CentOS Update for php53 CESA-2011:0196 centos5 x86_64. PHP update includes patches for CVE-2010-4645, CVE-2010-3710, and CVE-2010-4156
Reporter | Title | Published | Views | Family All 180 |
---|---|---|---|---|
![]() | RHEL 5 : php53 (RHSA-2011:0196) | 4 Feb 201100:00 | – | nessus |
![]() | Scientific Linux Security Update : php53 on SL5.x i386/x86_64 | 1 Aug 201200:00 | – | nessus |
![]() | Oracle Linux 5 : php53 (ELSA-2011-0196) | 12 Jul 201300:00 | – | nessus |
![]() | CentOS 5 : php53 (CESA-2011:0196) | 15 Apr 201100:00 | – | nessus |
![]() | Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : php5 vulnerabilities (USN-1042-1) | 12 Jan 201100:00 | – | nessus |
![]() | PHP 5.2 < 5.2.17 / 5.3 < 5.3.5 String To Double Conversion DoS | 7 Jan 201100:00 | – | nessus |
![]() | Slackware 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : php (SSA:2011-010-01) | 11 Jan 201100:00 | – | nessus |
![]() | F5 Networks BIG-IP : PHP vulnerability (SOL12650) | 10 Oct 201400:00 | – | nessus |
![]() | Fedora 13 : maniadrive-1.2-26.fc13.1 / maniadrive-data-1.2-5.fc13 / php-5.3.5-1.fc13 / etc (2011-0321) | 24 Jan 201100:00 | – | nessus |
![]() | Fedora 14 : maniadrive-1.2-26.fc14.1 / maniadrive-data-1.2-5.fc14 / php-5.3.5-1.fc14 / etc (2011-0329) | 24 Jan 201100:00 | – | nessus |
###############################################################################
# OpenVAS Vulnerability Test
#
# CentOS Update for php53 CESA-2011:0196 centos5 x86_64
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.
A flaw was found in the way PHP converted certain floating point values
from string representation to a number. If a PHP script evaluated an
attacker's input in a numeric context, the PHP interpreter could cause high
CPU usage until the script execution time limit is reached. This issue only
affected i386 systems. (CVE-2010-4645)
A stack memory exhaustion flaw was found in the way the PHP filter_var()
function validated email addresses. An attacker could use this flaw to
crash the PHP interpreter by providing excessively long input to be
validated as an email address. (CVE-2010-3710)
A memory disclosure flaw was found in the PHP multi-byte string extension.
If the mb_strcut() function was called with a length argument exceeding the
input string size, the function could disclose a portion of the PHP
interpreter's memory. (CVE-2010-4156)
All php53 users should upgrade to these updated packages, which contain
backported patches to resolve these issues. After installing the updated
packages, the httpd daemon must be restarted for the update to take effect.";
tag_affected = "php53 on CentOS 5";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_xref(name : "URL" , value : "http://lists.centos.org/pipermail/centos-announce/2011-April/017380.html");
script_id(881439);
script_version("$Revision: 8273 $");
script_tag(name:"last_modification", value:"$Date: 2018-01-03 07:29:19 +0100 (Wed, 03 Jan 2018) $");
script_tag(name:"creation_date", value:"2012-07-30 17:52:14 +0530 (Mon, 30 Jul 2012)");
script_cve_id("CVE-2010-3710", "CVE-2010-4156", "CVE-2010-4645");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_xref(name: "CESA", value: "2011:0196");
script_name("CentOS Update for php53 CESA-2011:0196 centos5 x86_64");
script_tag(name: "summary" , value: "Check for the Version of php53");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
script_family("CentOS Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/centos", "ssh/login/rpms");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "CentOS5")
{
if ((res = isrpmvuln(pkg:"php53", rpm:"php53~5.3.3~1.el5_6.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php53-bcmath", rpm:"php53-bcmath~5.3.3~1.el5_6.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php53-cli", rpm:"php53-cli~5.3.3~1.el5_6.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php53-common", rpm:"php53-common~5.3.3~1.el5_6.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php53-dba", rpm:"php53-dba~5.3.3~1.el5_6.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php53-devel", rpm:"php53-devel~5.3.3~1.el5_6.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php53-gd", rpm:"php53-gd~5.3.3~1.el5_6.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php53-imap", rpm:"php53-imap~5.3.3~1.el5_6.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php53-intl", rpm:"php53-intl~5.3.3~1.el5_6.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php53-ldap", rpm:"php53-ldap~5.3.3~1.el5_6.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php53-mbstring", rpm:"php53-mbstring~5.3.3~1.el5_6.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php53-mysql", rpm:"php53-mysql~5.3.3~1.el5_6.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php53-odbc", rpm:"php53-odbc~5.3.3~1.el5_6.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php53-pdo", rpm:"php53-pdo~5.3.3~1.el5_6.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php53-pgsql", rpm:"php53-pgsql~5.3.3~1.el5_6.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php53-process", rpm:"php53-process~5.3.3~1.el5_6.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php53-pspell", rpm:"php53-pspell~5.3.3~1.el5_6.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php53-snmp", rpm:"php53-snmp~5.3.3~1.el5_6.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php53-soap", rpm:"php53-soap~5.3.3~1.el5_6.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php53-xml", rpm:"php53-xml~5.3.3~1.el5_6.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"php53-xmlrpc", rpm:"php53-xmlrpc~5.3.3~1.el5_6.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo