www.tenable.com/plugins/nessus/134006", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134006);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\n \"CVE-2017-7272\",\n \"CVE-2019-11045\",\n \"CVE-2019-11046\",\n \"CVE-2019-11047\",\n \"CVE-2019-11050\",\n \"CVE-2019-16163\",\n \"CVE-2019-19204\",\n \"CVE-2019-19246\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : php (EulerOS-SA-2020-1172)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the php packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in Oniguruma 6.x before\n 6.9.4_rc2. In the function fetch_interval_quantifier\n (formerly known as fetch_range_quantifier) in\n regparse.c, PFETCH is called without checking PEND.\n This leads to a heap-based buffer\n over-read.(CVE-2019-19204)\n\n - Oniguruma before 6.9.3 allows Stack Exhaustion in\n regcomp.c because of recursion in\n regparse.c.(CVE-2019-16163)\n\n - Oniguruma through 6.9.3, as used in PHP 7.3.x and other\n products, has a heap-based buffer over-read in\n str_lower_case_match in regexec.c.(CVE-2019-19246)\n\n - PHP through 7.1.11 enables potential SSRF in\n applications that accept an fsockopen or pfsockopen\n hostname argument with an expectation that the port\n number is constrained. Because a :port syntax is\n recognized, fsockopen will use the port number that is\n specified in the hostname argument, instead of the port\n number in the second argument of the\n function.(CVE-2017-7272)\n\n - In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13\n and 7.4.0, PHP DirectoryIterator class accepts\n filenames with embedded \\0 byte and treats them as\n terminating at that byte. This could lead to security\n vulnerabilities, e.g. in applications checking paths\n that the code is allowed to access.(CVE-2019-11045)\n\n - In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13\n and 7.4.0, PHP bcmath extension functions on some\n systems, including Windows, can be tricked into reading\n beyond the allocated space by supplying it with string\n containing characters that are identified as numeric by\n the OS but aren't ASCII numbers. This can read to\n disclosure of the content of some memory\n locations.(CVE-2019-11046)\n\n - When PHP EXIF extension is parsing EXIF information\n from an image, e.g. via exif_read_data() function, in\n PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and\n 7.4.0 it is possible to supply it with data what will\n cause it to read past the allocated buffer. This may\n lead to information disclosure or\n crash.(CVE-2019-11047)\n\n - When PHP EXIF extension is parsing EXIF information\n from an image, e.g. via exif_read_data() function, in\n PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and\n 7.4.0 it is possible to supply it with data what will\n cause it to read past the allocated buffer. This may\n lead to information disclosure or\n crash.(CVE-2019-11050)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1172\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?01035da3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11050\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-11046\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"php-7.2.10-1.h13.eulerosv2r8\",\n \"php-cli-7.2.10-1.h13.eulerosv2r8\",\n \"php-common-7.2.10-1.h13.eulerosv2r8\",\n \"php-fpm-7.2.10-1.h13.eulerosv2r8\",\n \"php-gd-7.2.10-1.h13.eulerosv2r8\",\n \"php-ldap-7.2.10-1.h13.eulerosv2r8\",\n \"php-odbc-7.2.10-1.h13.eulerosv2r8\",\n \"php-pdo-7.2.10-1.h13.eulerosv2r8\",\n \"php-process-7.2.10-1.h13.eulerosv2r8\",\n \"php-recode-7.2.10-1.h13.eulerosv2r8\",\n \"php-soap-7.2.10-1.h13.eulerosv2r8\",\n \"php-xml-7.2.10-1.h13.eulerosv2r8\",\n \"php-xmlrpc-7.2.10-1.h13.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-08-11T15:49:51", "description": "Several security bugs have been identified and fixed in php5, a server-side, HTML-embedded scripting language. The affected components include the exif module and handling of filenames with \\0 embedded.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 5.6.40+dfsg-0+deb8u8.\n\nWe recommend that you upgrade your php5 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}, "published": "2019-12-30T00:00:00", "type": "nessus", "title": "Debian DLA-2050-1 : php5 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11045", "CVE-2019-11046", "CVE-2019-11047", "CVE-2019-11050"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libapache2-mod-php5", "p-cpe:/a:debian:debian_linux:libapache2-mod-php5filter", "p-cpe:/a:debian:debian_linux:libphp5-embed", "p-cpe:/a:debian:debian_linux:php-pear", "p-cpe:/a:debian:debian_linux:php5", "p-cpe:/a:debian:debian_linux:php5-cgi", "p-cpe:/a:debian:debian_linux:php5-cli", "p-cpe:/a:debian:debian_linux:php5-common", "p-cpe:/a:debian:debian_linux:php5-curl", "p-cpe:/a:debian:debian_linux:php5-dbg", "p-cpe:/a:debian:debian_linux:php5-dev", "p-cpe:/a:debian:debian_linux:php5-enchant", "p-cpe:/a:debian:debian_linux:php5-fpm", "p-cpe:/a:debian:debian_linux:php5-gd", "p-cpe:/a:debian:debian_linux:php5-gmp", "p-cpe:/a:debian:debian_linux:php5-imap", "p-cpe:/a:debian:debian_linux:php5-interbase", "p-cpe:/a:debian:debian_linux:php5-intl", "p-cpe:/a:debian:debian_linux:php5-ldap", "p-cpe:/a:debian:debian_linux:php5-mcrypt", "p-cpe:/a:debian:debian_linux:php5-mysql", "p-cpe:/a:debian:debian_linux:php5-mysqlnd", "p-cpe:/a:debian:debian_linux:php5-odbc", "p-cpe:/a:debian:debian_linux:php5-pgsql", "p-cpe:/a:debian:debian_linux:php5-phpdbg", "p-cpe:/a:debian:debian_linux:php5-pspell", "p-cpe:/a:debian:debian_linux:php5-readline", "p-cpe:/a:debian:debian_linux:php5-recode", "p-cpe:/a:debian:debian_linux:php5-snmp", "p-cpe:/a:debian:debian_linux:php5-sqlite", "p-cpe:/a:debian:debian_linux:php5-sybase", "p-cpe:/a:debian:debian_linux:php5-tidy", "p-cpe:/a:debian:debian_linux:php5-xmlrpc", "p-cpe:/a:debian:debian_linux:php5-xsl", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-2050.NASL", "href": "https://www.tenable.com/plugins/nessus/132422", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2050-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132422);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2019-11045\", \"CVE-2019-11046\", \"CVE-2019-11047\", \"CVE-2019-11050\");\n\n script_name(english:\"Debian DLA-2050-1 : php5 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several security bugs have been identified and fixed in php5, a\nserver-side, HTML-embedded scripting language. The affected components\ninclude the exif module and handling of filenames with \\0 embedded.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n5.6.40+dfsg-0+deb8u8.\n\nWe recommend that you upgrade your php5 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/php5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11050\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libapache2-mod-php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libapache2-mod-php5filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libphp5-embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-interbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-phpdbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libapache2-mod-php5\", reference:\"5.6.40+dfsg-0+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libapache2-mod-php5filter\", reference:\"5.6.40+dfsg-0+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libphp5-embed\", reference:\"5.6.40+dfsg-0+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php-pear\", reference:\"5.6.40+dfsg-0+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5\", reference:\"5.6.40+dfsg-0+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-cgi\", reference:\"5.6.40+dfsg-0+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-cli\", reference:\"5.6.40+dfsg-0+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-common\", reference:\"5.6.40+dfsg-0+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-curl\", reference:\"5.6.40+dfsg-0+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-dbg\", reference:\"5.6.40+dfsg-0+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-dev\", reference:\"5.6.40+dfsg-0+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-enchant\", reference:\"5.6.40+dfsg-0+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-fpm\", reference:\"5.6.40+dfsg-0+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-gd\", reference:\"5.6.40+dfsg-0+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-gmp\", reference:\"5.6.40+dfsg-0+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-imap\", reference:\"5.6.40+dfsg-0+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-interbase\", reference:\"5.6.40+dfsg-0+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-intl\", reference:\"5.6.40+dfsg-0+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-ldap\", reference:\"5.6.40+dfsg-0+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-mcrypt\", reference:\"5.6.40+dfsg-0+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-mysql\", reference:\"5.6.40+dfsg-0+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-mysqlnd\", reference:\"5.6.40+dfsg-0+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-odbc\", reference:\"5.6.40+dfsg-0+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-pgsql\", reference:\"5.6.40+dfsg-0+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-phpdbg\", reference:\"5.6.40+dfsg-0+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-pspell\", reference:\"5.6.40+dfsg-0+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-readline\", reference:\"5.6.40+dfsg-0+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-recode\", reference:\"5.6.40+dfsg-0+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-snmp\", reference:\"5.6.40+dfsg-0+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-sqlite\", reference:\"5.6.40+dfsg-0+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-sybase\", reference:\"5.6.40+dfsg-0+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-tidy\", reference:\"5.6.40+dfsg-0+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-xmlrpc\", reference:\"5.6.40+dfsg-0+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-xsl\", reference:\"5.6.40+dfsg-0+deb8u8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-08-11T14:56:08", "description": "This update for php7 fixes the following issues :\n\nCVE-2019-11045: Fixed an issue with improper input validation in the filename handling of the DirectoryIterator class (bsc#1159923).\n\nCVE-2019-11046: Fixed an information leak in bc_shift_addsub() (bsc#1159924).\n\nCVE-2019-11047, CVE-2019-11050: Fixed multiple information leaks in exif_read_data() (bsc#1159922, bsc#1159927).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-02-07T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : php7 (SUSE-SU-2020:0352-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11045", "CVE-2019-11046", "CVE-2019-11047", "CVE-2019-11050"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2-mod_php7", "p-cpe:/a:novell:suse_linux:apache2-mod_php7-debuginfo", "p-cpe:/a:novell:suse_linux:php7", "p-cpe:/a:novell:suse_linux:php7-bcmath", "p-cpe:/a:novell:suse_linux:php7-bcmath-debuginfo", "p-cpe:/a:novell:suse_linux:php7-bz2", "p-cpe:/a:novell:suse_linux:php7-bz2-debuginfo", "p-cpe:/a:novell:suse_linux:php7-calendar", "p-cpe:/a:novell:suse_linux:php7-calendar-debuginfo", "p-cpe:/a:novell:suse_linux:php7-ctype", "p-cpe:/a:novell:suse_linux:php7-ctype-debuginfo", "p-cpe:/a:novell:suse_linux:php7-curl", "p-cpe:/a:novell:suse_linux:php7-curl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-dba", "p-cpe:/a:novell:suse_linux:php7-dba-debuginfo", "p-cpe:/a:novell:suse_linux:php7-debuginfo", "p-cpe:/a:novell:suse_linux:php7-debugsource", "p-cpe:/a:novell:suse_linux:php7-dom", "p-cpe:/a:novell:suse_linux:php7-dom-debuginfo", "p-cpe:/a:novell:suse_linux:php7-enchant", "p-cpe:/a:novell:suse_linux:php7-enchant-debuginfo", "p-cpe:/a:novell:suse_linux:php7-exif", "p-cpe:/a:novell:suse_linux:php7-exif-debuginfo", "p-cpe:/a:novell:suse_linux:php7-fastcgi", "p-cpe:/a:novell:suse_linux:php7-fastcgi-debuginfo", "p-cpe:/a:novell:suse_linux:php7-fileinfo", "p-cpe:/a:novell:suse_linux:php7-fileinfo-debuginfo", "p-cpe:/a:novell:suse_linux:php7-fpm", "p-cpe:/a:novell:suse_linux:php7-fpm-debuginfo", "p-cpe:/a:novell:suse_linux:php7-ftp", "p-cpe:/a:novell:suse_linux:php7-ftp-debuginfo", "p-cpe:/a:novell:suse_linux:php7-gd", "p-cpe:/a:novell:suse_linux:php7-gd-debuginfo", "p-cpe:/a:novell:suse_linux:php7-gettext", "p-cpe:/a:novell:suse_linux:php7-gettext-debuginfo", "p-cpe:/a:novell:suse_linux:php7-gmp", "p-cpe:/a:novell:suse_linux:php7-gmp-debuginfo", "p-cpe:/a:novell:suse_linux:php7-iconv", "p-cpe:/a:novell:suse_linux:php7-iconv-debuginfo", "p-cpe:/a:novell:suse_linux:php7-imap", "p-cpe:/a:novell:suse_linux:php7-imap-debuginfo", "p-cpe:/a:novell:suse_linux:php7-intl", "p-cpe:/a:novell:suse_linux:php7-intl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-json", "p-cpe:/a:novell:suse_linux:php7-json-debuginfo", "p-cpe:/a:novell:suse_linux:php7-ldap", "p-cpe:/a:novell:suse_linux:php7-ldap-debuginfo", "p-cpe:/a:novell:suse_linux:php7-mbstring", "p-cpe:/a:novell:suse_linux:php7-mbstring-debuginfo", "p-cpe:/a:novell:suse_linux:php7-mcrypt", "p-cpe:/a:novell:suse_linux:php7-mcrypt-debuginfo", "p-cpe:/a:novell:suse_linux:php7-mysql", "p-cpe:/a:novell:suse_linux:php7-mysql-debuginfo", "p-cpe:/a:novell:suse_linux:php7-odbc", "p-cpe:/a:novell:suse_linux:php7-odbc-debuginfo", "p-cpe:/a:novell:suse_linux:php7-opcache", "p-cpe:/a:novell:suse_linux:php7-opcache-debuginfo", "p-cpe:/a:novell:suse_linux:php7-openssl", "p-cpe:/a:novell:suse_linux:php7-openssl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-pcntl", "p-cpe:/a:novell:suse_linux:php7-pcntl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-pdo", "p-cpe:/a:novell:suse_linux:php7-pdo-debuginfo", "p-cpe:/a:novell:suse_linux:php7-pgsql", "p-cpe:/a:novell:suse_linux:php7-pgsql-debuginfo", "p-cpe:/a:novell:suse_linux:php7-phar", "p-cpe:/a:novell:suse_linux:php7-phar-debuginfo", "p-cpe:/a:novell:suse_linux:php7-posix", "p-cpe:/a:novell:suse_linux:php7-posix-debuginfo", "p-cpe:/a:novell:suse_linux:php7-pspell", "p-cpe:/a:novell:suse_linux:php7-pspell-debuginfo", "p-cpe:/a:novell:suse_linux:php7-shmop", "p-cpe:/a:novell:suse_linux:php7-shmop-debuginfo", "p-cpe:/a:novell:suse_linux:php7-snmp", "p-cpe:/a:novell:suse_linux:php7-snmp-debuginfo", "p-cpe:/a:novell:suse_linux:php7-soap", "p-cpe:/a:novell:suse_linux:php7-soap-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sockets", "p-cpe:/a:novell:suse_linux:php7-sockets-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sqlite", "p-cpe:/a:novell:suse_linux:php7-sqlite-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sysvmsg", "p-cpe:/a:novell:suse_linux:php7-sysvmsg-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sysvsem", "p-cpe:/a:novell:suse_linux:php7-sysvsem-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sysvshm", "p-cpe:/a:novell:suse_linux:php7-sysvshm-debuginfo", "p-cpe:/a:novell:suse_linux:php7-tokenizer", "p-cpe:/a:novell:suse_linux:php7-tokenizer-debuginfo", "p-cpe:/a:novell:suse_linux:php7-wddx", "p-cpe:/a:novell:suse_linux:php7-wddx-debuginfo", "p-cpe:/a:novell:suse_linux:php7-xmlreader", "p-cpe:/a:novell:suse_linux:php7-xmlreader-debuginfo", "p-cpe:/a:novell:suse_linux:php7-xmlrpc", "p-cpe:/a:novell:suse_linux:php7-xmlrpc-debuginfo", "p-cpe:/a:novell:suse_linux:php7-xmlwriter", "p-cpe:/a:novell:suse_linux:php7-xmlwriter-debuginfo", "p-cpe:/a:novell:suse_linux:php7-xsl", "p-cpe:/a:novell:suse_linux:php7-xsl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-zip", "p-cpe:/a:novell:suse_linux:php7-zip-debuginfo", "p-cpe:/a:novell:suse_linux:php7-zlib", "p-cpe:/a:novell:suse_linux:php7-zlib-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-0352-1.NASL", "href": "https://www.tenable.com/plugins/nessus/133546", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:0352-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133546);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\n \"CVE-2019-11045\",\n \"CVE-2019-11046\",\n \"CVE-2019-11047\",\n \"CVE-2019-11050\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : php7 (SUSE-SU-2020:0352-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for php7 fixes the following issues :\n\nCVE-2019-11045: Fixed an issue with improper input validation in the\nfilename handling of the DirectoryIterator class (bsc#1159923).\n\nCVE-2019-11046: Fixed an information leak in bc_shift_addsub()\n(bsc#1159924).\n\nCVE-2019-11047, CVE-2019-11050: Fixed multiple information leaks in\nexif_read_data() (bsc#1159922, bsc#1159927).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159922\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159923\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159924\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159927\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11045/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11046/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11047/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11050/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20200352-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6d38c59e\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2020-352=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP4-2020-352=1\n\nSUSE Linux Enterprise Module for Web Scripting 12 :\n\nzypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2020-352=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11050\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-11046\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-imap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-opcache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-mod_php7-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-mod_php7-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-bcmath-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-bcmath-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-bz2-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-bz2-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-calendar-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-calendar-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-ctype-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-ctype-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-curl-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-curl-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-dba-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-dba-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-debugsource-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-dom-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-dom-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-enchant-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-enchant-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-exif-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-exif-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-fastcgi-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-fastcgi-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-fileinfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-fileinfo-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-fpm-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-fpm-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-ftp-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-ftp-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-gd-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-gd-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-gettext-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-gettext-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-gmp-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-gmp-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-iconv-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-iconv-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-imap-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-imap-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-intl-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-intl-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-json-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-json-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-ldap-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-ldap-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-mbstring-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-mbstring-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-mcrypt-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-mcrypt-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-mysql-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-mysql-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-odbc-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-odbc-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-opcache-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-opcache-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-openssl-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-openssl-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pcntl-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pcntl-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pdo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pdo-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pgsql-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pgsql-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-phar-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-phar-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-posix-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-posix-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pspell-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pspell-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-shmop-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-shmop-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-snmp-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-snmp-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-soap-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-soap-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sockets-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sockets-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sqlite-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sqlite-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sysvmsg-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sysvmsg-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sysvsem-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sysvsem-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sysvshm-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sysvshm-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-tokenizer-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-tokenizer-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-wddx-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-wddx-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xmlreader-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xmlreader-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xmlrpc-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xmlrpc-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xmlwriter-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xmlwriter-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xsl-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xsl-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-zip-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-zip-debuginfo-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-zlib-7.0.7-50.91.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-zlib-debuginfo-7.0.7-50.91.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php7\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-08-12T16:25:24", "description": "This update for php7 fixes the following issues :\n\n - CVE-2019-11045: Fixed an issue with improper input validation in the filename handling of the DirectoryIterator class (bsc#1159923).\n\n - CVE-2019-11046: Fixed an information leak in bc_shift_addsub() (bsc#1159924).\n\n - CVE-2019-11047, CVE-2019-11050: Fixed multiple information leaks in exif_read_data() (bsc#1159922, bsc#1159927).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-01-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : php7 (openSUSE-2020-80)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11045", "CVE-2019-11046", "CVE-2019-11047", "CVE-2019-11050"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2-mod_php7", "p-cpe:/a:novell:opensuse:apache2-mod_php7-debuginfo", "p-cpe:/a:novell:opensuse:php7", "p-cpe:/a:novell:opensuse:php7-bcmath", "p-cpe:/a:novell:opensuse:php7-bcmath-debuginfo", "p-cpe:/a:novell:opensuse:php7-bz2", "p-cpe:/a:novell:opensuse:php7-bz2-debuginfo", "p-cpe:/a:novell:opensuse:php7-calendar", "p-cpe:/a:novell:opensuse:php7-calendar-debuginfo", "p-cpe:/a:novell:opensuse:php7-ctype", "p-cpe:/a:novell:opensuse:php7-ctype-debuginfo", "p-cpe:/a:novell:opensuse:php7-curl", "p-cpe:/a:novell:opensuse:php7-curl-debuginfo", "p-cpe:/a:novell:opensuse:php7-dba", "p-cpe:/a:novell:opensuse:php7-dba-debuginfo", "p-cpe:/a:novell:opensuse:php7-debuginfo", "p-cpe:/a:novell:opensuse:php7-debugsource", "p-cpe:/a:novell:opensuse:php7-devel", "p-cpe:/a:novell:opensuse:php7-dom", "p-cpe:/a:novell:opensuse:php7-dom-debuginfo", "p-cpe:/a:novell:opensuse:php7-embed", "p-cpe:/a:novell:opensuse:php7-embed-debuginfo", "p-cpe:/a:novell:opensuse:php7-enchant", "p-cpe:/a:novell:opensuse:php7-enchant-debuginfo", "p-cpe:/a:novell:opensuse:php7-exif", "p-cpe:/a:novell:opensuse:php7-exif-debuginfo", "p-cpe:/a:novell:opensuse:php7-fastcgi", "p-cpe:/a:novell:opensuse:php7-fastcgi-debuginfo", "p-cpe:/a:novell:opensuse:php7-fileinfo", "p-cpe:/a:novell:opensuse:php7-fileinfo-debuginfo", "p-cpe:/a:novell:opensuse:php7-firebird", "p-cpe:/a:novell:opensuse:php7-firebird-debuginfo", "p-cpe:/a:novell:opensuse:php7-fpm", "p-cpe:/a:novell:opensuse:php7-fpm-debuginfo", "p-cpe:/a:novell:opensuse:php7-ftp", "p-cpe:/a:novell:opensuse:php7-ftp-debuginfo", "p-cpe:/a:novell:opensuse:php7-gd", "p-cpe:/a:novell:opensuse:php7-gd-debuginfo", "p-cpe:/a:novell:opensuse:php7-gettext", "p-cpe:/a:novell:opensuse:php7-gettext-debuginfo", "p-cpe:/a:novell:opensuse:php7-gmp", "p-cpe:/a:novell:opensuse:php7-gmp-debuginfo", "p-cpe:/a:novell:opensuse:php7-iconv", "p-cpe:/a:novell:opensuse:php7-iconv-debuginfo", "p-cpe:/a:novell:opensuse:php7-intl", "p-cpe:/a:novell:opensuse:php7-intl-debuginfo", "p-cpe:/a:novell:opensuse:php7-json", "p-cpe:/a:novell:opensuse:php7-json-debuginfo", "p-cpe:/a:novell:opensuse:php7-ldap", "p-cpe:/a:novell:opensuse:php7-ldap-debuginfo", "p-cpe:/a:novell:opensuse:php7-mbstring", "p-cpe:/a:novell:opensuse:php7-mbstring-debuginfo", "p-cpe:/a:novell:opensuse:php7-mysql", "p-cpe:/a:novell:opensuse:php7-mysql-debuginfo", "p-cpe:/a:novell:opensuse:php7-odbc", "p-cpe:/a:novell:opensuse:php7-odbc-debuginfo", "p-cpe:/a:novell:opensuse:php7-opcache", "p-cpe:/a:novell:opensuse:php7-opcache-debuginfo", "p-cpe:/a:novell:opensuse:php7-openssl", "p-cpe:/a:novell:opensuse:php7-openssl-debuginfo", "p-cpe:/a:novell:opensuse:php7-pcntl", "p-cpe:/a:novell:opensuse:php7-pcntl-debuginfo", "p-cpe:/a:novell:opensuse:php7-pdo", "p-cpe:/a:novell:opensuse:php7-pdo-debuginfo", "p-cpe:/a:novell:opensuse:php7-pear", "p-cpe:/a:novell:opensuse:php7-pear-Archive_Tar", "p-cpe:/a:novell:opensuse:php7-pgsql", "p-cpe:/a:novell:opensuse:php7-pgsql-debuginfo", "p-cpe:/a:novell:opensuse:php7-phar", "p-cpe:/a:novell:opensuse:php7-phar-debuginfo", "p-cpe:/a:novell:opensuse:php7-posix", "p-cpe:/a:novell:opensuse:php7-posix-debuginfo", "p-cpe:/a:novell:opensuse:php7-readline", "p-cpe:/a:novell:opensuse:php7-readline-debuginfo", "p-cpe:/a:novell:opensuse:php7-shmop", "p-cpe:/a:novell:opensuse:php7-shmop-debuginfo", "p-cpe:/a:novell:opensuse:php7-snmp", "p-cpe:/a:novell:opensuse:php7-snmp-debuginfo", "p-cpe:/a:novell:opensuse:php7-soap", "p-cpe:/a:novell:opensuse:php7-soap-debuginfo", "p-cpe:/a:novell:opensuse:php7-sockets", "p-cpe:/a:novell:opensuse:php7-sockets-debuginfo", "p-cpe:/a:novell:opensuse:php7-sodium", "p-cpe:/a:novell:opensuse:php7-sodium-debuginfo", "p-cpe:/a:novell:opensuse:php7-sqlite", "p-cpe:/a:novell:opensuse:php7-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:php7-sysvmsg", "p-cpe:/a:novell:opensuse:php7-sysvmsg-debuginfo", "p-cpe:/a:novell:opensuse:php7-sysvsem", "p-cpe:/a:novell:opensuse:php7-sysvsem-debuginfo", "p-cpe:/a:novell:opensuse:php7-sysvshm", "p-cpe:/a:novell:opensuse:php7-sysvshm-debuginfo", "p-cpe:/a:novell:opensuse:php7-test", "p-cpe:/a:novell:opensuse:php7-tidy", "p-cpe:/a:novell:opensuse:php7-tidy-debuginfo", "p-cpe:/a:novell:opensuse:php7-tokenizer", "p-cpe:/a:novell:opensuse:php7-tokenizer-debuginfo", "p-cpe:/a:novell:opensuse:php7-wddx", "p-cpe:/a:novell:opensuse:php7-wddx-debuginfo", "p-cpe:/a:novell:opensuse:php7-xmlreader", "p-cpe:/a:novell:opensuse:php7-xmlreader-debuginfo", "p-cpe:/a:novell:opensuse:php7-xmlrpc", "p-cpe:/a:novell:opensuse:php7-xmlrpc-debuginfo", "p-cpe:/a:novell:opensuse:php7-xmlwriter", "p-cpe:/a:novell:opensuse:php7-xmlwriter-debuginfo", "p-cpe:/a:novell:opensuse:php7-xsl", "p-cpe:/a:novell:opensuse:php7-xsl-debuginfo", "p-cpe:/a:novell:opensuse:php7-zip", "p-cpe:/a:novell:opensuse:php7-zip-debuginfo", "p-cpe:/a:novell:opensuse:php7-zlib", "p-cpe:/a:novell:opensuse:php7-zlib-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-80.NASL", "href": "https://www.tenable.com/plugins/nessus/133133", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-80.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133133);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\"CVE-2019-11045\", \"CVE-2019-11046\", \"CVE-2019-11047\", \"CVE-2019-11050\");\n\n script_name(english:\"openSUSE Security Update : php7 (openSUSE-2020-80)\");\n script_summary(english:\"Check for the openSUSE-2020-80 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for php7 fixes the following issues :\n\n - CVE-2019-11045: Fixed an issue with improper input\n validation in the filename handling of the\n DirectoryIterator class (bsc#1159923).\n\n - CVE-2019-11046: Fixed an information leak in\n bc_shift_addsub() (bsc#1159924).\n\n - CVE-2019-11047, CVE-2019-11050: Fixed multiple\n information leaks in exif_read_data() (bsc#1159922,\n bsc#1159927).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1159922\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1159923\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1159924\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1159927\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php7 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11050\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-embed-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-firebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-firebird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-opcache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pear-Archive_Tar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-readline-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sodium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sodium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-tidy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"apache2-mod_php7-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"apache2-mod_php7-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-bcmath-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-bcmath-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-bz2-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-bz2-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-calendar-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-calendar-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-ctype-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-ctype-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-curl-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-curl-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-dba-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-dba-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-debugsource-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-devel-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-dom-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-dom-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-embed-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-embed-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-enchant-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-enchant-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-exif-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-exif-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-fastcgi-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-fastcgi-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-fileinfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-fileinfo-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-firebird-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-firebird-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-fpm-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-fpm-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-ftp-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-ftp-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-gd-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-gd-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-gettext-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-gettext-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-gmp-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-gmp-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-iconv-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-iconv-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-intl-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-intl-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-json-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-json-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-ldap-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-ldap-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-mbstring-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-mbstring-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-mysql-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-mysql-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-odbc-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-odbc-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-opcache-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-opcache-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-openssl-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-openssl-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-pcntl-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-pcntl-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-pdo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-pdo-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-pear-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-pear-Archive_Tar-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-pgsql-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-pgsql-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-phar-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-phar-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-posix-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-posix-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-readline-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-readline-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-shmop-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-shmop-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-snmp-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-snmp-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-soap-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-soap-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-sockets-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-sockets-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-sodium-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-sodium-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-sqlite-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-sqlite-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-sysvmsg-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-sysvmsg-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-sysvsem-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-sysvsem-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-sysvshm-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-sysvshm-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-test-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-tidy-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-tidy-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-tokenizer-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-tokenizer-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-wddx-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-wddx-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-xmlreader-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-xmlreader-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-xmlrpc-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-xmlrpc-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-xmlwriter-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-xmlwriter-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-xsl-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-xsl-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-zip-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-zip-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-zlib-7.2.5-lp151.6.19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"php7-zlib-debuginfo-7.2.5-lp151.6.19.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_php7 / apache2-mod_php7-debuginfo / php7 / php7-bcmath / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-08-12T16:25:25", "description": "This update for php7 fixes the following issues :\n\nCVE-2019-11045: Fixed an issue with improper input validation in the filename handling of the DirectoryIterator class (bsc#1159923).\n\nCVE-2019-11046: Fixed an information leak in bc_shift_addsub() (bsc#1159924).\n\nCVE-2019-11047, CVE-2019-11050: Fixed multiple information leaks in exif_read_data() (bsc#1159922, bsc#1159927).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-01-15T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : php7 (SUSE-SU-2020:0101-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11045", "CVE-2019-11046", "CVE-2019-11047", "CVE-2019-11050"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2-mod_php7", "p-cpe:/a:novell:suse_linux:apache2-mod_php7-debuginfo", "p-cpe:/a:novell:suse_linux:php7", "p-cpe:/a:novell:suse_linux:php7-bcmath", "p-cpe:/a:novell:suse_linux:php7-bcmath-debuginfo", "p-cpe:/a:novell:suse_linux:php7-bz2", "p-cpe:/a:novell:suse_linux:php7-bz2-debuginfo", "p-cpe:/a:novell:suse_linux:php7-calendar", "p-cpe:/a:novell:suse_linux:php7-calendar-debuginfo", "p-cpe:/a:novell:suse_linux:php7-ctype", "p-cpe:/a:novell:suse_linux:php7-ctype-debuginfo", "p-cpe:/a:novell:suse_linux:php7-curl", "p-cpe:/a:novell:suse_linux:php7-curl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-dba", "p-cpe:/a:novell:suse_linux:php7-dba-debuginfo", "p-cpe:/a:novell:suse_linux:php7-debuginfo", "p-cpe:/a:novell:suse_linux:php7-debugsource", "p-cpe:/a:novell:suse_linux:php7-devel", "p-cpe:/a:novell:suse_linux:php7-dom", "p-cpe:/a:novell:suse_linux:php7-dom-debuginfo", "p-cpe:/a:novell:suse_linux:php7-embed", "p-cpe:/a:novell:suse_linux:php7-embed-debuginfo", "p-cpe:/a:novell:suse_linux:php7-enchant", "p-cpe:/a:novell:suse_linux:php7-enchant-debuginfo", "p-cpe:/a:novell:suse_linux:php7-exif", "p-cpe:/a:novell:suse_linux:php7-exif-debuginfo", "p-cpe:/a:novell:suse_linux:php7-fastcgi", "p-cpe:/a:novell:suse_linux:php7-fastcgi-debuginfo", "p-cpe:/a:novell:suse_linux:php7-fileinfo", "p-cpe:/a:novell:suse_linux:php7-fileinfo-debuginfo", "p-cpe:/a:novell:suse_linux:php7-fpm", "p-cpe:/a:novell:suse_linux:php7-fpm-debuginfo", "p-cpe:/a:novell:suse_linux:php7-ftp", "p-cpe:/a:novell:suse_linux:php7-ftp-debuginfo", "p-cpe:/a:novell:suse_linux:php7-gd", "p-cpe:/a:novell:suse_linux:php7-gd-debuginfo", "p-cpe:/a:novell:suse_linux:php7-gettext", "p-cpe:/a:novell:suse_linux:php7-gettext-debuginfo", "p-cpe:/a:novell:suse_linux:php7-gmp", "p-cpe:/a:novell:suse_linux:php7-gmp-debuginfo", "p-cpe:/a:novell:suse_linux:php7-iconv", "p-cpe:/a:novell:suse_linux:php7-iconv-debuginfo", "p-cpe:/a:novell:suse_linux:php7-intl", "p-cpe:/a:novell:suse_linux:php7-intl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-json", "p-cpe:/a:novell:suse_linux:php7-json-debuginfo", "p-cpe:/a:novell:suse_linux:php7-ldap", "p-cpe:/a:novell:suse_linux:php7-ldap-debuginfo", "p-cpe:/a:novell:suse_linux:php7-mbstring", "p-cpe:/a:novell:suse_linux:php7-mbstring-debuginfo", "p-cpe:/a:novell:suse_linux:php7-mysql", "p-cpe:/a:novell:suse_linux:php7-mysql-debuginfo", "p-cpe:/a:novell:suse_linux:php7-odbc", "p-cpe:/a:novell:suse_linux:php7-odbc-debuginfo", "p-cpe:/a:novell:suse_linux:php7-opcache", "p-cpe:/a:novell:suse_linux:php7-opcache-debuginfo", "p-cpe:/a:novell:suse_linux:php7-openssl", "p-cpe:/a:novell:suse_linux:php7-openssl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-pcntl", "p-cpe:/a:novell:suse_linux:php7-pcntl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-pdo", "p-cpe:/a:novell:suse_linux:php7-pdo-debuginfo", "p-cpe:/a:novell:suse_linux:php7-pgsql", "p-cpe:/a:novell:suse_linux:php7-pgsql-debuginfo", "p-cpe:/a:novell:suse_linux:php7-phar", "p-cpe:/a:novell:suse_linux:php7-phar-debuginfo", "p-cpe:/a:novell:suse_linux:php7-posix", "p-cpe:/a:novell:suse_linux:php7-posix-debuginfo", "p-cpe:/a:novell:suse_linux:php7-readline", "p-cpe:/a:novell:suse_linux:php7-readline-debuginfo", "p-cpe:/a:novell:suse_linux:php7-shmop", "p-cpe:/a:novell:suse_linux:php7-shmop-debuginfo", "p-cpe:/a:novell:suse_linux:php7-snmp", "p-cpe:/a:novell:suse_linux:php7-snmp-debuginfo", "p-cpe:/a:novell:suse_linux:php7-soap", "p-cpe:/a:novell:suse_linux:php7-soap-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sockets", "p-cpe:/a:novell:suse_linux:php7-sockets-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sodium", "p-cpe:/a:novell:suse_linux:php7-sodium-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sqlite", "p-cpe:/a:novell:suse_linux:php7-sqlite-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sysvmsg", "p-cpe:/a:novell:suse_linux:php7-sysvmsg-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sysvsem", "p-cpe:/a:novell:suse_linux:php7-sysvsem-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sysvshm", "p-cpe:/a:novell:suse_linux:php7-sysvshm-debuginfo", "p-cpe:/a:novell:suse_linux:php7-tidy", "p-cpe:/a:novell:suse_linux:php7-tidy-debuginfo", "p-cpe:/a:novell:suse_linux:php7-tokenizer", "p-cpe:/a:novell:suse_linux:php7-tokenizer-debuginfo", "p-cpe:/a:novell:suse_linux:php7-wddx", "p-cpe:/a:novell:suse_linux:php7-wddx-debuginfo", "p-cpe:/a:novell:suse_linux:php7-xmlreader", "p-cpe:/a:novell:suse_linux:php7-xmlreader-debuginfo", "p-cpe:/a:novell:suse_linux:php7-xmlrpc", "p-cpe:/a:novell:suse_linux:php7-xmlrpc-debuginfo", "p-cpe:/a:novell:suse_linux:php7-xmlwriter", "p-cpe:/a:novell:suse_linux:php7-xmlwriter-debuginfo", "p-cpe:/a:novell:suse_linux:php7-xsl", "p-cpe:/a:novell:suse_linux:php7-xsl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-zip", "p-cpe:/a:novell:suse_linux:php7-zip-debuginfo", "p-cpe:/a:novell:suse_linux:php7-zlib", "p-cpe:/a:novell:suse_linux:php7-zlib-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-0101-1.NASL", "href": "https://www.tenable.com/plugins/nessus/132927", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:0101-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132927);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\n \"CVE-2019-11045\",\n \"CVE-2019-11046\",\n \"CVE-2019-11047\",\n \"CVE-2019-11050\"\n );\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : php7 (SUSE-SU-2020:0101-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for php7 fixes the following issues :\n\nCVE-2019-11045: Fixed an issue with improper input validation in the\nfilename handling of the DirectoryIterator class (bsc#1159923).\n\nCVE-2019-11046: Fixed an information leak in bc_shift_addsub()\n(bsc#1159924).\n\nCVE-2019-11047, CVE-2019-11050: Fixed multiple information leaks in\nexif_read_data() (bsc#1159922, bsc#1159927).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159922\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159923\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159924\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159927\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11045/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11046/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11047/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11050/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20200101-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?13daf94c\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Web Scripting 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP1-2020-101=1\n\nSUSE Linux Enterprise Module for Web Scripting 15 :\n\nzypper in -t patch SUSE-SLE-Module-Web-Scripting-15-2020-101=1\n\nSUSE Linux Enterprise Module for Packagehub Subpackages 15 :\n\nzypper in -t patch\nSUSE-SLE-Module-Packagehub-Subpackages-15-2020-101=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-101=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15 :\n\nzypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2020-101=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11050\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-11046\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-embed-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-opcache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-readline-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sodium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sodium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-tidy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"apache2-mod_php7-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"apache2-mod_php7-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-bcmath-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-bcmath-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-bz2-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-bz2-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-calendar-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-calendar-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-ctype-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-ctype-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-curl-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-curl-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-dba-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-dba-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-debugsource-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-devel-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-dom-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-dom-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-embed-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-embed-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-enchant-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-enchant-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-exif-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-exif-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-fastcgi-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-fastcgi-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-fileinfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-fileinfo-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-fpm-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-fpm-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-ftp-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-ftp-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-gd-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-gd-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-gettext-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-gettext-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-gmp-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-gmp-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-iconv-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-iconv-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-intl-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-intl-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-json-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-json-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-ldap-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-ldap-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-mbstring-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-mbstring-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-mysql-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-mysql-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-odbc-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-odbc-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-opcache-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-opcache-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-openssl-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-openssl-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-pcntl-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-pcntl-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-pdo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-pdo-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-pgsql-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-pgsql-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-phar-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-phar-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-posix-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-posix-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-readline-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-readline-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-shmop-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-shmop-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-snmp-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-snmp-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-soap-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-soap-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-sockets-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-sockets-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-sodium-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-sodium-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-sqlite-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-sqlite-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-sysvmsg-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-sysvmsg-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-sysvsem-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-sysvsem-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-sysvshm-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-sysvshm-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-tidy-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-tidy-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-tokenizer-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-tokenizer-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-wddx-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-wddx-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-xmlreader-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-xmlreader-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-xmlrpc-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-xmlrpc-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-xmlwriter-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-xmlwriter-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-xsl-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-xsl-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-zip-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-zip-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-zlib-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"php7-zlib-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"apache2-mod_php7-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"apache2-mod_php7-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-bcmath-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-bcmath-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-bz2-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-bz2-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-calendar-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-calendar-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-ctype-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-ctype-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-curl-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-curl-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-dba-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-dba-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-debugsource-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-devel-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-dom-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-dom-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-embed-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-embed-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-enchant-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-enchant-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-exif-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-exif-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-fastcgi-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-fastcgi-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-fileinfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-fileinfo-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-fpm-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-fpm-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-ftp-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-ftp-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-gd-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-gd-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-gettext-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-gettext-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-gmp-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-gmp-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-iconv-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-iconv-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-intl-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-intl-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-json-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-json-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-ldap-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-ldap-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-mbstring-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-mbstring-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-mysql-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-mysql-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-odbc-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-odbc-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-opcache-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-opcache-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-openssl-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-openssl-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-pcntl-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-pcntl-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-pdo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-pdo-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-pgsql-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-pgsql-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-phar-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-phar-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-posix-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-posix-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-readline-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-readline-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-shmop-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-shmop-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-snmp-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-snmp-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-soap-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-soap-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-sockets-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-sockets-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-sodium-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-sodium-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-sqlite-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-sqlite-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-sysvmsg-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-sysvmsg-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-sysvsem-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-sysvsem-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-sysvshm-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-sysvshm-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-tidy-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-tidy-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-tokenizer-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-tokenizer-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-wddx-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-wddx-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-xmlreader-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-xmlreader-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-xmlrpc-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-xmlrpc-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-xmlwriter-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-xmlwriter-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-xsl-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-xsl-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-zip-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-zip-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-zlib-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"php7-zlib-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"php7-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"php7-debugsource-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"php7-embed-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"php7-embed-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"php7-readline-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"php7-readline-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"php7-sodium-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"php7-sodium-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"php7-tidy-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"php7-tidy-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"php7-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"php7-debugsource-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"php7-embed-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"php7-embed-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"php7-readline-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"php7-readline-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"php7-sodium-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"php7-sodium-debuginfo-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"php7-tidy-7.2.5-4.49.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"php7-tidy-debuginfo-7.2.5-4.49.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php7\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-08-12T16:23:53", "description": "It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service.\nThis issue only affected Ubuntu 14.04 ESM, 16.04 LTS, 18.04 LTS, 19.04 and 19.10. (CVE-2019-11045)\n\nIt was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2019-11046)\n\nIt was discovered that PHP incorrectly handled certain images. An attacker could possibly use this issue to access sensitive information. (CVE-2019-11047, CVE-2019-11050).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-01-16T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : PHP vulnerabilities (USN-4239-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11045", "CVE-2019-11046", "CVE-2019-11047", "CVE-2019-11050"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5", "p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php7.0", "p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php7.2", "p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php7.3", "p-cpe:/a:canonical:ubuntu_linux:php5-cgi", "p-cpe:/a:canonical:ubuntu_linux:php5-cli", "p-cpe:/a:canonical:ubuntu_linux:php5-fpm", "p-cpe:/a:canonical:ubuntu_linux:php5-xmlrpc", "p-cpe:/a:canonical:ubuntu_linux:php7.0-bcmath", "p-cpe:/a:canonical:ubuntu_linux:php7.0-cgi", "p-cpe:/a:canonical:ubuntu_linux:php7.0-cli", "p-cpe:/a:canonical:ubuntu_linux:php7.0-fpm", "p-cpe:/a:canonical:ubuntu_linux:php7.0-mbstring", "p-cpe:/a:canonical:ubuntu_linux:php7.0-xmlrpc", "p-cpe:/a:canonical:ubuntu_linux:php7.2-bcmath", "p-cpe:/a:canonical:ubuntu_linux:php7.2-cgi", "p-cpe:/a:canonical:ubuntu_linux:php7.2-cli", "p-cpe:/a:canonical:ubuntu_linux:php7.2-fpm", "p-cpe:/a:canonical:ubuntu_linux:php7.2-mbstring", "p-cpe:/a:canonical:ubuntu_linux:php7.2-xmlrpc", "p-cpe:/a:canonical:ubuntu_linux:php7.3-bcmath", "p-cpe:/a:canonical:ubuntu_linux:php7.3-cgi", "p-cpe:/a:canonical:ubuntu_linux:php7.3-cli", "p-cpe:/a:canonical:ubuntu_linux:php7.3-fpm", "p-cpe:/a:canonical:ubuntu_linux:php7.3-mbstring", "p-cpe:/a:canonical:ubuntu_linux:php7.3-xmlrpc", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:19.04", "cpe:/o:canonical:ubuntu_linux:19.10"], "id": "UBUNTU_USN-4239-1.NASL", "href": "https://www.tenable.com/plugins/nessus/132953", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4239-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132953);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\"CVE-2019-11045\", \"CVE-2019-11046\", \"CVE-2019-11047\", \"CVE-2019-11050\");\n script_xref(name:\"USN\", value:\"4239-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : PHP vulnerabilities (USN-4239-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that PHP incorrectly handled certain files. An\nattacker could possibly use this issue to cause a denial of service.\nThis issue only affected Ubuntu 14.04 ESM, 16.04 LTS, 18.04 LTS, 19.04\nand 19.10. (CVE-2019-11045)\n\nIt was discovered that PHP incorrectly handled certain inputs. An\nattacker could possibly use this issue to expose sensitive\ninformation. (CVE-2019-11046)\n\nIt was discovered that PHP incorrectly handled certain images. An\nattacker could possibly use this issue to access sensitive\ninformation. (CVE-2019-11047, CVE-2019-11050).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4239-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11050\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.2-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.3-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.3-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.3-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.3-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.3-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.3-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2022 Canonical, Inc. / NASL script (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|16\\.04|18\\.04|19\\.04|19\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 16.04 / 18.04 / 19.04 / 19.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libapache2-mod-php7.0\", pkgver:\"7.0.33-0ubuntu0.16.04.9\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"php7.0-bcmath\", pkgver:\"7.0.33-0ubuntu0.16.04.9\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"php7.0-cgi\", pkgver:\"7.0.33-0ubuntu0.16.04.9\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"php7.0-cli\", pkgver:\"7.0.33-0ubuntu0.16.04.9\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"php7.0-fpm\", pkgver:\"7.0.33-0ubuntu0.16.04.9\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"php7.0-mbstring\", pkgver:\"7.0.33-0ubuntu0.16.04.9\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"php7.0-xmlrpc\", pkgver:\"7.0.33-0ubuntu0.16.04.9\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libapache2-mod-php7.2\", pkgver:\"7.2.24-0ubuntu0.18.04.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"php7.2-bcmath\", pkgver:\"7.2.24-0ubuntu0.18.04.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"php7.2-cgi\", pkgver:\"7.2.24-0ubuntu0.18.04.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"php7.2-cli\", pkgver:\"7.2.24-0ubuntu0.18.04.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"php7.2-fpm\", pkgver:\"7.2.24-0ubuntu0.18.04.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"php7.2-mbstring\", pkgver:\"7.2.24-0ubuntu0.18.04.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"php7.2-xmlrpc\", pkgver:\"7.2.24-0ubuntu0.18.04.2\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"libapache2-mod-php7.2\", pkgver:\"7.2.24-0ubuntu0.19.04.2\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"php7.2-bcmath\", pkgver:\"7.2.24-0ubuntu0.19.04.2\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"php7.2-cgi\", pkgver:\"7.2.24-0ubuntu0.19.04.2\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"php7.2-cli\", pkgver:\"7.2.24-0ubuntu0.19.04.2\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"php7.2-fpm\", pkgver:\"7.2.24-0ubuntu0.19.04.2\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"php7.2-mbstring\", pkgver:\"7.2.24-0ubuntu0.19.04.2\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"php7.2-xmlrpc\", pkgver:\"7.2.24-0ubuntu0.19.04.2\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"libapache2-mod-php7.3\", pkgver:\"7.3.11-0ubuntu0.19.10.2\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"php7.3-bcmath\", pkgver:\"7.3.11-0ubuntu0.19.10.2\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"php7.3-cgi\", pkgver:\"7.3.11-0ubuntu0.19.10.2\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"php7.3-cli\", pkgver:\"7.3.11-0ubuntu0.19.10.2\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"php7.3-fpm\", pkgver:\"7.3.11-0ubuntu0.19.10.2\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"php7.3-mbstring\", pkgver:\"7.3.11-0ubuntu0.19.10.2\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"php7.3-xmlrpc\", pkgver:\"7.3.11-0ubuntu0.19.10.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libapache2-mod-php5 / libapache2-mod-php7.0 / libapache2-mod-php7.2 / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-08-12T16:25:01", "description": "This update for php72 fixes the following issues :\n\nCVE-2019-11045: Fixed an issue with improper input validation in the filename handling of the DirectoryIterator class (bsc#1159923).\n\nCVE-2019-11046: Fixed an information leak in bc_shift_addsub() (bsc#1159924).\n\nCVE-2019-11047, CVE-2019-11050: Fixed multiple information leaks in exif_read_data() (bsc#1159922, bsc#1159927).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-01-31T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : php72 (SUSE-SU-2020:0267-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11045", "CVE-2019-11046", "CVE-2019-11047", "CVE-2019-11050"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2-mod_php72", "p-cpe:/a:novell:suse_linux:apache2-mod_php72-debuginfo", "p-cpe:/a:novell:suse_linux:php72", "p-cpe:/a:novell:suse_linux:php72-bcmath", "p-cpe:/a:novell:suse_linux:php72-bcmath-debuginfo", "p-cpe:/a:novell:suse_linux:php72-bz2", "p-cpe:/a:novell:suse_linux:php72-bz2-debuginfo", "p-cpe:/a:novell:suse_linux:php72-calendar", "p-cpe:/a:novell:suse_linux:php72-calendar-debuginfo", "p-cpe:/a:novell:suse_linux:php72-ctype", "p-cpe:/a:novell:suse_linux:php72-ctype-debuginfo", "p-cpe:/a:novell:suse_linux:php72-curl", "p-cpe:/a:novell:suse_linux:php72-curl-debuginfo", "p-cpe:/a:novell:suse_linux:php72-dba", "p-cpe:/a:novell:suse_linux:php72-dba-debuginfo", "p-cpe:/a:novell:suse_linux:php72-debuginfo", "p-cpe:/a:novell:suse_linux:php72-debugsource", "p-cpe:/a:novell:suse_linux:php72-dom", "p-cpe:/a:novell:suse_linux:php72-dom-debuginfo", "p-cpe:/a:novell:suse_linux:php72-enchant", "p-cpe:/a:novell:suse_linux:php72-enchant-debuginfo", "p-cpe:/a:novell:suse_linux:php72-exif", "p-cpe:/a:novell:suse_linux:php72-exif-debuginfo", "p-cpe:/a:novell:suse_linux:php72-fastcgi", "p-cpe:/a:novell:suse_linux:php72-fastcgi-debuginfo", "p-cpe:/a:novell:suse_linux:php72-fileinfo", "p-cpe:/a:novell:suse_linux:php72-fileinfo-debuginfo", "p-cpe:/a:novell:suse_linux:php72-fpm", "p-cpe:/a:novell:suse_linux:php72-fpm-debuginfo", "p-cpe:/a:novell:suse_linux:php72-ftp", "p-cpe:/a:novell:suse_linux:php72-ftp-debuginfo", "p-cpe:/a:novell:suse_linux:php72-gd", "p-cpe:/a:novell:suse_linux:php72-gd-debuginfo", "p-cpe:/a:novell:suse_linux:php72-gettext", "p-cpe:/a:novell:suse_linux:php72-gettext-debuginfo", "p-cpe:/a:novell:suse_linux:php72-gmp", "p-cpe:/a:novell:suse_linux:php72-gmp-debuginfo", "p-cpe:/a:novell:suse_linux:php72-iconv", "p-cpe:/a:novell:suse_linux:php72-iconv-debuginfo", "p-cpe:/a:novell:suse_linux:php72-imap", "p-cpe:/a:novell:suse_linux:php72-imap-debuginfo", "p-cpe:/a:novell:suse_linux:php72-intl", "p-cpe:/a:novell:suse_linux:php72-intl-debuginfo", "p-cpe:/a:novell:suse_linux:php72-json", "p-cpe:/a:novell:suse_linux:php72-json-debuginfo", "p-cpe:/a:novell:suse_linux:php72-ldap", "p-cpe:/a:novell:suse_linux:php72-ldap-debuginfo", "p-cpe:/a:novell:suse_linux:php72-mbstring", "p-cpe:/a:novell:suse_linux:php72-mbstring-debuginfo", "p-cpe:/a:novell:suse_linux:php72-mysql", "p-cpe:/a:novell:suse_linux:php72-mysql-debuginfo", "p-cpe:/a:novell:suse_linux:php72-odbc", "p-cpe:/a:novell:suse_linux:php72-odbc-debuginfo", "p-cpe:/a:novell:suse_linux:php72-opcache", "p-cpe:/a:novell:suse_linux:php72-opcache-debuginfo", "p-cpe:/a:novell:suse_linux:php72-openssl", "p-cpe:/a:novell:suse_linux:php72-openssl-debuginfo", "p-cpe:/a:novell:suse_linux:php72-pcntl", "p-cpe:/a:novell:suse_linux:php72-pcntl-debuginfo", "p-cpe:/a:novell:suse_linux:php72-pdo", "p-cpe:/a:novell:suse_linux:php72-pdo-debuginfo", "p-cpe:/a:novell:suse_linux:php72-pgsql", "p-cpe:/a:novell:suse_linux:php72-pgsql-debuginfo", "p-cpe:/a:novell:suse_linux:php72-phar", "p-cpe:/a:novell:suse_linux:php72-phar-debuginfo", "p-cpe:/a:novell:suse_linux:php72-posix", "p-cpe:/a:novell:suse_linux:php72-posix-debuginfo", "p-cpe:/a:novell:suse_linux:php72-pspell", "p-cpe:/a:novell:suse_linux:php72-pspell-debuginfo", "p-cpe:/a:novell:suse_linux:php72-readline", "p-cpe:/a:novell:suse_linux:php72-readline-debuginfo", "p-cpe:/a:novell:suse_linux:php72-shmop", "p-cpe:/a:novell:suse_linux:php72-shmop-debuginfo", "p-cpe:/a:novell:suse_linux:php72-snmp", "p-cpe:/a:novell:suse_linux:php72-snmp-debuginfo", "p-cpe:/a:novell:suse_linux:php72-soap", "p-cpe:/a:novell:suse_linux:php72-soap-debuginfo", "p-cpe:/a:novell:suse_linux:php72-sockets", "p-cpe:/a:novell:suse_linux:php72-sockets-debuginfo", "p-cpe:/a:novell:suse_linux:php72-sodium", "p-cpe:/a:novell:suse_linux:php72-sodium-debuginfo", "p-cpe:/a:novell:suse_linux:php72-sqlite", "p-cpe:/a:novell:suse_linux:php72-sqlite-debuginfo", "p-cpe:/a:novell:suse_linux:php72-sysvmsg", "p-cpe:/a:novell:suse_linux:php72-sysvmsg-debuginfo", "p-cpe:/a:novell:suse_linux:php72-sysvsem", "p-cpe:/a:novell:suse_linux:php72-sysvsem-debuginfo", "p-cpe:/a:novell:suse_linux:php72-sysvshm", "p-cpe:/a:novell:suse_linux:php72-sysvshm-debuginfo", "p-cpe:/a:novell:suse_linux:php72-tidy", "p-cpe:/a:novell:suse_linux:php72-tidy-debuginfo", "p-cpe:/a:novell:suse_linux:php72-tokenizer", "p-cpe:/a:novell:suse_linux:php72-tokenizer-debuginfo", "p-cpe:/a:novell:suse_linux:php72-wddx", "p-cpe:/a:novell:suse_linux:php72-wddx-debuginfo", "p-cpe:/a:novell:suse_linux:php72-xmlreader", "p-cpe:/a:novell:suse_linux:php72-xmlreader-debuginfo", "p-cpe:/a:novell:suse_linux:php72-xmlrpc", "p-cpe:/a:novell:suse_linux:php72-xmlrpc-debuginfo", "p-cpe:/a:novell:suse_linux:php72-xmlwriter", "p-cpe:/a:novell:suse_linux:php72-xmlwriter-debuginfo", "p-cpe:/a:novell:suse_linux:php72-xsl", "p-cpe:/a:novell:suse_linux:php72-xsl-debuginfo", "p-cpe:/a:novell:suse_linux:php72-zip", "p-cpe:/a:novell:suse_linux:php72-zip-debuginfo", "p-cpe:/a:novell:suse_linux:php72-zlib", "p-cpe:/a:novell:suse_linux:php72-zlib-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-0267-1.NASL", "href": "https://www.tenable.com/plugins/nessus/133396", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:0267-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133396);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\n \"CVE-2019-11045\",\n \"CVE-2019-11046\",\n \"CVE-2019-11047\",\n \"CVE-2019-11050\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : php72 (SUSE-SU-2020:0267-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for php72 fixes the following issues :\n\nCVE-2019-11045: Fixed an issue with improper input validation in the\nfilename handling of the DirectoryIterator class (bsc#1159923).\n\nCVE-2019-11046: Fixed an information leak in bc_shift_addsub()\n(bsc#1159924).\n\nCVE-2019-11047, CVE-2019-11050: Fixed multiple information leaks in\nexif_read_data() (bsc#1159922, bsc#1159927).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159922\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159923\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159924\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159927\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11045/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11046/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11047/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11050/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20200267-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?98c4a117\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2020-267=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP4-2020-267=1\n\nSUSE Linux Enterprise Module for Web Scripting 12 :\n\nzypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2020-267=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11050\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-11046\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php72\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php72-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-imap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-opcache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-readline-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-sodium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-sodium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-tidy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php72-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-mod_php72-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-mod_php72-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-bcmath-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-bcmath-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-bz2-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-bz2-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-calendar-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-calendar-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-ctype-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-ctype-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-curl-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-curl-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-dba-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-dba-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-debugsource-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-dom-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-dom-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-enchant-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-enchant-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-exif-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-exif-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-fastcgi-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-fastcgi-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-fileinfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-fileinfo-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-fpm-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-fpm-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-ftp-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-ftp-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-gd-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-gd-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-gettext-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-gettext-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-gmp-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-gmp-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-iconv-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-iconv-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-imap-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-imap-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-intl-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-intl-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-json-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-json-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-ldap-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-ldap-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-mbstring-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-mbstring-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-mysql-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-mysql-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-odbc-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-odbc-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-opcache-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-opcache-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-openssl-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-openssl-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-pcntl-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-pcntl-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-pdo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-pdo-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-pgsql-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-pgsql-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-phar-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-phar-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-posix-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-posix-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-pspell-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-pspell-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-readline-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-readline-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-shmop-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-shmop-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-snmp-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-snmp-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-soap-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-soap-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-sockets-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-sockets-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-sodium-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-sodium-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-sqlite-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-sqlite-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-sysvmsg-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-sysvmsg-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-sysvsem-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-sysvsem-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-sysvshm-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-sysvshm-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-tidy-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-tidy-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-tokenizer-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-tokenizer-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-wddx-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-wddx-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-xmlreader-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-xmlreader-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-xmlrpc-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-xmlrpc-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-xmlwriter-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-xmlwriter-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-xsl-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-xsl-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-zip-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-zip-debuginfo-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-zlib-7.2.5-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php72-zlib-debuginfo-7.2.5-1.32.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php72\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-08-11T14:59:48", "description": "According to the versions of the ruby packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c(CVE-2019-16163)\n\n - Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.(CVE-2019-19246)\n\n - An out-of-bounds read vulnerability was found in Oniguruma in the way it handled regular expression quantifiers. A remote attacker could abuse this flaw by providing a malformed regular expression that, when processed by an application linked to Oniguruma, could possibly crash the application, resulting in a denial of service.(CVE-2019-19204)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-04-02T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.6.0 : ruby (EulerOS-SA-2020-1339)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16163", "CVE-2019-19204", "CVE-2019-19246"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:ruby", "p-cpe:/a:huawei:euleros:ruby-irb", "p-cpe:/a:huawei:euleros:ruby-libs", "p-cpe:/a:huawei:euleros:rubygem-bigdecimal", "p-cpe:/a:huawei:euleros:rubygem-io-console", "p-cpe:/a:huawei:euleros:rubygem-json", "p-cpe:/a:huawei:euleros:rubygem-openssl", "p-cpe:/a:huawei:euleros:rubygem-psych", "p-cpe:/a:huawei:euleros:rubygem-rdoc", "p-cpe:/a:huawei:euleros:rubygems", "cpe:/o:huawei:euleros:uvp:3.0.6.0"], "id": "EULEROS_SA-2020-1339.NASL", "href": "https://www.tenable.com/plugins/nessus/135126", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135126);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-16163\",\n \"CVE-2019-19204\",\n \"CVE-2019-19246\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.6.0 : ruby (EulerOS-SA-2020-1339)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the ruby packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerabilities :\n\n - Oniguruma before 6.9.3 allows Stack Exhaustion in\n regcomp.c because of recursion in\n regparse.c(CVE-2019-16163)\n\n - Oniguruma through 6.9.3, as used in PHP 7.3.x and other\n products, has a heap-based buffer over-read in\n str_lower_case_match in regexec.c.(CVE-2019-19246)\n\n - An out-of-bounds read vulnerability was found in\n Oniguruma in the way it handled regular expression\n quantifiers. A remote attacker could abuse this flaw by\n providing a malformed regular expression that, when\n processed by an application linked to Oniguruma, could\n possibly crash the application, resulting in a denial\n of service.