{"id": "SECURITYVULNS:DOC:29607", "bulletinFamily": "software", "title": "[ MDVSA-2013:195 ] php", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2013:195\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : php\r\n Date : July 12, 2013\r\n Affected: Business Server 1.0, Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n A vulnerability has been discovered and corrected in php:\r\n \r\n * Fixed PHP bug #65236 (heap corruption in xml parser) (CVE-2013-4113).\r\n \r\n The updated packages have been upgraded to the 5.3.27 version which\r\n is not vulnerable to this issue.\r\n \r\n The php-timezonedb package has been updated to the 2013.4 version.\r\n \r\n Additionally, some packages which requires so has been rebuilt for\r\n php-5.3.27.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4113\r\n http://www.php.net/ChangeLog-5.php#5.3.27\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Enterprise Server 5:\r\n b600e684742020a5f0cc6cab7712a5a2 mes5/i586/apache-mod_php-5.3.27-0.1mdvmes5.2.i586.rpm\r\n 8c6d7ecbcd19741d6f359ace12986dc0 mes5/i586/libphp5_common5-5.3.27-0.1mdvmes5.2.i586.rpm\r\n caccd5c4e63ec27c2f87a8dd6483b771 mes5/i586/php-apc-3.1.13-0.5mdvmes5.2.i586.rpm\r\n 1ce4a19b3f4156c1bc6ae6486cb409ed mes5/i586/php-apc-admin-3.1.13-0.5mdvmes5.2.i586.rpm\r\n d0ee0ab323ba74bb4838bfd773fa4170 mes5/i586/php-bcmath-5.3.27-0.1mdvmes5.2.i586.rpm\r\n ba2b58c17989f7e14baec639d1a5f5e0 mes5/i586/php-bz2-5.3.27-0.1mdvmes5.2.i586.rpm\r\n 14429e2eefef79177a9965d436843644 mes5/i586/php-calendar-5.3.27-0.1mdvmes5.2.i586.rpm\r\n d983c7e358d07b8d278f6482144b84dc mes5/i586/php-cgi-5.3.27-0.1mdvmes5.2.i586.rpm\r\n d0f9b4981112bfa8429b8d512953ec36 mes5/i586/php-cli-5.3.27-0.1mdvmes5.2.i586.rpm\r\n 067421d3601521fc88e0e5ea81905749 mes5/i586/php-ctype-5.3.27-0.1mdvmes5.2.i586.rpm\r\n fbc030238f172de2816079683fa2d403 mes5/i586/php-curl-5.3.27-0.1mdvmes5.2.i586.rpm\r\n a40b2b3198f2c3a7533fc293f6b3c1c5 mes5/i586/php-dba-5.3.27-0.1mdvmes5.2.i586.rpm\r\n 1703ce9efd667a253e8dc5bcac40e479 mes5/i586/php-devel-5.3.27-0.1mdvmes5.2.i586.rpm\r\n 328111ececd3f9c80c2b0fe1717bdb50 mes5/i586/php-doc-5.3.27-0.1mdvmes5.2.i586.rpm\r\n 53835cfb06f14655b2dbbd8b72907b20 mes5/i586/php-dom-5.3.27-0.1mdvmes5.2.i586.rpm\r\n 62aafcf0c1bcdf58567b341365957039 mes5/i586/php-eaccelerator-0.9.6.1-0.11mdvmes5.2.i586.rpm\r\n c61d2f2752af5056852b067c8b0b6ebd mes5/i586/php-eaccelerator-admin-0.9.6.1-0.11mdvmes5.2.i586.rpm\r\n ef4af2387b2520b65087d884d0c12374 mes5/i586/php-enchant-5.3.27-0.1mdvmes5.2.i586.rpm\r\n 4b9f60ba95d7ab43207ad9119dfa50a4 mes5/i586/php-exif-5.3.27-0.1mdvmes5.2.i586.rpm\r\n 9102ecabb9ea1f45f63b373cbffff339 mes5/i586/php-fileinfo-5.3.27-0.1mdvmes5.2.i586.rpm\r\n eb8f5b55a16a394c34fe77f6e401a518 mes5/i586/php-filter-5.3.27-0.1mdvmes5.2.i586.rpm\r\n 52531ad0e8663500c7d1c220dabae52e mes5/i586/php-fpm-5.3.27-0.1mdvmes5.2.i586.rpm\r\n b6e720e32592416025d40a0d17232467 mes5/i586/php-ftp-5.3.27-0.1mdvmes5.2.i586.rpm\r\n 6fd1398953fd88149f95aca44641749f mes5/i586/php-gd-5.3.27-0.1mdvmes5.2.i586.rpm\r\n 47ff6b25c0c4867fb1c1493d0951150e mes5/i586/php-gd-bundled-5.3.27-0.1mdvmes5.2.i586.rpm\r\n 38cce97a1a62fbd14b189f2d2aaace42 mes5/i586/php-gettext-5.3.27-0.1mdvmes5.2.i586.rpm\r\n 7fa398db7247a32cff766fb4f9aca846 mes5/i586/php-gmp-5.3.27-0.1mdvmes5.2.i586.rpm\r\n abab206fc2c06ced553af47fe2149953 mes5/i586/php-hash-5.3.27-0.1mdvmes5.2.i586.rpm\r\n e9bd5f23725646e59493fcb883ba5402 mes5/i586/php-iconv-5.3.27-0.1mdvmes5.2.i586.rpm\r\n ccbe8aa26af20a2ec8da04fc7ea271cb mes5/i586/php-imap-5.3.27-0.1mdvmes5.2.i586.rpm\r\n 0c06723e63d034f864cc5163292a1ae0 mes5/i586/php-ini-5.3.27-0.1mdvmes5.2.i586.rpm\r\n 6444a4e3da67e4a3402b12e50da96dc4 mes5/i586/php-intl-5.3.27-0.1mdvmes5.2.i586.rpm\r\n feefc0cd26fe0600c438a83963ebe419 mes5/i586/php-json-5.3.27-0.1mdvmes5.2.i586.rpm\r\n 5e5f91e47deccf2c3ca41986c44f92a6 mes5/i586/php-ldap-5.3.27-0.1mdvmes5.2.i586.rpm\r\n 59e192ad5a76e9e10252fed81cb24b2d mes5/i586/php-mbstring-5.3.27-0.1mdvmes5.2.i586.rpm\r\n c1af9e1ae6f4abda2ef0669eb983c6af mes5/i586/php-mcrypt-5.3.27-0.1mdvmes5.2.i586.rpm\r\n 71e8b3bc20551353f4a5e7b74761e4ba mes5/i586/php-mssql-5.3.27-0.1mdvmes5.2.i586.rpm\r\n 63ec2927731362b746f6f77862df65e3 mes5/i586/php-mysql-5.3.27-0.1mdvmes5.2.i586.rpm\r\n 759104a8ca48a4038a7668463fdd41df mes5/i586/php-mysqli-5.3.27-0.1mdvmes5.2.i586.rpm\r\n 3e5db916e46171670a9ebef7ce3816fc mes5/i586/php-mysqlnd-5.3.27-0.1mdvmes5.2.i586.rpm\r\n b2f820e7aa3c18207a28af06f9004ed2 mes5/i586/php-odbc-5.3.27-0.1mdvmes5.2.i586.rpm\r\n 960ff9eb39fe8bc5161b8f2e4fa1ce84 mes5/i586/php-openssl-5.3.27-0.1mdvmes5.2.i586.rpm\r\n 103fc11df349005ece33662e9e27acf7 mes5/i586/php-pcntl-5.3.27-0.1mdvmes5.2.i586.rpm\r\n 6f5bacb6664fe0e738090b6f2996a2fc mes5/i586/php-pdo-5.3.27-0.1mdvmes5.2.i586.rpm\r\n e732b3aa9d6854c6849fee5516d938c7 mes5/i586/php-pdo_dblib-5.3.27-0.1mdvmes5.2.i586.rpm\r\n fc3b4deb2c2078273ef859428d1503a1 mes5/i586/php-pdo_mysql-5.3.27-0.1mdvmes5.2.i586.rpm\r\n 28e1e726970c77f4e66cb5b45b09541d mes5/i586/php-pdo_odbc-5.3.27-0.1mdvmes5.2.i586.rpm\r\n 32ec3bda3969144317440a1a6b77e030 mes5/i586/php-pdo_pgsql-5.3.27-0.1mdvmes5.2.i586.rpm\r\n df32f13a121ec66e19572b9a0fc7a480 mes5/i586/php-pdo_sqlite-5.3.27-0.1mdvmes5.2.i586.rpm\r\n d3631c517f25c700c785aa8e2a7772d4 mes5/i586/php-pgsql-5.3.27-0.1mdvmes5.2.i586.rpm\r\n c554116a669ad3f49ebc1a65f32367d1 mes5/i586/php-phar-5.3.27-0.1mdvmes5.2.i586.rpm\r\n 1f104f05e6d942c842b367994d46a787 mes5/i586/php-posix-5.3.27-0.1mdvmes5.2.i586.rpm\r\n 7f0a6127b179d2454eaeb5bb21d97200 mes5/i586/php-pspell-5.3.27-0.1mdvmes5.2.i586.rpm\r\n e9300f16888d9e25056ad47777cf381e mes5/i586/php-readline-5.3.27-0.1mdvmes5.2.i586.rpm\r\n 3f36ddacfd7d659d2aa33c0651f5cd21 mes5/i586/php-recode-5.3.27-0.1mdvmes5.2.i586.rpm\r\n b7da38add3614d2f9ab4f875ef0cc92e mes5/i586/php-session-5.3.27-0.1mdvmes5.2.i586.rpm\r\n da8502c5aa2059e9c67595e5c2cfb027 mes5/i586/php-shmop-5.3.27-0.1mdvmes5.2.i586.rpm\r\n 48ee235ff289babd4237b4c8cbbed0bf mes5/i586/php-snmp-5.3.27-0.1mdvmes5.2.i586.rpm\r\n 0e70969ff3822af88143605096f81f16 mes5/i586/php-soap-5.3.27-0.1mdvmes5.2.i586.rpm\r\n 5bedf2e45a5aebc47e03fd0050772a44 mes5/i586/php-sockets-5.3.27-0.1mdvmes5.2.i586.rpm\r\n 04ab937a9b54dac8ee40414a2083a557 mes5/i586/php-sqlite3-5.3.27-0.1mdvmes5.2.i586.rpm\r\n 1ba0398ca0de676080d6c1916705af87 mes5/i586/php-sqlite-5.3.27-0.1mdvmes5.2.i586.rpm\r\n 2b0d16304ab6e3d60b5d7362a41228f6 mes5/i586/php-sybase_ct-5.3.27-0.1mdvmes5.2.i586.rpm\r\n 9d0b16128381f8e0762ca4a260b16a0e mes5/i586/php-sysvmsg-5.3.27-0.1mdvmes5.2.i586.rpm\r\n b5df67f50fc9fc74070aca9543602852 mes5/i586/php-sysvsem-5.3.27-0.1mdvmes5.2.i586.rpm\r\n ac08e143a7a75e1c737e2a3b57864ee1 mes5/i586/php-sysvshm-5.3.27-0.1mdvmes5.2.i586.rpm\r\n eb816dafc55f1b9c4d70879636657212 mes5/i586/php-tidy-5.3.27-0.1mdvmes5.2.i586.rpm\r\n bff6ecb2de2ac2aa60ba3329251f7280 mes5/i586/php-timezonedb-2013.4-0.1mdvmes5.2.i586.rpm\r\n 14844090039d558385d5cd9dfdf36589 mes5/i586/php-tokenizer-5.3.27-0.1mdvmes5.2.i586.rpm\r\n 87024bf11e2e4473d42f1e274046f816 mes5/i586/php-wddx-5.3.27-0.1mdvmes5.2.i586.rpm\r\n 7e8754ee3e3906813887ba1f84a2a98b mes5/i586/php-xml-5.3.27-0.1mdvmes5.2.i586.rpm\r\n ea2fdf9cb085077224b5319d0887e558 mes5/i586/php-xmlreader-5.3.27-0.1mdvmes5.2.i586.rpm\r\n 768d97bf64f3e2848887ba2c1fec3251 mes5/i586/php-xmlrpc-5.3.27-0.1mdvmes5.2.i586.rpm\r\n 3225c44d75e38d711eec50561a7a7869 mes5/i586/php-xmlwriter-5.3.27-0.1mdvmes5.2.i586.rpm\r\n 144efbd1b0ef25659d4a69905f519383 mes5/i586/php-xsl-5.3.27-0.1mdvmes5.2.i586.rpm\r\n b93630598591194aa354f2aa13fe46d7 mes5/i586/php-zip-5.3.27-0.1mdvmes5.2.i586.rpm\r\n bf87de194976fad9dc10c3e7f1329185 mes5/i586/php-zlib-5.3.27-0.1mdvmes5.2.i586.rpm \r\n d08fda590c90745c3ca71b69201c518a mes5/SRPMS/apache-mod_php-5.3.27-0.1mdvmes5.2.src.rpm\r\n ae4f59b9c68278aab05d6feb4cf415bd mes5/SRPMS/php-5.3.27-0.1mdvmes5.2.src.rpm\r\n b9dc4f62d7dd3fdc8015691e67c105cc mes5/SRPMS/php-apc-3.1.13-0.5mdvmes5.2.src.rpm\r\n daed87613430472165c67aba22983146 mes5/SRPMS/php-eaccelerator-0.9.6.1-0.11mdvmes5.2.src.rpm\r\n f9ebbe9594224c4b0f2ce61fd51a2339 mes5/SRPMS/php-gd-bundled-5.3.27-0.1mdvmes5.2.src.rpm\r\n 0697671664727040ae04fec03a8113d5 mes5/SRPMS/php-ini-5.3.27-0.1mdvmes5.2.src.rpm\r\n a16687b0b02d5243b067f2909a855602 mes5/SRPMS/php-timezonedb-2013.4-0.1mdvmes5.2.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n 697652ce5918260b7378df8b8482bff2 mes5/x86_64/apache-mod_php-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n 3fc3606f447194ef2ba1b4259e36d0f6 mes5/x86_64/lib64php5_common5-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n 48056fef628214a55f00429acf6cf57e mes5/x86_64/php-apc-3.1.13-0.5mdvmes5.2.x86_64.rpm\r\n b6aee3e2d91134e972b9241e2e3ea64e mes5/x86_64/php-apc-admin-3.1.13-0.5mdvmes5.2.x86_64.rpm\r\n 666544a4538ec1b982666f50811a0136 mes5/x86_64/php-bcmath-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n 93599d706c12066a27a54c8608af2387 mes5/x86_64/php-bz2-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n e88fe0a8ca5a42802659ef7f569f760f mes5/x86_64/php-calendar-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n 7dbcd3f76a098c4de27d8284e18ecdbc mes5/x86_64/php-cgi-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n 9c71abf547143b6b5e2704bbb16f73d0 mes5/x86_64/php-cli-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n 91c4e393df688f98e1de7e5b1bfe560d mes5/x86_64/php-ctype-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n cb9e867e7fec83bac5486ea678bc7c16 mes5/x86_64/php-curl-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n 3d66605bfc5689c0e83012b96a91fc14 mes5/x86_64/php-dba-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n c06f8bfb3dfa5d1ce9b675387dc11e05 mes5/x86_64/php-devel-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n 9fbdc6dfd9dcb116844ef63f3053d4a9 mes5/x86_64/php-doc-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n 5470fea5b29256f6c829b0b01c9ac420 mes5/x86_64/php-dom-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n 1670037fc2340c45f311cbb891ff4dfc mes5/x86_64/php-eaccelerator-0.9.6.1-0.11mdvmes5.2.x86_64.rpm\r\n ab571707cc7c9e26f565aeb7da7745d5 mes5/x86_64/php-eaccelerator-admin-0.9.6.1-0.11mdvmes5.2.x86_64.rpm\r\n 0f59ff9136986fc414819c21cedb7007 mes5/x86_64/php-enchant-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n ce7b1d192b60a4032ff82f2e2e93ef4c mes5/x86_64/php-exif-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n a40130ea8d6a36734413bfa6e838872d mes5/x86_64/php-fileinfo-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n f65574d3e8aa542fe7c9ff3e4ac569b0 mes5/x86_64/php-filter-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n 995999b94dab7b18a1bef6ea5bef9f39 mes5/x86_64/php-fpm-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n d30963d3e6134bedcfcac76fa7343185 mes5/x86_64/php-ftp-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n 509916771185806789eb025d468a7d71 mes5/x86_64/php-gd-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n 415b37c623470f7c4366db274576e75c mes5/x86_64/php-gd-bundled-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n cc781b167f3d0906c3cda108cc0407ae mes5/x86_64/php-gettext-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n f9df366797b10c1d6fdf1c3af817c30e mes5/x86_64/php-gmp-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n 1b0b3563a53baa863cf6b5a5d6e13d1c mes5/x86_64/php-hash-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n c71eb40d1146909d58e5f0b2e33e4d8e mes5/x86_64/php-iconv-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n 006d1f73612feed62212fead46eee8fc mes5/x86_64/php-imap-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n 8c184369d48e5bcf41a8dc31bafc4418 mes5/x86_64/php-ini-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n 5596056a590e379b5f2f4b51cb10ce6d mes5/x86_64/php-intl-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n c2aafdaff2fd18eee13a74e804e09bae mes5/x86_64/php-json-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n fae3288db05a5ce483ca020b7e7d7671 mes5/x86_64/php-ldap-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n 69229acb275f26ec2da065bd9b4089df mes5/x86_64/php-mbstring-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n b22d494e7bab4b24ef4be1c9d5136703 mes5/x86_64/php-mcrypt-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n 535a16d222c5ecdb0990557b33ff8380 mes5/x86_64/php-mssql-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n 4cce578bc708ea4d8e5e7cf5bfdca0c9 mes5/x86_64/php-mysql-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n ec662ea6a9419f1390ddfbeec6d1a37b mes5/x86_64/php-mysqli-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n 784be9eb1c06b9766385b047b58adb15 mes5/x86_64/php-mysqlnd-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n ce372affbb05b36a23ac17fd24f1ac42 mes5/x86_64/php-odbc-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n 87fffde5f2c743377a1dec3952b79ce1 mes5/x86_64/php-openssl-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n 8a14e360ebf63bbf490f11938a6523dc mes5/x86_64/php-pcntl-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n b8941452373a37c68dd777484807b4bf mes5/x86_64/php-pdo-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n d132bd6f57b59f9849f5bfd2ddb93a3e mes5/x86_64/php-pdo_dblib-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n 1401b237e7bec4b28a7f2153299f1cb3 mes5/x86_64/php-pdo_mysql-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n f68e51f8eeac99522239069669424aee mes5/x86_64/php-pdo_odbc-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n 8f765068b9674ca30282f439adf8b1d2 mes5/x86_64/php-pdo_pgsql-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n 8af4084f8870f5deff2e345a0f8c7e96 mes5/x86_64/php-pdo_sqlite-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n bcfab232435d988262d1a1bb8cc89a91 mes5/x86_64/php-pgsql-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n adc36613e02265647003e3044283d4fe mes5/x86_64/php-phar-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n e1ee3680ab8b95c5fd646a7edfdf97bd mes5/x86_64/php-posix-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n 47079d61843785c7c973e3b2e4f4725a mes5/x86_64/php-pspell-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n 564b47e3616fe90b94e9afb630ec2fe5 mes5/x86_64/php-readline-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n 477d940a270f86f649ab34c960661fc9 mes5/x86_64/php-recode-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n 9677b11bcb656af5a185e1cd75d20521 mes5/x86_64/php-session-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n 6b0d45503490fd814060a5b55ea69038 mes5/x86_64/php-shmop-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n a2bd55690c91daa015ea3ce9d45bdcd4 mes5/x86_64/php-snmp-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n 7bcfec32d1d9471654808afa80c0c767 mes5/x86_64/php-soap-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n 8e24f934ef6d0266b5aa92b63040e66f mes5/x86_64/php-sockets-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n 