Linux Distros Unpatched Vulnerability : CVE-2016-9137

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free vulnerability in the CURLFile implementation in ext/curl/curlfile.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a...

SUSE: Security Advisory (SUSE-SU-2016:2975-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : php7 (SUSE-SU-2016:2941-1) (httpoxy)

This update for php7 fixes the following security issues : - CVE-2016-5385: Setting HTTPPROXY environment variable via Proxy header httpoxy bsc988486. - CVE-2016-9137: Fixing a Use After Free in unserialize bsc1008029. Note that Tenable Network Security has extracted the preceding description blo...

Ubuntu: Security Advisory (USN-3211-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 LTS : PHP regression (USN-3211-2)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3211-2 advisory. USN-3211-1 fixed vulnerabilities in PHP by updating to the new 7.0.15 upstream release. PHP 7.0.15 introduced a regression when using MySQL with large blobs. This...

USN-3211-2: PHP regression

USN-3211-1 fixed vulnerabilities in PHP by updating to the new 7.0.15 upstream release. PHP 7.0.15 introduced a regression when using MySQL with large blobs. This update fixes the problem with a backported fix. Original advisory details: It was discovered that PHP incorrectly handled certain...

Ubuntu 16.04 LTS : PHP vulnerabilities (USN-3211-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3211-1 advisory. It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to...

Ubuntu: Security Advisory (USN-3211-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3211-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2016-7479 It was discovered that PHP incorrectly handled certain...

Ubuntu 14.04 LTS : PHP vulnerabilities (USN-3196-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3196-1 advisory. It was discovered that PHP incorrectly handled certain arguments to the localegetdisplayname function. A remote attacker could use this issue to cause PH...

USN-3196-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled certain arguments to the localegetdisplayname function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2014-9912 It was discovered that PHP incorrectly handled...

CVE-2016-9137

Use-after-free vulnerability in the CURLFile implementation in ext/curl/curlfile.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during wakeup processing...

CVE-2016-9137

CVE-2016-9137 is a Use-After-Free vulnerability in PHP’s CURLFile implementation (ext/curl/curl_file.c). The issue affects PHP before 5.6.27 and 7.x before 7.0.12, where crafted serialized data mishandled during __wakeup can lead to denial of service or possibly other impact. Connected sources co...

CVE-2016-9137

Removed by vendor...

UBUNTU-CVE-2016-9137

Use-after-free vulnerability in the CURLFile implementation in ext/curl/curlfile.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during wakeup processing...

openSUSE Security Update : php5 (openSUSE-2016-1449)

This update for php5 fixes the following issues : - CVE-2016-9137: Use After Free in unserialize bsc1008029 - CVE-2016-5773: ZipArchive class Use After Free Vulnerability in PHP's GC bsc986247 This update was imported from the SUSE:SLE-12:Update update project. %NASLMINLEVEL 70300 C Tenable Netwo...

openSUSE Security Update : php7 (openSUSE-2016-1440) (httpoxy)

This update for php7 fixes the following security issues : - CVE-2016-5385: Setting HTTPPROXY environment variable via Proxy header httpoxy bsc988486. - CVE-2016-9137: Fixing a Use After Free in unserialize bsc1008029. This update was imported from the SUSE:SLE-12:Update update project...

SUSE SLED12 / SLES12 Security Update : php5 (SUSE-SU-2016:2975-1)

This update for php5 fixes the following issues : - CVE-2016-9137: Use After Free in unserialize bsc1008029 - CVE-2016-5773: ZipArchive class Use After Free Vulnerability in PHP's GC bsc986247 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE...

SUSE-SU-2016:2941-1 Security update for php7

This update for php7 fixes the following security issues: - CVE-2016-5385: Setting HTTPPROXY environment variable via Proxy header httpoxy bsc988486. - CVE-2016-9137: Fixing a Use After Free in unserialize bsc1008029...

openSUSE Security Update : php5 (openSUSE-2016-1338)

This update for php5 fixes the following issues : - CVE-2016-9137: Fixed a use after free in unserialize in curl file deserialization boo1008029 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...