(CVE-2019-19204)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1339\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f2f8c64f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-psych\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygems\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"ruby-2.5.1-98.h6.eulerosv2r8\",\n \"ruby-irb-2.5.1-98.h6.eulerosv2r8\",\n \"ruby-libs-2.5.1-98.h6.eulerosv2r8\",\n \"rubygem-bigdecimal-1.3.4-98.h6.eulerosv2r8\",\n \"rubygem-io-console-0.4.6-98.h6.eulerosv2r8\",\n \"rubygem-json-2.1.0-98.h6.eulerosv2r8\",\n \"rubygem-openssl-2.1.0-98.h6.eulerosv2r8\",\n \"rubygem-psych-3.0.2-98.h6.eulerosv2r8\",\n \"rubygem-rdoc-6.0.1-98.h6.eulerosv2r8\",\n \"rubygems-2.7.6-98.h6.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-11T14:55:31", "description": "According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND.\n This leads to a heap-based buffer over-read.(CVE-2019-19204)\n\n - Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.(CVE-2019-16163)\n\n - Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.(CVE-2019-19246)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-02-25T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : ruby (EulerOS-SA-2020-1178)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16163", "CVE-2019-19204", "CVE-2019-19246"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:ruby", "p-cpe:/a:huawei:euleros:ruby-irb", "p-cpe:/a:huawei:euleros:ruby-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1178.NASL", "href": "https://www.tenable.com/plugins/nessus/134012", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134012);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-16163\",\n \"CVE-2019-19204\",\n \"CVE-2019-19246\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : ruby (EulerOS-SA-2020-1178)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the ruby packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in Oniguruma 6.x before\n 6.9.4_rc2. In the function fetch_interval_quantifier\n (formerly known as fetch_range_quantifier) in\n regparse.c, PFETCH is called without checking PEND.\n This leads to a heap-based buffer\n over-read.(CVE-2019-19204)\n\n - Oniguruma before 6.9.3 allows Stack Exhaustion in\n regcomp.c because of recursion in\n regparse.c.(CVE-2019-16163)\n\n - Oniguruma through 6.9.3, as used in PHP 7.3.x and other\n products, has a heap-based buffer over-read in\n str_lower_case_match in regexec.c.(CVE-2019-19246)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1178\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bae3487a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"ruby-2.5.1-98.h6.eulerosv2r8\",\n \"ruby-irb-2.5.1-98.h6.eulerosv2r8\",\n \"ruby-libs-2.5.1-98.h6.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-11T14:54:06", "description": "According to its banner, the version of PHP running on the remote web server is 7.2.x prior to 7.2.26. It is, therefore, affected by multiple vulnerabilities:\n\n - An arbitrary file read vulnerability exists in link() and DirectoryIterator class due to improper handling of embedded \\0 byte character and treats them as terminating at that byte. An attacker can exploit this to disclose information in applications checking paths that the code is allowed to access.\n (CVE-2019-11044 CVE-2019-11045)\n\n - An out-of-bounds READ error exists in the bcmath extension due to an input validation error. An unauthenticated, remote attacker can exploit this by supplying a string containing characters that are identified as numeric by the OS but are not ASCII number. This can cause lead to the disclosure of information within some memory locations. (CVE-2019-11046)\n\n - An out-of-bounds READ error exists in parsing EXIF information from an image. An unauthenticated, remote attacker can exploit this and supply it iwth data that will cause it to read past the allocated buffer disclosing of information.\n (CVE-2019-11047)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-01-10T00:00:00", "type": "nessus", "title": "PHP 7.2.x < 7.2.26 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11044", "CVE-2019-11045", "CVE-2019-11046", "CVE-2019-11047", "CVE-2019-11050"], "modified": "2022-05-18T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_7_2_26.NASL", "href": "https://www.tenable.com/plugins/nessus/132770", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132770);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\n \"CVE-2019-11044\",\n \"CVE-2019-11045\",\n \"CVE-2019-11046\",\n \"CVE-2019-11047\",\n \"CVE-2019-11050\"\n );\n\n script_name(english:\"PHP 7.2.x < 7.2.26 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of PHP running on the remote web server is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP running on the remote web\nserver is 7.2.x prior to 7.2.26. It is, therefore, affected by\nmultiple vulnerabilities:\n\n - An arbitrary file read vulnerability exists in link() and \n DirectoryIterator class due to improper handling of embedded \n \\0 byte character and treats them as terminating at that byte. \n An attacker can exploit this to disclose information in \n applications checking paths that the code is allowed to access.\n (CVE-2019-11044 CVE-2019-11045)\n\n - An out-of-bounds READ error exists in the bcmath extension due to\n an input validation error. An unauthenticated, remote attacker \n can exploit this by supplying a string containing characters that\n are identified as numeric by the OS but are not ASCII number. \n This can cause lead to the disclosure of information within some\n memory locations. (CVE-2019-11046)\n\n - An out-of-bounds READ error exists in parsing EXIF information \n from an image. An unauthenticated, remote attacker \n can exploit this and supply it iwth data that will cause it to \n read past the allocated buffer disclosing of information.\n (CVE-2019-11047)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-7.php#7.2.26\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 7.2.26 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11050\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-11046\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\", \"installed_sw/PHP\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\ninclude('http.inc');\ninclude('vcf.inc');\ninclude('audit.inc');\n\nport = get_http_port(default:80, php:TRUE);\napp_info = vcf::get_app_info(app:'PHP', port:port, webapp:TRUE);\n\nbackported = get_kb_item('www/php/' + port + '/' + app_info.version + '/backported');\n\nif ((report_paranoia < 2) && backported) audit(AUDIT_BACKPORT_SERVICE, port, 'PHP ' + app_info.version + ' install');\n\nconstraints = [\n {'min_version':'7.2.0alpha1', 'fixed_version':'7.2.26'}\n ];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-07-14T16:13:12", "description": "According to its banner, the version of PHP running on the remote web server is prior to 7.2.26, 7.3.x prior to 7.3.13, or 7.4.x prior to 7.4.1. It is, therefore, affected by multiple vulnerabilities:\n\n - An arbitrary file read vulnerability exists in link() and DirectoryIterator class due to improper handling of embedded \\0 byte character and treats them as terminating at that byte. An attacker can exploit this to disclose information in applications checking paths that the code is allowed to access. (CVE-2019-11044 / CVE-2019-11045)\n\n - An out-of-bounds READ error exists in the bcmath extension due to an input validation error. An unauthenticated, remote attacker can exploit this by supplying a string containing characters that are identified as numeric by the OS but are not ASCII number. This can cause lead to the disclosure of information within some memory locations. (CVE-2019-11046)\n\n - An out-of-bounds READ error exists in parsing EXIF information from an image. An unauthenticated, remote attacker can exploit this and supply it iwth data that will cause it to read past the allocated buffer disclosing of information. (CVE-2019-11047 / CVE-2019-11050)\n\n - A denial of service (DoS) vulnerability exists in mail() due to the double-freeing of certain memory locations. An unauthenticated, remote attacker can exploit this issue, by supplying custom headers, and to cause the application to segfault and stop responding.\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-01-24T00:00:00", "type": "nessus", "title": "PHP 7.3.x < 7.3.13 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11044", "CVE-2019-11045", "CVE-2019-11046", "CVE-2019-11047", "CVE-2019-11049", "CVE-2019-11050"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98926", "href": "https://www.tenable.com/plugins/was/98926", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-14T16:13:14", "description": "According to its banner, the version of PHP running on the remote web server is prior to 7.2.26, 7.3.x prior to 7.3.13, or 7.4.x prior to 7.4.1. It is, therefore, affected by multiple vulnerabilities:\n\n - An arbitrary file read vulnerability exists in link() and DirectoryIterator class due to improper handling of embedded \\0 byte character and treats them as terminating at that byte. An attacker can exploit this to disclose information in applications checking paths that the code is allowed to access. (CVE-2019-11044 / CVE-2019-11045)\n\n - An out-of-bounds READ error exists in the bcmath extension due to an input validation error. An unauthenticated, remote attacker can exploit this by supplying a string containing characters that are identified as numeric by the OS but are not ASCII number. This can cause lead to the disclosure of information within some memory locations. (CVE-2019-11046)\n\n - An out-of-bounds READ error exists in parsing EXIF information from an image. An unauthenticated, remote attacker can exploit this and supply it iwth data that will cause it to read past the allocated buffer disclosing of information. (CVE-2019-11047 / CVE-2019-11050)\n\n - A denial of service (DoS) vulnerability exists in mail() due to the double-freeing of certain memory locations. An unauthenticated, remote attacker can exploit this issue, by supplying custom headers, and to cause the application to segfault and stop responding.\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-01-24T00:00:00", "type": "nessus", "title": "PHP 7.4.x < 7.4.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11044", "CVE-2019-11045", "CVE-2019-11046", "CVE-2019-11047", "CVE-2019-11049", "CVE-2019-11050"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98925", "href": "https://www.tenable.com/plugins/was/98925", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-14T16:13:08", "description": "According to its banner, the version of PHP running on the remote web server is prior to 7.2.26, 7.3.x prior to 7.3.13, or 7.4.x prior to 7.4.1. It is, therefore, affected by multiple vulnerabilities:\n\n - An arbitrary file read vulnerability exists in link() and DirectoryIterator class due to improper handling of embedded \\0 byte character and treats them as terminating at that byte. An attacker can exploit this to disclose information in applications checking paths that the code is allowed to access. (CVE-2019-11044 / CVE-2019-11045)\n\n - An out-of-bounds READ error exists in the bcmath extension due to an input validation error. An unauthenticated, remote attacker can exploit this by supplying a string containing characters that are identified as numeric by the OS but are not ASCII number. This can cause lead to the disclosure of information within some memory locations. (CVE-2019-11046)\n\n - An out-of-bounds READ error exists in parsing EXIF information from an image. An unauthenticated, remote attacker can exploit this and supply it iwth data that will cause it to read past the allocated buffer disclosing of information. (CVE-2019-11047 / CVE-2019-11050)\n\n - A denial of service (DoS) vulnerability exists in mail() due to the double-freeing of certain memory locations. An unauthenticated, remote attacker can exploit this issue, by supplying custom headers, and to cause the application to segfault and stop responding.\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-01-24T00:00:00", "type": "nessus", "title": "PHP 7.2.x < 7.2.26 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11044", "CVE-2019-11045", "CVE-2019-11046", "CVE-2019-11047", "CVE-2019-11049", "CVE-2019-11050"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98927", "href": "https://www.tenable.com/plugins/was/98927", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-11T14:14:25", "description": "The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14289-1 advisory.\n\n - In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \\0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access. (CVE-2019-11045)\n\n - In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations. (CVE-2019-11046)\n\n - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.\n (CVE-2019-11047, CVE-2019-11050)\n\n - libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable. (CVE-2019-20433)\n\n - When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash. (CVE-2020-7059)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2021-06-10T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : php53 (SUSE-SU-2020:14289-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11045", "CVE-2019-11046", "CVE-2019-11047", "CVE-2019-11050", "CVE-2019-20433", "CVE-2020-7059"], "modified": "2021-06-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2-mod_php53", "p-cpe:/a:novell:suse_linux:php53", "p-cpe:/a:novell:suse_linux:php53-bcmath", "p-cpe:/a:novell:suse_linux:php53-bz2", "p-cpe:/a:novell:suse_linux:php53-calendar", "p-cpe:/a:novell:suse_linux:php53-ctype", "p-cpe:/a:novell:suse_linux:php53-curl", "p-cpe:/a:novell:suse_linux:php53-dba", "p-cpe:/a:novell:suse_linux:php53-dom", "p-cpe:/a:novell:suse_linux:php53-exif", "p-cpe:/a:novell:suse_linux:php53-fastcgi", "p-cpe:/a:novell:suse_linux:php53-fileinfo", "p-cpe:/a:novell:suse_linux:php53-ftp", "p-cpe:/a:novell:suse_linux:php53-gd", "p-cpe:/a:novell:suse_linux:php53-gettext", "p-cpe:/a:novell:suse_linux:php53-gmp", "p-cpe:/a:novell:suse_linux:php53-iconv", "p-cpe:/a:novell:suse_linux:php53-intl", "p-cpe:/a:novell:suse_linux:php53-json", "p-cpe:/a:novell:suse_linux:php53-ldap", "p-cpe:/a:novell:suse_linux:php53-mbstring", "p-cpe:/a:novell:suse_linux:php53-mcrypt", "p-cpe:/a:novell:suse_linux:php53-mysql", "p-cpe:/a:novell:suse_linux:php53-odbc", "p-cpe:/a:novell:suse_linux:php53-openssl", "p-cpe:/a:novell:suse_linux:php53-pcntl", "p-cpe:/a:novell:suse_linux:php53-pdo", "p-cpe:/a:novell:suse_linux:php53-pear", "p-cpe:/a:novell:suse_linux:php53-pgsql", "p-cpe:/a:novell:suse_linux:php53-pspell", "p-cpe:/a:novell:suse_linux:php53-shmop", "p-cpe:/a:novell:suse_linux:php53-snmp", "p-cpe:/a:novell:suse_linux:php53-soap", "p-cpe:/a:novell:suse_linux:php53-suhosin", "p-cpe:/a:novell:suse_linux:php53-sysvmsg", "p-cpe:/a:novell:suse_linux:php53-sysvsem", "p-cpe:/a:novell:suse_linux:php53-sysvshm", "p-cpe:/a:novell:suse_linux:php53-tokenizer", "p-cpe:/a:novell:suse_linux:php53-wddx", "p-cpe:/a:novell:suse_linux:php53-xmlreader", "p-cpe:/a:novell:suse_linux:php53-xmlrpc", "p-cpe:/a:novell:suse_linux:php53-xmlwriter", "p-cpe:/a:novell:suse_linux:php53-xsl", "p-cpe:/a:novell:suse_linux:php53-zip", "p-cpe:/a:novell:suse_linux:php53-zlib", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2020-14289-1.NASL", "href": "https://www.tenable.com/plugins/nessus/150651", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2020:14289-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150651);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/10\");\n\n script_cve_id(\n \"CVE-2019-11045\",\n \"CVE-2019-11046\",\n \"CVE-2019-11047\",\n \"CVE-2019-11050\",\n \"CVE-2019-20433\",\n \"CVE-2020-7059\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2020:14289-1\");\n script_xref(name:\"IAVA\", value:\"2020-A-0006-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0039-S\");\n\n script_name(english:\"SUSE SLES11 Security Update : php53 (SUSE-SU-2020:14289-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2020:14289-1 advisory.\n\n - In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts\n filenames with embedded \\0 byte and treats them as terminating at that byte. This could lead to security\n vulnerabilities, e.g. in applications checking paths that the code is allowed to access. (CVE-2019-11045)\n\n - In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some\n systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with\n string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can\n read to disclosure of the content of some memory locations. (CVE-2019-11046)\n\n - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in\n PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what\n will cause it to read past the allocated buffer. This may lead to information disclosure or crash.\n (CVE-2019-11047, CVE-2019-11050)\n\n - libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\\0'\n byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the\n ASPELL_CONF environment variable. (CVE-2019-20433)\n\n - When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x\n below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read\n past the allocated buffer. This may lead to information disclosure or crash. (CVE-2020-7059)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159922\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159923\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159924\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159927\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1161982\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1162629\");\n # https://lists.suse.com/pipermail/sle-security-updates/2020-February/006513.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?90dfa74e\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11046\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11047\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-20433\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-7059\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-7059\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES11', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\npkgs = [\n {'reference':'apache2-mod_php53-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-bcmath-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-bz2-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-calendar-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-ctype-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-curl-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-dba-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-dom-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-exif-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-fastcgi-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-fileinfo-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-ftp-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-gd-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-gettext-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-gmp-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-iconv-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-intl-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-json-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-ldap-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-mbstring-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-mcrypt-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-mysql-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-odbc-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-openssl-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-pcntl-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-pdo-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-pear-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-pgsql-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-pspell-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-shmop-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-snmp-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-soap-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-suhosin-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-sysvmsg-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-sysvsem-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-sysvshm-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-tokenizer-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-wddx-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-xmlreader-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-xmlrpc-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-xmlwriter-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-xsl-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-zip-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'php53-zlib-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'apache2-mod_php53-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-bcmath-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-bz2-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-calendar-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-ctype-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-curl-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-dba-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-dom-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-exif-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-fastcgi-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-fileinfo-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-ftp-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-gd-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-gettext-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-gmp-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-iconv-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-intl-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-json-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-ldap-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-mbstring-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-mcrypt-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-mysql-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-odbc-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-openssl-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-pcntl-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-pdo-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-pear-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-pgsql-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-pspell-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-shmop-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-snmp-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-soap-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-suhosin-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-sysvmsg-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-sysvsem-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-sysvshm-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-tokenizer-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-wddx-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-xmlreader-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-xmlrpc-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-xmlwriter-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-xsl-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-zip-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'php53-zlib-5.3.17-112.79', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n exists_check = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release && exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n else if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache2-mod_php53 / php53 / php53-bcmath / php53-bz2 / php53-calendar / etc');\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-08-12T16:24:38", "description": "According to its banner, the version of PHP running on the remote web server is 7.3.x prior to 7.3.13 or 7.4.x prior to 7.4.1. It is, therefore, affected by multiple vulnerabilities:\n\n - An arbitrary file read vulnerability exists in link() and DirectoryIterator class due to improper handling of embedded \\0 byte character and treats them as terminating at that byte. An attacker can exploit this to disclose information in applications checking paths that the code is allowed to access.\n (CVE-2019-11044 CVE-2019-11045)\n\n - An out-of-bounds READ error exists in the bcmath extension due to an input validation error. An unauthenticated, remote attacker can exploit this by supplying a string containing characters that are identified as numeric by the OS but are not ASCII number. This can cause lead to the disclosure of information within some memory locations. (CVE-2019-11046)\n\n - An out-of-bounds READ error exists in parsing EXIF information from an image. An unauthenticated, remote attacker can exploit this and supply it iwth data that will cause it to read past the allocated buffer disclosing of information.\n (CVE-2019-11047 CVE-2019-11050)\n\n - A denial of service (DoS) vulnerability exists in mail() due to the double-freeing of certain memory locations. An unauthenticated, remote attacker can exploit this issue, by supplying custom headers, and to cause the application to segfault and stop responding.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-01-10T00:00:00", "type": "nessus", "title": "PHP 7.3.x < 7.3.13 / 7.4.x < 7.4.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11044", "CVE-2019-11045", "CVE-2019-11046", "CVE-2019-11047", "CVE-2019-11049", "CVE-2019-11050"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_7_4_1.NASL", "href": "https://www.tenable.com/plugins/nessus/132769", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132769);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2019-11044\",\n \"CVE-2019-11045\",\n \"CVE-2019-11046\",\n \"CVE-2019-11047\",\n \"CVE-2019-11049\",\n \"CVE-2019-11050\"\n );\n\n script_name(english:\"PHP 7.3.x < 7.3.13 / 7.4.x < 7.4.1 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of PHP running on the remote web server is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP running on the remote web\nserver is 7.3.x prior to 7.3.13 or 7.4.x prior to 7.4.1. It is, \ntherefore, affected by multiple vulnerabilities:\n\n - An arbitrary file read vulnerability exists in link() and \n DirectoryIterator class due to improper handling of embedded \n \\0 byte character and treats them as terminating at that byte. \n An attacker can exploit this to disclose information in \n applications checking paths that the code is allowed to access.\n (CVE-2019-11044 CVE-2019-11045)\n\n - An out-of-bounds READ error exists in the bcmath extension due to\n an input validation error. An unauthenticated, remote attacker \n can exploit this by supplying a string containing characters that\n are identified as numeric by the OS but are not ASCII number. \n This can cause lead to the disclosure of information within some\n memory locations. (CVE-2019-11046)\n\n - An out-of-bounds READ error exists in parsing EXIF information \n from an image. An unauthenticated, remote attacker \n can exploit this and supply it iwth data that will cause it to \n read past the allocated buffer disclosing of information.\n (CVE-2019-11047 CVE-2019-11050)\n\n - A denial of service (DoS) vulnerability exists in mail() due to \n the double-freeing of certain memory locations. An unauthenticated, \n remote attacker can exploit this issue, by supplying custom headers,\n and to cause the application to segfault and stop responding.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-7.php#7.3.13\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-7.php#7.4.1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 7.3.13, 7.4.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11049\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\", \"installed_sw/PHP\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\ninclude('http.inc');\ninclude('vcf.inc');\ninclude('audit.inc');\n\nport = get_http_port(default:80, php:TRUE);\napp_info = vcf::get_app_info(app:'PHP', port:port, webapp:TRUE);\n\nbackported = get_kb_item('www/php/' + port + '/' + app_info.version + '/backported');\n\nif ((report_paranoia < 2) && backported) audit(AUDIT_BACKPORT_SERVICE, port, 'PHP ' + app_info.version + ' install');\n\nconstraints = [\n {'min_version':'7.3.0alpha1', 'fixed_version':'7.3.13'},\n {'min_version':'7.4.0alpha1', 'fixed_version':'7.4.1'},\n ];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-12T16:24:38", "description": "**PHP version 7.3.13** (18 Dec 2019)\n\n**Bcmath:**\n\n - Fixed bug php#78878 (Buffer underflow in bc_shift_addsub). (**CVE-2019-11046**). (cmb)\n\n**Core:**\n\n - Fixed bug php#78862 (link() silently truncates after a null byte on Windows). (**CVE-2019-11044**). (cmb)\n\n - Fixed bug php#78863 (DirectoryIterator class silently truncates after a null byte). (**CVE-2019-11045**).\n (cmb)\n\n - Fixed bug php#78943 (mail() may release string with refcount==1 twice). (**CVE-2019-11049**). (cmb)\n\n - Fixed bug php#78787 (Segfault with trait overriding inherited private shadow property). (Nikita)\n\n - Fixed bug php#78868 (Calling __autoload() with incorrect EG(fake_scope) value). (Antony Dovgal, Dmitry)\n\n - Fixed bug php#78296 (is_file fails to detect file).\n (cmb)\n\n**EXIF:**\n\n - Fixed bug php#78793 (Use-after-free in exif parsing under memory sanitizer). (**CVE-2019-11050**). (Nikita)\n\n - Fixed bug php#78910 (Heap-buffer-overflow READ in exif).\n (**CVE-2019-11047**). (Nikita)\n\n**GD:**\n\n - Fixed bug php#78849 (GD build broken with -D SIGNED_COMPARE_SLOW). (cmb)\n\n**MBString:**\n\n - Upgraded bundled Oniguruma to 6.9.4. (cmb)\n\n**OPcache:**\n\n - Fixed potential ASLR related invalid opline handler issues. (cmb)\n\n - Fixed $x = (bool)$x; with opcache (should emit undeclared variable notice). (Tyson Andre)\n\n**PCRE:**\n\n - Fixed bug php#78853 (preg_match() may return integer > 1). (cmb)\n\n**Standard:**\n\n - Fixed bug php#78759 (array_search in $GLOBALS). (Nikita)\n\n - Fixed bug php#77638 (var_export'ing certain class instances segfaults). (cmb)\n\n - Fixed bug php#78840 (imploding $GLOBALS crashes). (cmb)\n\n - Fixed bug php#78833 (Integer overflow in pack causes out-of-bound access). (cmb)\n\n - Fixed bug php#78814 (strip_tags allows / in tag name => whitelist bypass). (cmb)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-01-06T00:00:00", "type": "nessus", "title": "Fedora 31 : php (2019-a54a622670)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11044", "CVE-2019-11045", "CVE-2019-11046", "CVE-2019-11047", "CVE-2019-11049", "CVE-2019-11050"], "modified": "2020-01-31T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:php", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2019-A54A622670.NASL", "href": "https://www.tenable.com/plugins/nessus/132655", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-a54a622670.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132655);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/01/31\");\n\n script_cve_id(\"CVE-2019-11044\", \"CVE-2019-11045\", \"CVE-2019-11046\", \"CVE-2019-11047\", \"CVE-2019-11049\", \"CVE-2019-11050\");\n script_xref(name:\"FEDORA\", value:\"2019-a54a622670\");\n\n script_name(english:\"Fedora 31 : php (2019-a54a622670)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"**PHP version 7.3.13** (18 Dec 2019)\n\n**Bcmath:**\n\n - Fixed bug php#78878 (Buffer underflow in\n bc_shift_addsub). (**CVE-2019-11046**). (cmb)\n\n**Core:**\n\n - Fixed bug php#78862 (link() silently truncates after a\n null byte on Windows). (**CVE-2019-11044**). (cmb)\n\n - Fixed bug php#78863 (DirectoryIterator class silently\n truncates after a null byte). (**CVE-2019-11045**).\n (cmb)\n\n - Fixed bug php#78943 (mail() may release string with\n refcount==1 twice). (**CVE-2019-11049**). (cmb)\n\n - Fixed bug php#78787 (Segfault with trait overriding\n inherited private shadow property). (Nikita)\n\n - Fixed bug php#78868 (Calling __autoload() with incorrect\n EG(fake_scope) value). (Antony Dovgal, Dmitry)\n\n - Fixed bug php#78296 (is_file fails to detect file).\n (cmb)\n\n**EXIF:**\n\n - Fixed bug php#78793 (Use-after-free in exif parsing\n under memory sanitizer). (**CVE-2019-11050**). (Nikita)\n\n - Fixed bug php#78910 (Heap-buffer-overflow READ in exif).\n (**CVE-2019-11047**). (Nikita)\n\n**GD:**\n\n - Fixed bug php#78849 (GD build broken with -D\n SIGNED_COMPARE_SLOW). (cmb)\n\n**MBString:**\n\n - Upgraded bundled Oniguruma to 6.9.4. (cmb)\n\n**OPcache:**\n\n - Fixed potential ASLR related invalid opline handler\n issues. (cmb)\n\n - Fixed $x = (bool)$x; with opcache (should emit\n undeclared variable notice). (Tyson Andre)\n\n**PCRE:**\n\n - Fixed bug php#78853 (preg_match() may return integer >\n 1). (cmb)\n\n**Standard:**\n\n - Fixed bug php#78759 (array_search in $GLOBALS). (Nikita)\n\n - Fixed bug php#77638 (var_export'ing certain class\n instances segfaults). (cmb)\n\n - Fixed bug php#78840 (imploding $GLOBALS crashes). (cmb)\n\n - Fixed bug php#78833 (Integer overflow in pack causes\n out-of-bound access). (cmb)\n\n - Fixed bug php#78814 (strip_tags allows / in tag name =>\n whitelist bypass). (cmb)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-a54a622670\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"php-7.3.13-1.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-12T16:25:24", "description": "**PHP version 7.3.13** (18 Dec 2019)\n\n**Bcmath:**\n\n - Fixed bug php#78878 (Buffer underflow in bc_shift_addsub). (**CVE-2019-11046**). (cmb)\n\n**Core:**\n\n - Fixed bug php#78862 (link() silently truncates after a null byte on Windows). (**CVE-2019-11044**). (cmb)\n\n - Fixed bug php#78863 (DirectoryIterator class silently truncates after a null byte). (**CVE-2019-11045**).\n (cmb)\n\n - Fixed bug php#78943 (mail() may release string with refcount==1 twice). (**CVE-2019-11049**). (cmb)\n\n - Fixed bug php#78787 (Segfault with trait overriding inherited private shadow property). (Nikita)\n\n - Fixed bug php#78868 (Calling __autoload() with incorrect EG(fake_scope) value). (Antony Dovgal, Dmitry)\n\n - Fixed bug php#78296 (is_file fails to detect file).\n (cmb)\n\n**EXIF:**\n\n - Fixed bug php#78793 (Use-after-free in exif parsing under memory sanitizer). (**CVE-2019-11050**). (Nikita)\n\n - Fixed bug php#78910 (Heap-buffer-overflow READ in exif).\n (**CVE-2019-11047**). (Nikita)\n\n**GD:**\n\n - Fixed bug php#78849 (GD build broken with -D SIGNED_COMPARE_SLOW). (cmb)\n\n**MBString:**\n\n - Upgraded bundled Oniguruma to 6.9.4. (cmb)\n\n**OPcache:**\n\n - Fixed potential ASLR related invalid opline handler issues. (cmb)\n\n - Fixed $x = (bool)$x; with opcache (should emit undeclared variable notice). (Tyson Andre)\n\n**PCRE:**\n\n - Fixed bug php#78853 (preg_match() may return integer > 1). (cmb)\n\n**Standard:**\n\n - Fixed bug php#78759 (array_search in $GLOBALS). (Nikita)\n\n - Fixed bug php#77638 (var_export'ing certain class instances segfaults). (cmb)\n\n - Fixed bug php#78840 (imploding $GLOBALS crashes). (cmb)\n\n - Fixed bug php#78833 (Integer overflow in pack causes out-of-bound access). (cmb)\n\n - Fixed bug php#78814 (strip_tags allows / in tag name => whitelist bypass). (cmb)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-01-06T00:00:00", "type": "nessus", "title": "Fedora 30 : php (2019-437d94e271)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11044", "CVE-2019-11045", "CVE-2019-11046", "CVE-2019-11047", "CVE-2019-11049", "CVE-2019-11050"], "modified": "2020-01-31T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:php", "cpe:/o:fedoraproject:fedora:30"], "id": "FEDORA_2019-437D94E271.NASL", "href": "https://www.tenable.com/plugins/nessus/132644", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-437d94e271.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132644);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/01/31\");\n\n script_cve_id(\"CVE-2019-11044\", \"CVE-2019-11045\", \"CVE-2019-11046\", \"CVE-2019-11047\", \"CVE-2019-11049\", \"CVE-2019-11050\");\n script_xref(name:\"FEDORA\", value:\"2019-437d94e271\");\n\n script_name(english:\"Fedora 30 : php (2019-437d94e271)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"**PHP version 7.3.13** (18 Dec 2019)\n\n**Bcmath:**\n\n - Fixed bug php#78878 (Buffer underflow in\n bc_shift_addsub). (**CVE-2019-11046**). (cmb)\n\n**Core:**\n\n - Fixed bug php#78862 (link() silently truncates after a\n null byte on Windows). (**CVE-2019-11044**). (cmb)\n\n - Fixed bug php#78863 (DirectoryIterator class silently\n truncates after a null byte). (**CVE-2019-11045**).\n (cmb)\n\n - Fixed bug php#78943 (mail() may release string with\n refcount==1 twice). (**CVE-2019-11049**). (cmb)\n\n - Fixed bug php#78787 (Segfault with trait overriding\n inherited private shadow property). (Nikita)\n\n - Fixed bug php#78868 (Calling __autoload() with incorrect\n EG(fake_scope) value). (Antony Dovgal, Dmitry)\n\n - Fixed bug php#78296 (is_file fails to detect file).\n (cmb)\n\n**EXIF:**\n\n - Fixed bug php#78793 (Use-after-free in exif parsing\n under memory sanitizer). (**CVE-2019-11050**). (Nikita)\n\n - Fixed bug php#78910 (Heap-buffer-overflow READ in exif).\n (**CVE-2019-11047**). (Nikita)\n\n**GD:**\n\n - Fixed bug php#78849 (GD build broken with -D\n SIGNED_COMPARE_SLOW). (cmb)\n\n**MBString:**\n\n - Upgraded bundled Oniguruma to 6.9.4. (cmb)\n\n**OPcache:**\n\n - Fixed potential ASLR related invalid opline handler\n issues. (cmb)\n\n - Fixed $x = (bool)$x; with opcache (should emit\n undeclared variable notice). (Tyson Andre)\n\n**PCRE:**\n\n - Fixed bug php#78853 (preg_match() may return integer >\n 1). (cmb)\n\n**Standard:**\n\n - Fixed bug php#78759 (array_search in $GLOBALS). (Nikita)\n\n - Fixed bug php#77638 (var_export'ing certain class\n instances segfaults). (cmb)\n\n - Fixed bug php#78840 (imploding $GLOBALS crashes). (cmb)\n\n - Fixed bug php#78833 (Integer overflow in pack causes\n out-of-bound access). (cmb)\n\n - Fixed bug php#78814 (strip_tags allows / in tag name =>\n whitelist bypass). (cmb)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-437d94e271\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"php-7.3.13-1.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-12T16:25:48", "description": "Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2020-02-20T00:00:00", "type": "nessus", "title": "Debian DSA-4628-1 : php7.0 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11045", "CVE-2019-11046", "CVE-2019-11047", "CVE-2019-11050", "CVE-2020-7059", "CVE-2020-7060"], "modified": "2020-02-24T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:php7.0", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4628.NASL", "href": "https://www.tenable.com/plugins/nessus/133815", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4628. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133815);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2019-11045\", \"CVE-2019-11046\", \"CVE-2019-11047\", \"CVE-2019-11050\", \"CVE-2020-7059\", \"CVE-2020-7060\");\n script_xref(name:\"DSA\", value:\"4628\");\n\n script_name(english:\"Debian DSA-4628-1 : php7.0 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues were found in PHP, a widely-used open source\ngeneral purpose scripting language which could result in information\ndisclosure, denial of service or incorrect validation of path names.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/php7.0\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/php7.0\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2020/dsa-4628\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the php7.0 packages.\n\nFor the oldstable distribution (stretch), these problems have been\nfixed in version 7.0.33-0+deb9u7.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"libapache2-mod-php7.0\", reference:\"7.0.33-0+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libphp7.0-embed\", reference:\"7.0.33-0+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0\", reference:\"7.0.33-0+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-bcmath\", reference:\"7.0.33-0+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-bz2\", reference:\"7.0.33-0+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-cgi\", reference:\"7.0.33-0+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-cli\", reference:\"7.0.33-0+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-common\", reference:\"7.0.33-0+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-curl\", reference:\"7.0.33-0+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-dba\", reference:\"7.0.33-0+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-dev\", reference:\"7.0.33-0+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-enchant\", reference:\"7.0.33-0+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-fpm\", reference:\"7.0.33-0+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-gd\", reference:\"7.0.33-0+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-gmp\", reference:\"7.0.33-0+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-imap\", reference:\"7.0.33-0+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-interbase\", reference:\"7.0.33-0+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-intl\", reference:\"7.0.33-0+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-json\", reference:\"7.0.33-0+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-ldap\", reference:\"7.0.33-0+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-mbstring\", reference:\"7.0.33-0+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-mcrypt\", reference:\"7.0.33-0+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-mysql\", reference:\"7.0.33-0+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-odbc\", reference:\"7.0.33-0+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-opcache\", reference:\"7.0.33-0+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-pgsql\", reference:\"7.0.33-0+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-phpdbg\", reference:\"7.0.33-0+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-pspell\", reference:\"7.0.33-0+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-readline\", reference:\"7.0.33-0+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-recode\", reference:\"7.0.33-0+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-snmp\", reference:\"7.0.33-0+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-soap\", reference:\"7.0.33-0+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-sqlite3\", reference:\"7.0.33-0+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-sybase\", reference:\"7.0.33-0+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-tidy\", reference:\"7.0.33-0+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-xml\", reference:\"7.0.33-0+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-xmlrpc\", reference:\"7.0.33-0+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-xsl\", reference:\"7.0.33-0+deb9u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-zip\", reference:\"7.0.33-0+deb9u7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-08-12T16:26:43", "description": "In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \\0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access. (CVE-2019-11045)\n\nIn PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-freeing certain memory locations. (CVE-2019-11049)\n\nWhen PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. (CVE-2019-11047)\n\nA flaw was discovered in the link function in PHP. When compiled on Windows, it does not correctly handle paths containing NULL bytes. An attacker could abuse this flaw to bypass application checks on file paths. (CVE-2019-11044)\n\nWhen PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. (CVE-2019-11050)\n\nIn PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations. (CVE-2019-11046)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-02-10T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : php72 / php73 (ALAS-2020-1339)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11044", "CVE-2019-11045", "CVE-2019-11046", "CVE-2019-11047", "CVE-2019-11049", "CVE-2019-11050"], "modified": "2020-02-12T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:php72", "p-cpe:/a:amazon:linux:php72-bcmath", "p-cpe:/a:amazon:linux:php72-cli", "p-cpe:/a:amazon:linux:php72-common", "p-cpe:/a:amazon:linux:php72-dba", "p-cpe:/a:amazon:linux:php72-dbg", "p-cpe:/a:amazon:linux:php72-debuginfo", "p-cpe:/a:amazon:linux:php72-devel", "p-cpe:/a:amazon:linux:php72-embedded", "p-cpe:/a:amazon:linux:php72-enchant", "p-cpe:/a:amazon:linux:php72-fpm", "p-cpe:/a:amazon:linux:php72-gd", "p-cpe:/a:amazon:linux:php72-gmp", "p-cpe:/a:amazon:linux:php72-imap", "p-cpe:/a:amazon:linux:php72-intl", "p-cpe:/a:amazon:linux:php72-json", "p-cpe:/a:amazon:linux:php72-ldap", "p-cpe:/a:amazon:linux:php72-mbstring", "p-cpe:/a:amazon:linux:php72-mysqlnd", "p-cpe:/a:amazon:linux:php72-odbc", "p-cpe:/a:amazon:linux:php72-opcache", "p-cpe:/a:amazon:linux:php72-pdo", "p-cpe:/a:amazon:linux:php72-pdo-dblib", "p-cpe:/a:amazon:linux:php72-pgsql", "p-cpe:/a:amazon:linux:php72-process", "p-cpe:/a:amazon:linux:php72-pspell", "p-cpe:/a:amazon:linux:php72-recode", "p-cpe:/a:amazon:linux:php72-snmp", "p-cpe:/a:amazon:linux:php72-soap", "p-cpe:/a:amazon:linux:php72-tidy", "p-cpe:/a:amazon:linux:php72-xml", "p-cpe:/a:amazon:linux:php72-xmlrpc", "p-cpe:/a:amazon:linux:php73", "p-cpe:/a:amazon:linux:php73-bcmath", "p-cpe:/a:amazon:linux:php73-cli", "p-cpe:/a:amazon:linux:php73-common", "p-cpe:/a:amazon:linux:php73-dba", "p-cpe:/a:amazon:linux:php73-dbg", "p-cpe:/a:amazon:linux:php73-debuginfo", "p-cpe:/a:amazon:linux:php73-devel", "p-cpe:/a:amazon:linux:php73-embedded", "p-cpe:/a:amazon:linux:php73-enchant", "p-cpe:/a:amazon:linux:php73-fpm", "p-cpe:/a:amazon:linux:php73-gd", "p-cpe:/a:amazon:linux:php73-gmp", "p-cpe:/a:amazon:linux:php73-imap", "p-cpe:/a:amazon:linux:php73-intl", "p-cpe:/a:amazon:linux:php73-json", "p-cpe:/a:amazon:linux:php73-ldap", "p-cpe:/a:amazon:linux:php73-mbstring", "p-cpe:/a:amazon:linux:php73-mysqlnd", "p-cpe:/a:amazon:linux:php73-odbc", "p-cpe:/a:amazon:linux:php73-opcache", "p-cpe:/a:amazon:linux:php73-pdo", "p-cpe:/a:amazon:linux:php73-pdo-dblib", "p-cpe:/a:amazon:linux:php73-pgsql", "p-cpe:/a:amazon:linux:php73-process", "p-cpe:/a:amazon:linux:php73-pspell", "p-cpe:/a:amazon:linux:php73-recode", "p-cpe:/a:amazon:linux:php73-snmp", "p-cpe:/a:amazon:linux:php73-soap", "p-cpe:/a:amazon:linux:php73-tidy", "p-cpe:/a:amazon:linux:php73-xml", "p-cpe:/a:amazon:linux:php73-xmlrpc", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2020-1339.NASL", "href": "https://www.tenable.com/plugins/nessus/133558", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2020-1339.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133558);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/02/12\");\n\n script_cve_id(\"CVE-2019-11044\", \"CVE-2019-11045\", \"CVE-2019-11046\", \"CVE-2019-11047\", \"CVE-2019-11049\", \"CVE-2019-11050\");\n script_xref(name:\"ALAS\", value:\"2020-1339\");\n\n script_name(english:\"Amazon Linux AMI : php72 / php73 (ALAS-2020-1339)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP\nDirectoryIterator class accepts filenames with embedded \\0 byte and\ntreats them as terminating at that byte. This could lead to security\nvulnerabilities, e.g. in applications checking paths that the code is\nallowed to access. (CVE-2019-11045)\n\nIn PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when\nsupplying custom headers to mail() function, due to mistake introduced\nin commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is\nsupplied in lowercase, this can result in double-freeing certain\nmemory locations. (CVE-2019-11049)\n\nWhen PHP EXIF extension is parsing EXIF information from an image,\ne.g. via exif_read_data() function, in PHP versions 7.2.x below\n7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with\ndata what will cause it to read past the allocated buffer. This may\nlead to information disclosure or crash. (CVE-2019-11047)\n\nA flaw was discovered in the link function in PHP. When compiled on\nWindows, it does not correctly handle paths containing NULL bytes. An\nattacker could abuse this flaw to bypass application checks on file\npaths. (CVE-2019-11044)\n\nWhen PHP EXIF extension is parsing EXIF information from an image,\ne.g. via exif_read_data() function, in PHP versions 7.2.x below\n7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with\ndata what will cause it to read past the allocated buffer. This may\nlead to information disclosure or crash. (CVE-2019-11050)\n\nIn PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP\nbcmath extension functions on some systems, including Windows, can be\ntricked into reading beyond the allocated space by supplying it with\nstring containing characters that are identified as numeric by the OS\nbut aren't ASCII numbers. This can read to disclosure of the content\nof some memory locations. (CVE-2019-11046)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2020-1339.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Run 'yum update php72' to update your system.\n\nRun 'yum update php73' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-pdo-dblib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php72-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-pdo-dblib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php73-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"php72-7.2.26-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-bcmath-7.2.26-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-cli-7.2.26-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-common-7.2.26-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-dba-7.2.26-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-dbg-7.2.26-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-debuginfo-7.2.26-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-devel-7.2.26-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-embedded-7.2.26-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-enchant-7.2.26-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-fpm-7.2.26-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-gd-7.2.26-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-gmp-7.2.26-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-imap-7.2.26-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-intl-7.2.26-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-json-7.2.26-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-ldap-7.2.26-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-mbstring-7.2.26-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-mysqlnd-7.2.26-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-odbc-7.2.26-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-opcache-7.2.26-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-pdo-7.2.26-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-pdo-dblib-7.2.26-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-pgsql-7.2.26-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-process-7.2.26-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-pspell-7.2.26-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-recode-7.2.26-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-snmp-7.2.26-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-soap-7.2.26-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-tidy-7.2.26-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-xml-7.2.26-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php72-xmlrpc-7.2.26-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-7.3.13-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-bcmath-7.3.13-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-cli-7.3.13-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-common-7.3.13-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-dba-7.3.13-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-dbg-7.3.13-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-debuginfo-7.3.13-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-devel-7.3.13-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-embedded-7.3.13-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-enchant-7.3.13-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-fpm-7.3.13-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-gd-7.3.13-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-gmp-7.3.13-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-imap-7.3.13-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-intl-7.3.13-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-json-7.3.13-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-ldap-7.3.13-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-mbstring-7.3.13-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-mysqlnd-7.3.13-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-odbc-7.3.13-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-opcache-7.3.13-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-pdo-7.3.13-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-pdo-dblib-7.3.13-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-pgsql-7.3.13-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-process-7.3.13-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-pspell-7.3.13-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-recode-7.3.13-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-snmp-7.3.13-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-soap-7.3.13-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-tidy-7.3.13-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-xml-7.3.13-1.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php73-xmlrpc-7.3.13-1.22.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php72 / php72-bcmath / php72-cli / php72-common / php72-dba / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:17:13", "description": "Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c. (CVE-2019-16163)\n\nOniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.(CVE-2019-19246)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-01-09T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : oniguruma (ALAS-2020-1380)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16163", "CVE-2019-19012", "CVE-2019-19204", "CVE-2019-19246"], "modified": "2020-01-13T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:oniguruma", "p-cpe:/a:amazon:linux:oniguruma-debuginfo", "p-cpe:/a:amazon:linux:oniguruma-devel", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2020-1380.NASL", "href": "https://www.tenable.com/plugins/nessus/132735", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1380.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132735);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/13\");\n\n script_cve_id(\"CVE-2019-16163\", \"CVE-2019-19012\", \"CVE-2019-19204\", \"CVE-2019-19246\");\n script_xref(name:\"ALAS\", value:\"2020-1380\");\n\n script_name(english:\"Amazon Linux 2 : oniguruma (ALAS-2020-1380)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of\nrecursion in regparse.c. (CVE-2019-16163)\n\nOniguruma through 6.9.3, as used in PHP 7.3.x and other products, has\na heap-based buffer over-read in str_lower_case_match in\nregexec.c.(CVE-2019-19246)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2020-1380.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update oniguruma' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:oniguruma\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:oniguruma-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:oniguruma-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", reference:\"oniguruma-5.9.6-1.amzn2.0.3\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"oniguruma-debuginfo-5.9.6-1.amzn2.0.3\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"oniguruma-devel-5.9.6-1.amzn2.0.3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"oniguruma / oniguruma-debuginfo / oniguruma-devel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-11T14:54:06", "description": "According to the versions of the oniguruma package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.(CVE-2019-16163)\n\n - An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string.\n This leads to a heap-based buffer over-read.(CVE-2019-19203)\n\n - An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND.\n This leads to a heap-based buffer over-read.(CVE-2019-19204)\n\n - Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.(CVE-2019-19246)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-01-02T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : oniguruma (EulerOS-SA-2020-1019)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16163", "CVE-2019-19203", "CVE-2019-19204", "CVE-2019-19246"], "modified": "2021-01-29T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:oniguruma", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1019.NASL", "href": "https://www.tenable.com/plugins/nessus/132612", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132612);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/29\");\n\n script_cve_id(\n \"CVE-2019-16163\",\n \"CVE-2019-19203\",\n \"CVE-2019-19204\",\n \"CVE-2019-19246\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : oniguruma (EulerOS-SA-2020-1019)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the oniguruma package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Oniguruma before 6.9.3 allows Stack Exhaustion in\n regcomp.c because of recursion in\n regparse.c.(CVE-2019-16163)\n\n - An issue was discovered in Oniguruma 6.x before\n 6.9.4_rc2. In the function gb18030_mbc_enc_len in file\n gb18030.c, a UChar pointer is dereferenced without\n checking if it passed the end of the matched string.\n This leads to a heap-based buffer\n over-read.(CVE-2019-19203)\n\n - An issue was discovered in Oniguruma 6.x before\n 6.9.4_rc2. In the function fetch_interval_quantifier\n (formerly known as fetch_range_quantifier) in\n regparse.c, PFETCH is called without checking PEND.\n This leads to a heap-based buffer\n over-read.(CVE-2019-19204)\n\n - Oniguruma through 6.9.3, as used in PHP 7.3.x and other\n products, has a heap-based buffer over-read in\n str_lower_case_match in regexec.c.(CVE-2019-19246)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1019\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?02bb355c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected oniguruma packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19246\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:oniguruma\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"oniguruma-6.9.0-2.h4.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"oniguruma\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-12T16:31:34", "description": "According to the versions of the php packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. Security Fix(es):A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the 'chunked' value were not being correctly rejected. The impact was limited but if combined with the 'http-reuse always' setting, it could be used to help construct an HTTP request smuggling attack against a vulnerable component employing a lenient parser that would ignore the content-length header as soon as it saw a transfer-encoding one (even if not entirely valid according to the specification).(CVE-2017-16642)In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.(CVE-2017-11145)ext/standard/var_unseria lizer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.(CVE-2016-10397)Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP through 5.5.20 and 5.6.x through 5.6.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.(CVE-2016-7412)Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.(CVE-2019-19246)When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.(CVE-2019-11047)main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread safety, which allows remote attackers to cause a denial of service (race condition and heap memory corruption) by leveraging an application that performs many temporary-file accesses.(CVE-2017-7272)When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.(CVE-2019-11050)An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.(CVE-2019-19204)main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen('127.0.0.1:80', 443) as if the address/port were 127.0.0.1:80:443, which is later truncated to 127.0.0.1:80. This behavior has a security risk if the explicitly provided port number (i.e., 443 in this example) is hardcoded into an application as a security policy, but the hostname argument (i.e., 127.0.0.1:80 in this example) is obtained from untrusted input.(CVE-2017-7189)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-05-01T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : php (EulerOS-SA-2020-1542)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10397", "CVE-2016-7412", "CVE-2017-11145", "CVE-2017-16642", "CVE-2017-7189", "CVE-2017-7272", "CVE-2019-11047", "CVE-2019-11050", "CVE-2019-19204", "CVE-2019-19246"], "modified": "2021-07-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:php", "p-cpe:/a:huawei:euleros:php-cli", "p-cpe:/a:huawei:euleros:php-common", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2020-1542.NASL", "href": "https://www.tenable.com/plugins/nessus/136245", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136245);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/06\");\n\n script_cve_id(\n \"CVE-2016-10397\",\n \"CVE-2016-7412\",\n \"CVE-2017-11145\",\n \"CVE-2017-16642\",\n \"CVE-2017-7189\",\n \"CVE-2017-7272\",\n \"CVE-2019-11047\",\n \"CVE-2019-11050\",\n \"CVE-2019-19204\",\n \"CVE-2019-19246\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : php (EulerOS-SA-2020-1542)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the php packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerabilities :\n\n - PHP is an HTML-embedded scripting language. PHP\n attempts to make it easy for developers to write\n dynamically generated web pages. PHP also offers\n built-in database integration for several commercial\n and non-commercial database management systems, so\n writing a database-enabled webpage with PHP is fairly\n simple. The most common use of PHP coding is probably\n as a replacement for CGI scripts. The php package\n contains the module (often referred to as mod_php)\n which adds support for the PHP language to Apache HTTP\n Server. Security Fix(es):A flaw was found in HAProxy\n before 2.0.6. In legacy mode, messages featuring a\n transfer-encoding header missing the 'chunked' value\n were not being correctly rejected. The impact was\n limited but if combined with the 'http-reuse always'\n setting, it could be used to help construct an HTTP\n request smuggling attack against a vulnerable component\n employing a lenient parser that would ignore the\n content-length header as soon as it saw a\n transfer-encoding one (even if not entirely valid\n according to the specification).(CVE-2017-16642)In PHP\n before 5.6.32, 7.x before 7.0.25, and 7.1.x before\n 7.1.11, an error in the date extension's\n timelib_meridian handling of 'front of' and 'back of'\n directives could be used by attackers able to supply\n date strings to leak information from the interpreter,\n related to ext/date/lib/parse_date.c out-of-bounds\n reads affecting the php_parse_date function. NOTE: this\n is a different issue than\n CVE-2017-11145.(CVE-2017-11145)ext/standard/var_unseria\n lizer.re in PHP before 5.6.26 mishandles\n object-deserialization failures, which allows remote\n attackers to cause a denial of service (memory\n corruption) or possibly have unspecified other impact\n via an unserialize call that references a partially\n constructed object.(CVE-2016-10397)Double free\n vulnerability in the zend_ts_hash_graceful_destroy\n function in zend_ts_hash.c in the Zend Engine in PHP\n through 5.5.20 and 5.6.x through 5.6.4 allows remote\n attackers to cause a denial of service or possibly have\n unspecified other impact via unknown\n vectors.(CVE-2016-7412)Oniguruma through 6.9.3, as used\n in PHP 7.3.x and other products, has a heap-based\n buffer over-read in str_lower_case_match in\n regexec.c.(CVE-2019-19246)When PHP EXIF extension is\n parsing EXIF information from an image, e.g. via\n exif_read_data() function, in PHP versions 7.2.x below\n 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to\n supply it with data what will cause it to read past the\n allocated buffer. This may lead to information\n disclosure or\n crash.(CVE-2019-11047)main/php_open_temporary_file.c in\n PHP before 5.5.28 and 5.6.x before 5.6.12 does not\n ensure thread safety, which allows remote attackers to\n cause a denial of service (race condition and heap\n memory corruption) by leveraging an application that\n performs many temporary-file\n accesses.(CVE-2017-7272)When PHP EXIF extension is\n parsing EXIF information from an image, e.g. via\n exif_read_data() function, in PHP versions 7.2.x below\n 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to\n supply it with data what will cause it to read past the\n allocated buffer. This may lead to information\n disclosure or crash.(CVE-2019-11050)An issue was\n discovered in Oniguruma 6.x before 6.9.4_rc2. In the\n function fetch_interval_quantifier (formerly known as\n fetch_range_quantifier) in regparse.c, PFETCH is called\n without checking PEND. This leads to a heap-based\n buffer\n over-read.(CVE-2019-19204)main/streams/xp_socket.c in\n PHP 7.x before 2017-03-07 misparses fsockopen calls,\n such as by interpreting fsockopen('127.0.0.1:80', 443)\n as if the address/port were 127.0.0.1:80:443, which is\n later truncated to 127.0.0.1:80. This behavior has a\n security risk if the explicitly provided port number\n (i.e., 443 in this example) is hardcoded into an\n application as a security policy, but the hostname\n argument (i.e., 127.0.0.1:80 in this example) is\n obtained from untrusted input.(CVE-2017-7189)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1542\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?97a5d21b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"php-5.4.16-45.h29\",\n \"php-cli-5.4.16-45.h29\",\n \"php-common-5.4.16-45.h29\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-12T16:27:07", "description": "Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-02-18T00:00:00", "type": "nessus", "title": "Debian DSA-4626-1 : php7.3 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11045", "CVE-2019-11046", "CVE-2019-11047", "CVE-2019-11049", "CVE-2019-11050", "CVE-2020-7059", "CVE-2020-7060"], "modified": "2020-02-20T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:php7.3", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4626.NASL", "href": "https://www.tenable.com/plugins/nessus/133733", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4626. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133733);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/20\");\n\n script_cve_id(\"CVE-2019-11045\", \"CVE-2019-11046\", \"CVE-2019-11047\", \"CVE-2019-11049\", \"CVE-2019-11050\", \"CVE-2020-7059\", \"CVE-2020-7060\");\n script_xref(name:\"DSA\", value:\"4626\");\n\n script_name(english:\"Debian DSA-4626-1 : php7.3 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues were found in PHP, a widely-used open source\ngeneral purpose scripting language which could result in information\ndisclosure, denial of service or incorrect validation of path names.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/php7.3\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/php7.3\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2020/dsa-4626\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the php7.3 packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 7.3.14-1~deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"libapache2-mod-php7.3\", reference:\"7.3.14-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libphp7.3-embed\", reference:\"7.3.14-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3\", reference:\"7.3.14-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-bcmath\", reference:\"7.3.14-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-bz2\", reference:\"7.3.14-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-cgi\", reference:\"7.3.14-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-cli\", reference:\"7.3.14-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-common\", reference:\"7.3.14-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-curl\", reference:\"7.3.14-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-dba\", reference:\"7.3.14-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-dev\", reference:\"7.3.14-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-enchant\", reference:\"7.3.14-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-fpm\", reference:\"7.3.14-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-gd\", reference:\"7.3.14-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-gmp\", reference:\"7.3.14-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-imap\", reference:\"7.3.14-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-interbase\", reference:\"7.3.14-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-intl\", reference:\"7.3.14-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-json\", reference:\"7.3.14-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-ldap\", reference:\"7.3.14-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-mbstring\", reference:\"7.3.14-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-mysql\", reference:\"7.3.14-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-odbc\", reference:\"7.3.14-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-opcache\", reference:\"7.3.14-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-pgsql\", reference:\"7.3.14-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-phpdbg\", reference:\"7.3.14-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-pspell\", reference:\"7.3.14-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-readline\", reference:\"7.3.14-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-recode\", reference:\"7.3.14-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-snmp\", reference:\"7.3.14-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-soap\", reference:\"7.3.14-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-sqlite3\", reference:\"7.3.14-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-sybase\", reference:\"7.3.14-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-tidy\", reference:\"7.3.14-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-xml\", reference:\"7.3.14-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-xmlrpc\", reference:\"7.3.14-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-xsl\", reference:\"7.3.14-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"php7.3-zip\", reference:\"7.3.14-1~deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:54:29", "description": "An update of the oniguruma package has been released.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-01-16T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Oniguruma PHSA-2019-2.0-0196", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13225", "CVE-2019-16163", "CVE-2019-19012", "CVE-2019-19203", "CVE-2019-19204", "CVE-2019-19246"], "modified": "2020-01-18T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:oniguruma", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2019-2_0-0196_ONIGURUMA.NASL", "href": "https://www.tenable.com/plugins/nessus/132975", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-2.0-0196. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132975);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/18\");\n\n script_cve_id(\n \"CVE-2019-13225\",\n \"CVE-2019-16163\",\n \"CVE-2019-19012\",\n \"CVE-2019-19203\",\n \"CVE-2019-19204\",\n \"CVE-2019-19246\"\n );\n\n script_name(english:\"Photon OS 2.0: Oniguruma PHSA-2019-2.0-0196\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the oniguruma package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-196.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19204\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:oniguruma\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_exists(rpm:\"oniguruma-6.9\", release:\"PhotonOS-2.0\") && rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"oniguruma-6.9.3-1.ph2\")) flag++;\nif (rpm_exists(rpm:\"oniguruma-6.9\", release:\"PhotonOS-2.0\") && rpm_check(release:\"PhotonOS-2.0\", cpu:\"src\", reference:\"oniguruma-6.9.3-1.ph2.src\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"oniguruma-debuginfo-6.9.3-1.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"oniguruma\");\n}\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-12T16:27:09", "description": "According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.(CVE-2016-7412)\n\n - ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.(CVE-2016-7411)\n\n - In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:80#@good.example.com/ and evil.example.com:80?@good.example.com/ inputs to the parse_url function (implemented in the php_url_parse_ex function in ext/standard/url.c).(CVE-2016-10397)\n\n - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: the correct fix is in the e8b7698f5ee757ce2c8bd10a192a491a498f891c commit, not the bd77ac90d3bdf31ce2a5251ad92e9e75 gist.(CVE-2017-11145)\n\n - In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.(CVE-2017-16642)\n\n - In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \\0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.(CVE-2019-11045)\n\n - Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.(CVE-2019-19246)\n\n - PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function.(CVE-2017-7272)\n\n - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.(CVE-2019-11047)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-02-24T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : php (EulerOS-SA-2020-1124)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10397", "CVE-2016-7411", "CVE-2016-7412", "CVE-2017-11145", "CVE-2017-16642", "CVE-2017-7272", "CVE-2019-11045", "CVE-2019-11047", "CVE-2019-19246"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:php", "p-cpe:/a:huawei:euleros:php-cli", "p-cpe:/a:huawei:euleros:php-common", "p-cpe:/a:huawei:euleros:php-gd", "p-cpe:/a:huawei:euleros:php-ldap", "p-cpe:/a:huawei:euleros:php-mysql", "p-cpe:/a:huawei:euleros:php-odbc", "p-cpe:/a:huawei:euleros:php-pdo", "p-cpe:/a:huawei:euleros:php-pgsql", "p-cpe:/a:huawei:euleros:php-process", "p-cpe:/a:huawei:euleros:php-recode", "p-cpe:/a:huawei:euleros:php-soap", "p-cpe:/a:huawei:euleros:php-xml", "p-cpe:/a:huawei:euleros:php-xmlrpc", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1124.NASL", "href": "https://www.tenable.com/plugins/nessus/133925", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133925);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-10397\",\n \"CVE-2016-7411\",\n \"CVE-2016-7412\",\n \"CVE-2017-11145\",\n \"CVE-2017-16642\",\n \"CVE-2017-7272\",\n \"CVE-2019-11045\",\n \"CVE-2019-11047\",\n \"CVE-2019-19246\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : php (EulerOS-SA-2020-1124)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the php packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26\n and 7.x before 7.0.11 does not verify that a BIT field\n has the UNSIGNED_FLAG flag, which allows remote MySQL\n servers to cause a denial of service (heap-based buffer\n overflow) or possibly have unspecified other impact via\n crafted field metadata.(CVE-2016-7412)\n\n - ext/standard/var_unserializer.re in PHP before 5.6.26\n mishandles object-deserialization failures, which\n allows remote attackers to cause a denial of service\n (memory corruption) or possibly have unspecified other\n impact via an unserialize call that references a\n partially constructed object.(CVE-2016-7411)\n\n - In PHP before 5.6.28 and 7.x before 7.0.13, incorrect\n handling of various URI components in the URL parser\n could be used by attackers to bypass hostname-specific\n URL checks, as demonstrated by\n evil.example.com:80#@good.example.com/ and\n evil.example.com:80?@good.example.com/ inputs to the\n parse_url function (implemented in the php_url_parse_ex\n function in ext/standard/url.c).(CVE-2016-10397)\n\n - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x\n before 7.1.7, an error in the date extension's\n timelib_meridian parsing code could be used by\n attackers able to supply date strings to leak\n information from the interpreter, related to\n ext/date/lib/parse_date.c out-of-bounds reads affecting\n the php_parse_date function. NOTE: the correct fix is\n in the e8b7698f5ee757ce2c8bd10a192a491a498f891c commit,\n not the bd77ac90d3bdf31ce2a5251ad92e9e75\n gist.(CVE-2017-11145)\n\n - In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x\n before 7.1.11, an error in the date extension's\n timelib_meridian handling of 'front of' and 'back of'\n directives could be used by attackers able to supply\n date strings to leak information from the interpreter,\n related to ext/date/lib/parse_date.c out-of-bounds\n reads affecting the php_parse_date function. NOTE: this\n is a different issue than\n CVE-2017-11145.(CVE-2017-16642)\n\n - In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13\n and 7.4.0, PHP DirectoryIterator class accepts\n filenames with embedded \\0 byte and treats them as\n terminating at that byte. This could lead to security\n vulnerabilities, e.g. in applications checking paths\n that the code is allowed to access.(CVE-2019-11045)\n\n - Oniguruma through 6.9.3, as used in PHP 7.3.x and other\n products, has a heap-based buffer over-read in\n str_lower_case_match in regexec.c.(CVE-2019-19246)\n\n - PHP through 7.1.11 enables potential SSRF in\n applications that accept an fsockopen or pfsockopen\n hostname argument with an expectation that the port\n number is constrained. Because a :port syntax is\n recognized, fsockopen will use the port number that is\n specified in the hostname argument, instead of the port\n number in the second argument of the\n function.(CVE-2017-7272)\n\n - When PHP EXIF extension is parsing EXIF information\n from an image, e.g. via exif_read_data() function, in\n PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and\n 7.4.0 it is possible to supply it with data what will\n cause it to read past the allocated buffer. This may\n lead to information disclosure or\n crash.(CVE-2019-11047)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1124\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f56d33ce\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"php-5.4.16-45.h27.eulerosv2r7\",\n \"php-cli-5.4.16-45.h27.eulerosv2r7\",\n \"php-common-5.4.16-45.h27.eulerosv2r7\",\n \"php-gd-5.4.16-45.h27.eulerosv2r7\",\n \"php-ldap-5.4.16-45.h27.eulerosv2r7\",\n \"php-mysql-5.4.16-45.h27.eulerosv2r7\",\n \"php-odbc-5.4.16-45.h27.eulerosv2r7\",\n \"php-pdo-5.4.16-45.h27.eulerosv2r7\",\n \"php-pgsql-5.4.16-45.h27.eulerosv2r7\",\n \"php-process-5.4.16-45.h27.eulerosv2r7\",\n \"php-recode-5.4.16-45.h27.eulerosv2r7\",\n \"php-soap-5.4.16-45.h27.eulerosv2r7\",\n \"php-xml-5.4.16-45.h27.eulerosv2r7\",\n \"php-xmlrpc-5.4.16-45.h27.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-29T16:30:33", "description": "This update for php5 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-11041: Fixed heap buffer over-read in exif_scan_thumbnail() (bsc#1146360).\n\nCVE-2019-11042: Fixed heap buffer over-read in exif_process_user_comment() (bsc#1145095).\n\nCVE-2019-11043: Fixed possible remote code execution via env_path_info underflow in fpm_main.c (bsc#1154999).\n\nCVE-2019-11045: Fixed an issue with the PHP DirectoryIterator class that accepts filenames with embedded \\0 bytes (bsc#1159923).\n\nCVE-2019-11046: Fixed an out-of-bounds read in bc_shift_addsub (bsc#1159924).\n\nCVE-2019-11047: Fixed an information disclosure in exif_read_data (bsc#1159922).\n\nCVE-2019-11050: Fixed a buffer over-read in the EXIF extension (bsc#1159927).\n\nCVE-2020-7059: Fixed an out-of-bounds read in php_strip_tags_ex (bsc#1162629).\n\nCVE-2020-7060: Fixed a global buffer-overflow in mbfl_filt_conv_big5_wchar (bsc#1162632).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-03-02T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : php5 (SUSE-SU-2020:0522-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11041", "CVE-2019-11042", "CVE-2019-11043", "CVE-2019-11045", "CVE-2019-11046", "CVE-2019-11047", "CVE-2019-11050", "CVE-2020-7059", "CVE-2020-7060"], "modified": "2022-03-28T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2-mod_php5", "p-cpe:/a:novell:suse_linux:apache2-mod_php5-debuginfo", "p-cpe:/a:novell:suse_linux:php5", "p-cpe:/a:novell:suse_linux:php5-bcmath", "p-cpe:/a:novell:suse_linux:php5-bcmath-debuginfo", "p-cpe:/a:novell:suse_linux:php5-bz2", "p-cpe:/a:novell:suse_linux:php5-bz2-debuginfo", "p-cpe:/a:novell:suse_linux:php5-calendar", "p-cpe:/a:novell:suse_linux:php5-calendar-debuginfo", "p-cpe:/a:novell:suse_linux:php5-ctype", "p-cpe:/a:novell:suse_linux:php5-ctype-debuginfo", "p-cpe:/a:novell:suse_linux:php5-curl", "p-cpe:/a:novell:suse_linux:php5-curl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-dba", "p-cpe:/a:novell:suse_linux:php5-dba-debuginfo", "p-cpe:/a:novell:suse_linux:php5-debuginfo", "p-cpe:/a:novell:suse_linux:php5-debugsource", "p-cpe:/a:novell:suse_linux:php5-dom", "p-cpe:/a:novell:suse_linux:php5-dom-debuginfo", "p-cpe:/a:novell:suse_linux:php5-enchant", "p-cpe:/a:novell:suse_linux:php5-enchant-debuginfo", "p-cpe:/a:novell:suse_linux:php5-exif", "p-cpe:/a:novell:suse_linux:php5-exif-debuginfo", "p-cpe:/a:novell:suse_linux:php5-fastcgi", "p-cpe:/a:novell:suse_linux:php5-fastcgi-debuginfo", "p-cpe:/a:novell:suse_linux:php5-fileinfo", "p-cpe:/a:novell:suse_linux:php5-fileinfo-debuginfo", "p-cpe:/a:novell:suse_linux:php5-fpm", "p-cpe:/a:novell:suse_linux:php5-fpm-debuginfo", "p-cpe:/a:novell:suse_linux:php5-ftp", "p-cpe:/a:novell:suse_linux:php5-ftp-debuginfo", "p-cpe:/a:novell:suse_linux:php5-gd", "p-cpe:/a:novell:suse_linux:php5-gd-debuginfo", "p-cpe:/a:novell:suse_linux:php5-gettext", "p-cpe:/a:novell:suse_linux:php5-gettext-debuginfo", "p-cpe:/a:novell:suse_linux:php5-gmp", "p-cpe:/a:novell:suse_linux:php5-gmp-debuginfo", "p-cpe:/a:novell:suse_linux:php5-iconv", "p-cpe:/a:novell:suse_linux:php5-iconv-debuginfo", "p-cpe:/a:novell:suse_linux:php5-imap", "p-cpe:/a:novell:suse_linux:php5-imap-debuginfo", "p-cpe:/a:novell:suse_linux:php5-intl", "p-cpe:/a:novell:suse_linux:php5-intl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-json", "p-cpe:/a:novell:suse_linux:php5-json-debuginfo", "p-cpe:/a:novell:suse_linux:php5-ldap", "p-cpe:/a:novell:suse_linux:php5-ldap-debuginfo", "p-cpe:/a:novell:suse_linux:php5-mbstring", "p-cpe:/a:novell:suse_linux:php5-mbstring-debuginfo", "p-cpe:/a:novell:suse_linux:php5-mcrypt", "p-cpe:/a:novell:suse_linux:php5-mcrypt-debuginfo", "p-cpe:/a:novell:suse_linux:php5-mysql", "p-cpe:/a:novell:suse_linux:php5-mysql-debuginfo", "p-cpe:/a:novell:suse_linux:php5-odbc", "p-cpe:/a:novell:suse_linux:php5-odbc-debuginfo", "p-cpe:/a:novell:suse_linux:php5-opcache", "p-cpe:/a:novell:suse_linux:php5-opcache-debuginfo", "p-cpe:/a:novell:suse_linux:php5-openssl", "p-cpe:/a:novell:suse_linux:php5-openssl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-pcntl", "p-cpe:/a:novell:suse_linux:php5-pcntl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-pdo", "p-cpe:/a:novell:suse_linux:php5-pdo-debuginfo", "p-cpe:/a:novell:suse_linux:php5-pgsql", "p-cpe:/a:novell:suse_linux:php5-pgsql-debuginfo", "p-cpe:/a:novell:suse_linux:php5-phar", "p-cpe:/a:novell:suse_linux:php5-phar-debuginfo", "p-cpe:/a:novell:suse_linux:php5-posix", "p-cpe:/a:novell:suse_linux:php5-posix-debuginfo", "p-cpe:/a:novell:suse_linux:php5-pspell", "p-cpe:/a:novell:suse_linux:php5-pspell-debuginfo", "p-cpe:/a:novell:suse_linux:php5-shmop", "p-cpe:/a:novell:suse_linux:php5-shmop-debuginfo", "p-cpe:/a:novell:suse_linux:php5-snmp", "p-cpe:/a:novell:suse_linux:php5-snmp-debuginfo", "p-cpe:/a:novell:suse_linux:php5-soap", "p-cpe:/a:novell:suse_linux:php5-soap-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sockets", "p-cpe:/a:novell:suse_linux:php5-sockets-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sqlite", "p-cpe:/a:novell:suse_linux:php5-sqlite-debuginfo", "p-cpe:/a:novell:suse_linux:php5-suhosin", "p-cpe:/a:novell:suse_linux:php5-suhosin-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sysvmsg", "p-cpe:/a:novell:suse_linux:php5-sysvmsg-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sysvsem", "p-cpe:/a:novell:suse_linux:php5-sysvsem-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sysvshm", "p-cpe:/a:novell:suse_linux:php5-sysvshm-debuginfo", "p-cpe:/a:novell:suse_linux:php5-tokenizer", "p-cpe:/a:novell:suse_linux:php5-tokenizer-debuginfo", "p-cpe:/a:novell:suse_linux:php5-wddx", "p-cpe:/a:novell:suse_linux:php5-wddx-debuginfo", "p-cpe:/a:novell:suse_linux:php5-xmlreader", "p-cpe:/a:novell:suse_linux:php5-xmlreader-debuginfo", "p-cpe:/a:novell:suse_linux:php5-xmlrpc", "p-cpe:/a:novell:suse_linux:php5-xmlrpc-debuginfo", "p-cpe:/a:novell:suse_linux:php5-xmlwriter", "p-cpe:/a:novell:suse_linux:php5-xmlwriter-debuginfo", "p-cpe:/a:novell:suse_linux:php5-xsl", "p-cpe:/a:novell:suse_linux:php5-xsl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-zip", "p-cpe:/a:novell:suse_linux:php5-zip-debuginfo", "p-cpe:/a:novell:suse_linux:php5-zlib", "p-cpe:/a:novell:suse_linux:php5-zlib-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-0522-1.NASL", "href": "https://www.tenable.com/plugins/nessus/134199", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:0522-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134199);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/28\");\n\n script_cve_id(\n \"CVE-2019-11041\",\n \"CVE-2019-11042\",\n \"CVE-2019-11043\",\n \"CVE-2019-11045\",\n \"CVE-2019-11046\",\n \"CVE-2019-11047\",\n \"CVE-2019-11050\",\n \"CVE-2020-7059\",\n \"CVE-2020-7060\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n\n script_name(english:\"SUSE SLES12 Security Update : php5 (SUSE-SU-2020:0522-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for php5 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-11041: Fixed heap buffer over-read in exif_scan_thumbnail()\n(bsc#1146360).\n\nCVE-2019-11042: Fixed heap buffer over-read in\nexif_process_user_comment() (bsc#1145095).\n\nCVE-2019-11043: Fixed possible remote code execution via env_path_info\nunderflow in fpm_main.c (bsc#1154999).\n\nCVE-2019-11045: Fixed an issue with the PHP DirectoryIterator class\nthat accepts filenames with embedded \\0 bytes (bsc#1159923).\n\nCVE-2019-11046: Fixed an out-of-bounds read in bc_shift_addsub\n(bsc#1159924).\n\nCVE-2019-11047: Fixed an information disclosure in exif_read_data\n(bsc#1159922).\n\nCVE-2019-11050: Fixed a buffer over-read in the EXIF extension\n(bsc#1159927).\n\nCVE-2020-7059: Fixed an out-of-bounds read in php_strip_tags_ex\n(bsc#1162629).\n\nCVE-2020-7060: Fixed a global buffer-overflow in\nmbfl_filt_conv_big5_wchar (bsc#1162632).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1145095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146360\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159922\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159923\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159924\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159927\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161982\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1162629\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1162632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11041/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11042/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11043/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11045/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11046/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11047/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11050/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-7059/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-7060/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20200522-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7e9a53cf\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2020-522=1\n\nSUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch\nSUSE-SLE-Module-Web-Scripting-12-2020-522=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11043\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'PHP-FPM Underflow RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-imap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-opcache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-suhosin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-mod_php5-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-mod_php5-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bcmath-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bcmath-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bz2-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bz2-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-calendar-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-calendar-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ctype-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ctype-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-curl-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-curl-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dba-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dba-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-debugsource-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dom-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dom-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-enchant-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-enchant-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-exif-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-exif-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fastcgi-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fastcgi-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fileinfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fileinfo-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fpm-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fpm-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ftp-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ftp-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gd-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gd-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gettext-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gettext-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gmp-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gmp-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-iconv-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-iconv-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-imap-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-imap-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-intl-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-intl-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-json-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-json-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ldap-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ldap-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mbstring-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mbstring-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mcrypt-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mcrypt-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mysql-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mysql-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-odbc-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-odbc-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-opcache-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-opcache-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-openssl-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-openssl-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pcntl-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pcntl-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pdo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pdo-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pgsql-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pgsql-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-phar-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-phar-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-posix-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-posix-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pspell-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pspell-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-shmop-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-shmop-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-snmp-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-snmp-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-soap-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-soap-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sockets-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sockets-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sqlite-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sqlite-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-suhosin-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-suhosin-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvmsg-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvmsg-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvsem-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvsem-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvshm-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvshm-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-tokenizer-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-tokenizer-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-wddx-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-wddx-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlreader-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlreader-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlrpc-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlrpc-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlwriter-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlwriter-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xsl-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xsl-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zip-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zip-debuginfo-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zlib-5.5.14-109.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zlib-debuginfo-5.5.14-109.68.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php5\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:18:22", "description": "Several vulnerabilities were discovered in the Oniguruma regular expressions library, notably used in PHP mbstring.\n\nCVE-2019-19012\n\nAn integer overflow in the search_in_range function in regexec.c leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial of service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression.\n\nCVE-2019-19204\n\nIn the function fetch_range_quantifier in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read and lead to denial of service via a crafted regular expression.\n\nCVE-2019-19246\n\nHeap-based buffer over-read in str_lower_case_match in regexec.c can lead to denial of service via a crafted regular expression.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 5.9.5-3.2+deb8u4.\n\nWe recommend that you upgrade your libonig packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-12-05T00:00:00", "type": "nessus", "title": "Debian DLA-2020-1 : libonig security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19012", "CVE-2019-19204", "CVE-2019-19246"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libonig-dev", "p-cpe:/a:debian:debian_linux:libonig2", "p-cpe:/a:debian:debian_linux:libonig2-dbg", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-2020.NASL", "href": "https://www.tenable.com/plugins/nessus/131705", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2020-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131705);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2019-19012\", \"CVE-2019-19204\", \"CVE-2019-19246\");\n\n script_name(english:\"Debian DLA-2020-1 : libonig security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in the Oniguruma regular\nexpressions library, notably used in PHP mbstring.\n\nCVE-2019-19012\n\nAn integer overflow in the search_in_range function in regexec.c leads\nto an out-of-bounds read, in which the offset of this read is under\nthe control of an attacker. (This only affects the 32-bit compiled\nversion). Remote attackers can cause a denial of service or\ninformation disclosure, or possibly have unspecified other impact, via\na crafted regular expression.\n\nCVE-2019-19204\n\nIn the function fetch_range_quantifier in regparse.c, PFETCH is called\nwithout checking PEND. This leads to a heap-based buffer over-read and\nlead to denial of service via a crafted regular expression.\n\nCVE-2019-19246\n\nHeap-based buffer over-read in str_lower_case_match in regexec.c can\nlead to denial of service via a crafted regular expression.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n5.9.5-3.2+deb8u4.\n\nWe recommend that you upgrade your libonig packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/12/msg00002.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/libonig\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected libonig-dev, libonig2, and libonig2-dbg packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libonig-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libonig2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libonig2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libonig-dev\", reference:\"5.9.5-3.2+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libonig2\", reference:\"5.9.5-3.2+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libonig2-dbg\", reference:\"5.9.5-3.2+deb8u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-16T00:19:15", "description": "An update of the oniguruma package has been released.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-01-18T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Oniguruma PHSA-2020-3.0-0047", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19012", "CVE-2019-19203", "CVE-2019-19204", "CVE-2019-19246"], "modified": "2020-01-20T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:oniguruma", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2020-3_0-0047_ONIGURUMA.NASL", "href": "https://www.tenable.com/plugins/nessus/133067", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-3.0-0047. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133067);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/20\");\n\n script_cve_id(\n \"CVE-2019-19012\",\n \"CVE-2019-19203\",\n \"CVE-2019-19204\",\n \"CVE-2019-19246\"\n );\n\n script_name(english:\"Photon OS 3.0: Oniguruma PHSA-2020-3.0-0047\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the oniguruma package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-47.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19204\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:oniguruma\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 3.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_exists(rpm:\"oniguruma-6.9\", release:\"PhotonOS-3.0\") && rpm_check(release:\"PhotonOS-3.0\", cpu:\"aarch64\", reference:\"oniguruma-6.9.3-2.ph3\")) flag++;\nif (rpm_exists(rpm:\"oniguruma-6.9\", release:\"PhotonOS-3.0\") && rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"oniguruma-6.9.3-2.ph3\")) flag++;\nif (rpm_exists(rpm:\"oniguruma-6.9\", release:\"PhotonOS-3.0\") && rpm_check(release:\"PhotonOS-3.0\", cpu:\"src\", reference:\"oniguruma-6.9.3-2.ph3.src\")) flag++;\nif (rpm_exists(rpm:\"oniguruma-debuginfo-6.9\", release:\"PhotonOS-3.0\") && rpm_check(release:\"PhotonOS-3.0\", cpu:\"aarch64\", reference:\"oniguruma-debuginfo-6.9.3-2.ph3\")) flag++;\nif (rpm_exists(rpm:\"oniguruma-debuginfo-6.9\", release:\"PhotonOS-3.0\") && rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"oniguruma-debuginfo-6.9.3-2.ph3\")) flag++;\nif (rpm_exists(rpm:\"oniguruma-devel-6.9\", release:\"PhotonOS-3.0\") && rpm_check(release:\"PhotonOS-3.0\", cpu:\"aarch64\", reference:\"oniguruma-devel-6.9.3-2.ph3\")) flag++;\nif (rpm_exists(rpm:\"oniguruma-devel-6.9\", release:\"PhotonOS-3.0\") && rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"oniguruma-devel-6.9.3-2.ph3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"oniguruma\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-16T12:37:43", "description": "6.9.4 final is released. This new version addresses CVE-2019-19246 (this one is already fixed in previous rpm), CVE-2019-19204 CVE-2019-19203 CVE-2019-19012.\n\n----\n\nUpdate to 6.9.4 rc3\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-12-04T00:00:00", "type": "nessus", "title": "Fedora 31 : oniguruma (2019-d942abd0d4)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19012", "CVE-2019-19203", "CVE-2019-19204", "CVE-2019-19246"], "modified": "2019-12-09T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:oniguruma", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2019-D942ABD0D4.NASL", "href": "https://www.tenable.com/plugins/nessus/131575", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-d942abd0d4.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131575);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/09\");\n\n script_cve_id(\"CVE-2019-19012\", \"CVE-2019-19203\", \"CVE-2019-19204\", \"CVE-2019-19246\");\n script_xref(name:\"FEDORA\", value:\"2019-d942abd0d4\");\n\n script_name(english:\"Fedora 31 : oniguruma (2019-d942abd0d4)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"6.9.4 final is released. This new version addresses CVE-2019-19246\n(this one is already fixed in previous rpm), CVE-2019-19204\nCVE-2019-19203 CVE-2019-19012.\n\n----\n\nUpdate to 6.9.4 rc3\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-d942abd0d4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected oniguruma package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:oniguruma\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"oniguruma-6.9.4-1.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"oniguruma\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-25T15:02:54", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:3662 advisory.\n\n - php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers() (CVE-2019-11039)\n\n - php: Buffer over-read in exif_read_data() (CVE-2019-11040)\n\n - php: Heap buffer over-read in exif_scan_thumbnail() (CVE-2019-11041)\n\n - php: Heap buffer over-read in exif_process_user_comment() (CVE-2019-11042)\n\n - php: DirectoryIterator class accepts filenames with embedded \\0 byte and treats them as terminating at that byte (CVE-2019-11045)\n\n - php: Information disclosure in exif_read_data() (CVE-2019-11047)\n\n - php: Integer wraparounds when receiving multipart forms (CVE-2019-11048)\n\n - php: Out of bounds read when parsing EXIF information (CVE-2019-11050)\n\n - oniguruma: Use-after-free in onig_new_deluxe() in regext.c (CVE-2019-13224)\n\n - oniguruma: NULL pointer dereference in match_at() in regexec.c (CVE-2019-13225)\n\n - oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c (CVE-2019-16163)\n\n - oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c (CVE-2019-19203)\n\n - oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c (CVE-2019-19204)\n\n - oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c (CVE-2019-19246)\n\n - pcre: Out of bounds read in JIT mode when \\X is used in non-UTF mode (CVE-2019-20454)\n\n - php: Out of bounds read in php_strip_tags_ex (CVE-2020-7059)\n\n - php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function (CVE-2020-7060)\n\n - php: NULL pointer dereference in PHP session upload progress (CVE-2020-7062)\n\n - php: Files added to tar with Phar::buildFromIterator have all-access permissions (CVE-2020-7063)\n\n - php: Information disclosure in exif_read_data() function (CVE-2020-7064)\n\n - php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution (CVE-2020-7065)\n\n - php: Information disclosure in function get_headers (CVE-2020-7066)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-02-01T00:00:00", "type": "nessus", "title": "CentOS 8 : php:7.3 (CESA-2020:3662)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11039", "CVE-2019-11040", "CVE-2019-11041", "CVE-2019-11042", "CVE-2019-11045", "CVE-2019-11047", "CVE-2019-11048", "CVE-2019-11050", "CVE-2019-13224", "CVE-2019-13225", "CVE-2019-16163", "CVE-2019-19203", "CVE-2019-19204", "CVE-2019-19246", "CVE-2019-20454", "CVE-2020-7059", "CVE-2020-7060", "CVE-2020-7062", "CVE-2020-7063", "CVE-2020-7064", "CVE-2020-7065", "CVE-2020-7066"], "modified": "2021-03-23T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:apcu-panel", "p-cpe:/a:centos:centos:libzip", "p-cpe:/a:centos:centos:libzip-devel", "p-cpe:/a:centos:centos:libzip-tools", "p-cpe:/a:centos:centos:php", "p-cpe:/a:centos:centos:php-bcmath", "p-cpe:/a:centos:centos:php-cli", "p-cpe:/a:centos:centos:php-common", "p-cpe:/a:centos:centos:php-dba", "p-cpe:/a:centos:centos:php-dbg", "p-cpe:/a:centos:centos:php-devel", "p-cpe:/a:centos:centos:php-embedded", "p-cpe:/a:centos:centos:php-enchant", "p-cpe:/a:centos:centos:php-fpm", "p-cpe:/a:centos:centos:php-gd", "p-cpe:/a:centos:centos:php-gmp", "p-cpe:/a:centos:centos:php-intl", "p-cpe:/a:centos:centos:php-json", "p-cpe:/a:centos:centos:php-ldap", "p-cpe:/a:centos:centos:php-mbstring", "p-cpe:/a:centos:centos:php-mysqlnd", "p-cpe:/a:centos:centos:php-odbc", "p-cpe:/a:centos:centos:php-opcache", "p-cpe:/a:centos:centos:php-pdo", "p-cpe:/a:centos:centos:php-pear", "p-cpe:/a:centos:centos:php-pecl-apcu", "p-cpe:/a:centos:centos:php-pecl-apcu-devel", "p-cpe:/a:centos:centos:php-pecl-rrd", "p-cpe:/a:centos:centos:php-pecl-xdebug", "p-cpe:/a:centos:centos:php-pecl-zip", "p-cpe:/a:centos:centos:php-pgsql", "p-cpe:/a:centos:centos:php-process", "p-cpe:/a:centos:centos:php-recode", "p-cpe:/a:centos:centos:php-snmp", "p-cpe:/a:centos:centos:php-soap", "p-cpe:/a:centos:centos:php-xml", "p-cpe:/a:centos:centos:php-xmlrpc"], "id": "CENTOS8_RHSA-2020-3662.NASL", "href": "https://www.tenable.com/plugins/nessus/145957", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2020:3662. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145957);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/23\");\n\n script_cve_id(\n \"CVE-2019-11039\",\n \"CVE-2019-11040\",\n \"CVE-2019-11041\",\n \"CVE-2019-11042\",\n \"CVE-2019-11045\",\n \"CVE-2019-11047\",\n \"CVE-2019-11048\",\n \"CVE-2019-11050\",\n \"CVE-2019-13224\",\n \"CVE-2019-13225\",\n \"CVE-2019-16163\",\n \"CVE-2019-19203\",\n \"CVE-2019-19204\",\n \"CVE-2019-19246\",\n \"CVE-2019-20454\",\n \"CVE-2020-7059\",\n \"CVE-2020-7060\",\n \"CVE-2020-7062\",\n \"CVE-2020-7063\",\n \"CVE-2020-7064\",\n \"CVE-2020-7065\",\n \"CVE-2020-7066\"\n );\n script_bugtraq_id(108520, 108525);\n script_xref(name:\"RHSA\", value:\"2020:3662\");\n\n script_name(english:\"CentOS 8 : php:7.3 (CESA-2020:3662)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2020:3662 advisory.\n\n - php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers() (CVE-2019-11039)\n\n - php: Buffer over-read in exif_read_data() (CVE-2019-11040)\n\n - php: Heap buffer over-read in exif_scan_thumbnail() (CVE-2019-11041)\n\n - php: Heap buffer over-read in exif_process_user_comment() (CVE-2019-11042)\n\n - php: DirectoryIterator class accepts filenames with embedded \\0 byte and treats them as terminating at\n that byte (CVE-2019-11045)\n\n - php: Information disclosure in exif_read_data() (CVE-2019-11047)\n\n - php: Integer wraparounds when receiving multipart forms (CVE-2019-11048)\n\n - php: Out of bounds read when parsing EXIF information (CVE-2019-11050)\n\n - oniguruma: Use-after-free in onig_new_deluxe() in regext.c (CVE-2019-13224)\n\n - oniguruma: NULL pointer dereference in match_at() in regexec.c (CVE-2019-13225)\n\n - oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c (CVE-2019-16163)\n\n - oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c (CVE-2019-19203)\n\n - oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c\n (CVE-2019-19204)\n\n - oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c (CVE-2019-19246)\n\n - pcre: Out of bounds read in JIT mode when \\X is used in non-UTF mode (CVE-2019-20454)\n\n - php: Out of bounds read in php_strip_tags_ex (CVE-2020-7059)\n\n - php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function (CVE-2020-7060)\n\n - php: NULL pointer dereference in PHP session upload progress (CVE-2020-7062)\n\n - php: Files added to tar with Phar::buildFromIterator have all-access permissions (CVE-2020-7063)\n\n - php: Information disclosure in exif_read_data() function (CVE-2020-7064)\n\n - php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution\n (CVE-2020-7065)\n\n - php: Information disclosure in function get_headers (CVE-2020-7066)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:3662\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:apcu-panel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libzip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libzip-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libzip-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pecl-apcu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pecl-apcu-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pecl-rrd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pecl-xdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pecl-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-xmlrpc\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/php');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module php:7.3');\nif ('7.3' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module php:' + module_ver);\n\nappstreams = {\n 'php:7.3': [\n {'reference':'apcu-panel-5.1.17-1.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apcu-panel-5.1.17-1.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libzip-1.5.2-1.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libzip-1.5.2-1.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libzip-devel-1.5.2-1.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libzip-devel-1.5.2-1.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libzip-tools-1.5.2-1.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libzip-tools-1.5.2-1.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-bcmath-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-bcmath-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-cli-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-cli-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-common-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-common-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-dba-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-dba-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-dbg-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-dbg-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-devel-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-devel-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-embedded-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-embedded-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-enchant-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-enchant-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-fpm-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-fpm-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-gd-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-gd-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-gmp-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-gmp-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-intl-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-intl-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-json-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-json-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-ldap-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-ldap-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-mbstring-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-mbstring-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-mysqlnd-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-mysqlnd-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-odbc-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-odbc-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-opcache-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-opcache-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pdo-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pdo-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pear-1.10.9-1.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pear-1.10.9-1.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-apcu-5.1.17-1.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-apcu-5.1.17-1.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-apcu-devel-5.1.17-1.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-apcu-devel-5.1.17-1.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-rrd-2.0.1-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-rrd-2.0.1-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-xdebug-2.8.0-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-xdebug-2.8.0-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-zip-1.15.4-1.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-zip-1.15.4-1.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pgsql-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pgsql-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-process-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-process-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-recode-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-recode-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-snmp-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-snmp-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-soap-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-soap-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-xml-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-xml-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-xmlrpc-7.3.20-1.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-xmlrpc-7.3.20-1.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module php:7.3');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apcu-panel / libzip / libzip-devel / libzip-tools / php / php-bcmath / etc');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-25T18:54:54", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-3662 advisory.\n\n - Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash. (CVE-2019-11039)\n\n - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. (CVE-2019-11040)\n\n - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. (CVE-2019-11041, CVE-2019-11042)\n\n - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.\n (CVE-2019-11047, CVE-2019-11050)\n\n - In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This potentially could lead to accumulation of uncleaned temporary files exhausting the disk space on the target server. (CVE-2019-11048)\n\n - A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust. (CVE-2019-13225)\n\n - Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.\n (CVE-2019-16163)\n\n - An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string.\n This leads to a heap-based buffer over-read. (CVE-2019-19203)\n\n - Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c. (CVE-2019-19246)\n\n - An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \\X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c. (CVE-2019-20454)\n\n - In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash. (CVE-2020-7064)\n\n - In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \\0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access. (CVE-2019-11045)\n\n - A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust. (CVE-2019-13224)\n\n - An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read. (CVE-2019-19204)\n\n - When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash. (CVE-2020-7059)\n\n - When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash. (CVE-2020-7060)\n\n - In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash. (CVE-2020-7062)\n\n - In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted. (CVE-2020-7063)\n\n - In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution. (CVE-2020-7065)\n\n - In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\\0) character, the URL will be silently truncated at it.\n This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server. (CVE-2020-7066)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-09-10T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : php:7.3 (ELSA-2020-3662)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11039", "CVE-2019-11040", "CVE-2019-11041", "CVE-2019-11042", "CVE-2019-11045", "CVE-2019-11047", "CVE-2019-11048", "CVE-2019-11050", "CVE-2019-13224", "CVE-2019-13225", "CVE-2019-16163", "CVE-2019-19203", "CVE-2019-19204", "CVE-2019-19246", "CVE-2019-20454", "CVE-2020-7059", "CVE-2020-7060", "CVE-2020-7062", "CVE-2020-7063", "CVE-2020-7064", "CVE-2020-7065", "CVE-2020-7066"], "modified": "2021-05-11T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:apcu-panel", "p-cpe:/a:oracle:linux:libzip", "p-cpe:/a:oracle:linux:libzip-devel", "p-cpe:/a:oracle:linux:libzip-tools", "p-cpe:/a:oracle:linux:php", "p-cpe:/a:oracle:linux:php-bcmath", "p-cpe:/a:oracle:linux:php-cli", "p-cpe:/a:oracle:linux:php-common", "p-cpe:/a:oracle:linux:php-dba", "p-cpe:/a:oracle:linux:php-dbg", "p-cpe:/a:oracle:linux:php-devel", "p-cpe:/a:oracle:linux:php-embedded", "p-cpe:/a:oracle:linux:php-enchant", "p-cpe:/a:oracle:linux:php-fpm", "p-cpe:/a:oracle:linux:php-gd", "p-cpe:/a:oracle:linux:php-gmp", "p-cpe:/a:oracle:linux:php-intl", "p-cpe:/a:oracle:linux:php-json", "p-cpe:/a:oracle:linux:php-ldap", "p-cpe:/a:oracle:linux:php-mbstring", "p-cpe:/a:oracle:linux:php-mysqlnd", "p-cpe:/a:oracle:linux:php-odbc", "p-cpe:/a:oracle:linux:php-opcache", "p-cpe:/a:oracle:linux:php-pdo", "p-cpe:/a:oracle:linux:php-pear", "p-cpe:/a:oracle:linux:php-pecl-apcu", "p-cpe:/a:oracle:linux:php-pecl-apcu-devel", "p-cpe:/a:oracle:linux:php-pecl-rrd", "p-cpe:/a:oracle:linux:php-pecl-xdebug", "p-cpe:/a:oracle:linux:php-pecl-zip", "p-cpe:/a:oracle:linux:php-pgsql", "p-cpe:/a:oracle:linux:php-process", "p-cpe:/a:oracle:linux:php-recode", "p-cpe:/a:oracle:linux:php-snmp", "p-cpe:/a:oracle:linux:php-soap", "p-cpe:/a:oracle:linux:php-xml", "p-cpe:/a:oracle:linux:php-xmlrpc"], "id": "ORACLELINUX_ELSA-2020-3662.NASL", "href": "https://www.tenable.com/plugins/nessus/140482", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-3662.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140482);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/11\");\n\n script_cve_id(\n \"CVE-2019-11039\",\n \"CVE-2019-11040\",\n \"CVE-2019-11041\",\n \"CVE-2019-11042\",\n \"CVE-2019-11045\",\n \"CVE-2019-11047\",\n \"CVE-2019-11048\",\n \"CVE-2019-11050\",\n \"CVE-2019-13224\",\n \"CVE-2019-13225\",\n \"CVE-2019-16163\",\n \"CVE-2019-19203\",\n \"CVE-2019-19204\",\n \"CVE-2019-19246\",\n \"CVE-2019-20454\",\n \"CVE-2020-7059\",\n \"CVE-2020-7060\",\n \"CVE-2020-7062\",\n \"CVE-2020-7063\",\n \"CVE-2020-7064\",\n \"CVE-2020-7065\",\n \"CVE-2020-7066\"\n );\n script_bugtraq_id(108520, 108525);\n\n script_name(english:\"Oracle Linux 8 : php:7.3 (ELSA-2020-3662)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-3662 advisory.\n\n - Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x\n below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may\n lead to information disclosure or crash. (CVE-2019-11039)\n\n - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in\n PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with\n data what will cause it to read past the allocated buffer. This may lead to information disclosure or\n crash. (CVE-2019-11040)\n\n - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in\n PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with\n data what will cause it to read past the allocated buffer. This may lead to information disclosure or\n crash. (CVE-2019-11041, CVE-2019-11042)\n\n - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in\n PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what\n will cause it to read past the allocated buffer. This may lead to information disclosure or crash.\n (CVE-2019-11047, CVE-2019-11050)\n\n - In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are\n allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized\n memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files\n created by upload request. This potentially could lead to accumulation of uncleaned temporary files\n exhausting the disk space on the target server. (CVE-2019-11048)\n\n - A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially\n cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as\n well as common optional libraries for PHP and Rust. (CVE-2019-13225)\n\n - Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.\n (CVE-2019-16163)\n\n - An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file\n gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string.\n This leads to a heap-based buffer over-read. (CVE-2019-19203)\n\n - Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in\n str_lower_case_match in regexec.c. (CVE-2019-19246)\n\n - An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \\X is JIT compiled and used to\n match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may\n be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in\n do_extuni_no_utf in pcre2_jit_compile.c. (CVE-2019-20454)\n\n - In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with\n exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of\n uninitialized memory. This could potentially lead to information disclosure or crash. (CVE-2020-7064)\n\n - In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts\n filenames with embedded \\0 byte and treats them as terminating at that byte. This could lead to security\n vulnerabilities, e.g. in applications checking paths that the code is allowed to access. (CVE-2019-11045)\n\n - A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause\n information disclosure, denial of service, or possibly code execution by providing a crafted regular\n expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that\n gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional\n libraries for PHP and Rust. (CVE-2019-13224)\n\n - An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier\n (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This\n leads to a heap-based buffer over-read. (CVE-2019-19204)\n\n - When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x\n below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read\n past the allocated buffer. This may lead to information disclosure or crash. (CVE-2020-7059)\n\n - When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27,\n 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function\n mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or\n crash. (CVE-2020-7060)\n\n - In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload\n functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0\n (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist\n and encounter null pointer dereference, which would likely lead to a crash. (CVE-2020-7062)\n\n - In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive\n using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all\n access) even if the original files on the filesystem were with more restrictive permissions. This may\n result in files having more lax permissions than intended when such archive is extracted. (CVE-2020-7063)\n\n - In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with\n UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could\n lead to memory corruption, crashes and potentially code execution. (CVE-2020-7065)\n\n - In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers()\n with user-supplied URL, if the URL contains zero (\\0) character, the URL will be silently truncated at it.\n This may cause some software to make incorrect assumptions about the target of the get_headers() and\n possibly send some information to a wrong server. (CVE-2020-7066)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-3662.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:apcu-panel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libzip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libzip-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libzip-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pecl-apcu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pecl-apcu-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pecl-rrd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pecl-xdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pecl-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-xmlrpc\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/php');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module php:7.3');\nif ('7.3' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module php:' + module_ver);\n\nappstreams = {\n 'php:7.3': [\n {'reference':'apcu-panel-5.1.17-1.module+el8.2.0+5569+98c8b30d', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libzip-1.5.2-1.module+el8.2.0+5569+98c8b30d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libzip-1.5.2-1.module+el8.2.0+5569+98c8b30d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libzip-devel-1.5.2-1.module+el8.2.0+5569+98c8b30d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libzip-devel-1.5.2-1.module+el8.2.0+5569+98c8b30d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libzip-tools-1.5.2-1.module+el8.2.0+5569+98c8b30d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libzip-tools-1.5.2-1.module+el8.2.0+5569+98c8b30d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-bcmath-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-bcmath-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-cli-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-cli-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-common-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-common-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-dba-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-dba-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-dbg-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-dbg-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-devel-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-devel-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-embedded-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-embedded-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-enchant-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-enchant-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-fpm-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-fpm-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-gd-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-gd-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-gmp-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-gmp-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-intl-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-intl-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-json-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-json-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-ldap-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-ldap-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-mbstring-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-mbstring-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-mysqlnd-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-mysqlnd-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-odbc-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-odbc-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-opcache-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-opcache-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pdo-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pdo-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pear-1.10.9-1.module+el8.2.0+5569+98c8b30d', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'php-pecl-apcu-5.1.17-1.module+el8.2.0+5569+98c8b30d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-apcu-5.1.17-1.module+el8.2.0+5569+98c8b30d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-apcu-devel-5.1.17-1.module+el8.2.0+5569+98c8b30d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-apcu-devel-5.1.17-1.module+el8.2.0+5569+98c8b30d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-rrd-2.0.1-1.module+el8.2.0+5569+98c8b30d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-rrd-2.0.1-1.module+el8.2.0+5569+98c8b30d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-xdebug-2.8.0-1.module+el8.2.0+5569+98c8b30d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-xdebug-2.8.0-1.module+el8.2.0+5569+98c8b30d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-zip-1.15.4-1.module+el8.2.0+5569+98c8b30d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pecl-zip-1.15.4-1.module+el8.2.0+5569+98c8b30d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pgsql-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-pgsql-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-process-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-process-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-recode-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-recode-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-snmp-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-snmp-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-soap-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-soap-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-xml-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-xml-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-xmlrpc-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'php-xmlrpc-7.3.20-1.module+el8.2.0+7784+4033621d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module php:7.3');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apcu-panel / libzip / libzip-devel / etc');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-25T18:55:22", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3662 advisory.\n\n - php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers() (CVE-2019-11039)\n\n - php: Buffer over-read in exif_read_data() (CVE-2019-11040)\n\n - php: Heap buffer over-read in exif_scan_thumbnail() (CVE-2019-11041)\n\n - php: Heap buffer over-read in exif_process_user_comment() (CVE-2019-11042)\n\n - php: DirectoryIterator class accepts filenames with embedded \\0 byte and treats them as terminating at that byte (CVE-2019-11045)\n\n - php: Information disclosure in exif_read_data() (CVE-2019-11047)\n\n - php: Integer wraparounds when receiving multipart forms (CVE-2019-11048)\n\n - php: Out of bounds read when parsing EXIF information (CVE-2019-11050)\n\n - oniguruma: Use-after-free in onig_new_deluxe() in regext.c (CVE-2019-13224)\n\n - oniguruma: NULL pointer dereference in match_at() in regexec.c (CVE-2019-13225)\n\n - oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c (CVE-2019-16163)\n\n - oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c (CVE-2019-19203)\n\n - oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c (CVE-2019-19204)\n\n - oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c (CVE-2019-19246)\n\n - pcre: Out of bounds read in JIT mode when \\X is used in non-UTF mode (CVE-2019-20454)\n\n - php: Out of bounds read in php_strip_tags_ex (CVE-2020-7059)\n\n - php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function (CVE-2020-7060)\n\n - php: NULL pointer dereference in PHP session upload progress (CVE-2020-7062)\n\n - php: Files added to tar with Phar::buildFromIterator have all-access permissions (CVE-2020-7063)\n\n - php: Information disclosure in exif_read_data() function (CVE-2020-7064)\n\n - php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution (CVE-2020-7065)\n\n - php: Information disclosure in function get_headers (CVE-2020-7066)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-09-08T00:00:00", "type": "nessus", "title": "RHEL 8 : php:7.3 (RHSA-2020:3662)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11039", "CVE-2019-11040", "CVE-2019-11041", "CVE-2019-11042", "CVE-2019-11045", "CVE-2019-11047", "CVE-2019-11048", "CVE-2019-11050", "CVE-2019-13224", "CVE-2019-13225", "CVE-2019-16163", "CVE-2019-19203", "CVE-2019-19204", "CVE-2019-19246", "CVE-2019-20454", "CVE-2020-7059", "CVE-2020-7060", "CVE-2020-7062", "CVE-2020-7063", "CVE-2020-7064", "CVE-2020-7065", "CVE-2020-7066"], "modified": "2021-10-12T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_tus:8.2", "cpe:/o:redhat:rhel_tus:8.4", "p-cpe:/a:redhat:enterprise_linux:apcu-panel", "p-cpe:/a:redhat:enterprise_linux:libzip", "p-cpe:/a:redhat:enterprise_linux:libzip-devel", "p-cpe:/a:redhat:enterprise_linux:libzip-tools", "p-cpe:/a:redhat:enterprise_linux:php", "p-cpe:/a:redhat:enterprise_linux:php-bcmath", "p-cpe:/a:redhat:enterprise_linux:php-cli", "p-cpe:/a:redhat:enterprise_linux:php-common", "p-cpe:/a:redhat:enterprise_linux:php-dba", "p-cpe:/a:redhat:enterprise_linux:php-dbg", "p-cpe:/a:redhat:enterprise_linux:php-devel", "p-cpe:/a:redhat:enterprise_linux:php-embedded", "p-cpe:/a:redhat:enterprise_linux:php-enchant", "p-cpe:/a:redhat:enterprise_linux:php-fpm", "p-cpe:/a:redhat:enterprise_linux:php-gd", "p-cpe:/a:redhat:enterprise_linux:php-gmp", "p-cpe:/a:redhat:enterprise_linux:php-intl", "p-cpe:/a:redhat:enterprise_linux:php-json", "p-cpe:/a:redhat:enterprise_linux:php-ldap", "p-cpe:/a:redhat:enterprise_linux:php-mbstring", "p-cpe:/a:redhat:enterprise_linux:php-mysqlnd", "p-cpe:/a:redhat:enterprise_linux:php-odbc", "p-cpe:/a:redhat:enterprise_linux:php-opcache", "p-cpe:/a:redhat:enterprise_linux:php-pdo", "p-cpe:/a:redhat:enterprise_linux:php-pear", "p-cpe:/a:redhat:enterprise_linux:php-pecl-apcu", "p-cpe:/a:redhat:enterprise_linux:php-pecl-apcu-devel", "p-cpe:/a:redhat:enterprise_linux:php-pecl-rrd", "p-cpe:/a:redhat:enterprise_linux:php-pecl-xdebug", "p-cpe:/a:redhat:enterprise_linux:php-pecl-zip", "p-cpe:/a:redhat:enterprise_linux:php-pgsql", "p-cpe:/a:redhat:enterprise_linux:php-process", "p-cpe:/a:redhat:enterprise_linux:php-recode", "p-cpe:/a:redhat:enterprise_linux:php-snmp", "p-cpe:/a:redhat:enterprise_linux:php-soap", "p-cpe:/a:redhat:enterprise_linux:php-xml", "p-cpe:/a:redhat:enterprise_linux:php-xmlrpc"], "id": "REDHAT-RHSA-2020-3662.NASL", "href": "https://www.tenable.com/plugins/nessus/140396", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3662. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140396);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/12\");\n\n script_cve_id(\n \"CVE-2019-11039\",\n \"CVE-2019-11040\",\n \"CVE-2019-11041\",\n \"CVE-2019-11042\",\n \"CVE-2019-11045\",\n \"CVE-2019-11047\",\n \"CVE-2019-11048\",\n \"CVE-2019-11050\",\n \"CVE-2019-13224\",\n \"CVE-2019-13225\",\n \"CVE-2019-16163\",\n \"CVE-2019-19203\",\n \"CVE-2019-19204\",\n \"CVE-2019-19246\",\n \"CVE-2019-20454\",\n \"CVE-2020-7059\",\n \"CVE-2020-7060\",\n \"CVE-2020-7062\",\n \"CVE-2020-7063\",\n \"CVE-2020-7064\",\n \"CVE-2020-7065\",\n \"CVE-2020-7066\"\n );\n script_bugtraq_id(108520, 108525);\n script_xref(name:\"RHSA\", value:\"2020:3662\");\n script_xref(name:\"IAVB\", value:\"2019-B-0045-S\");\n script_xref(name:\"IAVA\", value:\"2019-A-0437-S\");\n script_xref(name:\"IAVB\", value:\"2019-B-0070-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0006-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0221-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0039-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0081-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0117-S\");\n\n script_name(english:\"RHEL 8 : php:7.3 (RHSA-2020:3662)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:3662 advisory.\n\n - php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers() (CVE-2019-11039)\n\n - php: Buffer over-read in exif_read_data() (CVE-2019-11040)\n\n - php: Heap buffer over-read in exif_scan_thumbnail() (CVE-2019-11041)\n\n - php: Heap buffer over-read in exif_process_user_comment() (CVE-2019-11042)\n\n - php: DirectoryIterator class accepts filenames with embedded \\0 byte and treats them as terminating at\n that byte (CVE-2019-11045)\n\n - php: Information disclosure in exif_read_data() (CVE-2019-11047)\n\n - php: Integer wraparounds when receiving multipart forms (CVE-2019-11048)\n\n - php: Out of bounds read when parsing EXIF information (CVE-2019-11050)\n\n - oniguruma: Use-after-free in onig_new_deluxe() in regext.c (CVE-2019-13224)\n\n - oniguruma: NULL pointer dereference in match_at() in regexec.c (CVE-2019-13225)\n\n - oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c (CVE-2019-16163)\n\n - oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c (CVE-2019-19203)\n\n - oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c\n (CVE-2019-19204)\n\n - oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c (CVE-2019-19246)\n\n - pcre: Out of bounds read in JIT mode when \\X is used in non-UTF mode (CVE-2019-20454)\n\n - php: Out of bounds read in php_strip_tags_ex (CVE-2020-7059)\n\n - php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function (CVE-2020-7060)\n\n - php: NULL pointer dereference in PHP session upload progress (CVE-2020-7062)\n\n - php: Files added to tar with Phar::buildFromIterator have all-access permissions (CVE-2020-7063)\n\n - php: Information disclosure in exif_read_data() function (CVE-2020-7064)\n\n - php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution\n (CVE-2020-7065)\n\n - php: Information disclosure in function get_headers (CVE-2020-7066)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/119.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/120.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/121.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/125.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/170.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/190.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/200.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/284.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/400.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/416.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/476.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/674.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/787.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11039\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11047\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-13224\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-13225\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-16163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19203\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19246\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-20454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-7059\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-7060\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-7062\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-7063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-7064\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-7065\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-7066\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:3662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1724152\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1724154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1728965\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1728970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1735494\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1739459\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1739465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1768997\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1777537\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1786570\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1786572\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1788258\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1797776\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1797779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1802061\");\n script_set_attribute(attribute:\&quo