94e4d2fae52970ab956df1924372854f mes5/x86_64/php-sqlite3-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n 5ea986f7f7ba4a1f9f32dfc0ce4f38ca mes5/x86_64/php-sqlite-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n fbb32aa8ae6c7c673fd0c05b6e4a6a9b mes5/x86_64/php-sybase_ct-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n 41cb6d9f75472ed60058900de55f1e78 mes5/x86_64/php-sysvmsg-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n c61615d1c9581dd4cd014def61f3b58f mes5/x86_64/php-sysvsem-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n 4ad4cddd865dc5c78651ad8dc454c5dd mes5/x86_64/php-sysvshm-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n 55740724562bc1f2b50130a39909438e mes5/x86_64/php-tidy-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n 52593e8b36091e0d2860580b279d353a mes5/x86_64/php-timezonedb-2013.4-0.1mdvmes5.2.x86_64.rpm\r\n 89a49d756d8291e973872e686e8978bb mes5/x86_64/php-tokenizer-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n e14dc6aede31c58cbf30aa2f8f478ee7 mes5/x86_64/php-wddx-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n d2a993124b89a1c5a1d973d68c1c51aa mes5/x86_64/php-xml-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n 5bb9ceebe3b9f0ddaeced6965f0d2dd1 mes5/x86_64/php-xmlreader-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n 21a0a586c9fe202b30f24cc493ff011f mes5/x86_64/php-xmlrpc-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n e57dd6a325b3392c18aa80cf6e582e0f mes5/x86_64/php-xmlwriter-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n 18f37d16bc5323615b76a3251c9b488b mes5/x86_64/php-xsl-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n d023e553394edfc258a73b867bd63e7f mes5/x86_64/php-zip-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n 2b1053f0b88c99de4d8dbb62d144ab57 mes5/x86_64/php-zlib-5.3.27-0.1mdvmes5.2.x86_64.rpm \r\n d08fda590c90745c3ca71b69201c518a mes5/SRPMS/apache-mod_php-5.3.27-0.1mdvmes5.2.src.rpm\r\n ae4f59b9c68278aab05d6feb4cf415bd mes5/SRPMS/php-5.3.27-0.1mdvmes5.2.src.rpm\r\n b9dc4f62d7dd3fdc8015691e67c105cc mes5/SRPMS/php-apc-3.1.13-0.5mdvmes5.2.src.rpm\r\n daed87613430472165c67aba22983146 mes5/SRPMS/php-eaccelerator-0.9.6.1-0.11mdvmes5.2.src.rpm\r\n f9ebbe9594224c4b0f2ce61fd51a2339 mes5/SRPMS/php-gd-bundled-5.3.27-0.1mdvmes5.2.src.rpm\r\n 0697671664727040ae04fec03a8113d5 mes5/SRPMS/php-ini-5.3.27-0.1mdvmes5.2.src.rpm\r\n a16687b0b02d5243b067f2909a855602 mes5/SRPMS/php-timezonedb-2013.4-0.1mdvmes5.2.src.rpm\r\n\r\n Mandriva Business Server 1/X86_64:\r\n 75bded5ac83308a827431394dd64c8d0 mbs1/x86_64/apache-mod_php-5.3.27-1.mbs1.x86_64.rpm\r\n c41c25303d1b93e21a156f4e47b28873 mbs1/x86_64/lib64php5_common5-5.3.27-1.mbs1.x86_64.rpm\r\n c16b2ea8fd23f41f3a77988be5db4cfa mbs1/x86_64/php-apc-3.1.13-3.3.mbs1.x86_64.rpm\r\n 1cf130896be8a195da27906e621a7e1a mbs1/x86_64/php-apc-admin-3.1.13-3.3.mbs1.x86_64.rpm\r\n 0c1c0fd2bab96cff73cc31c20dddb566 mbs1/x86_64/php-bcmath-5.3.27-1.mbs1.x86_64.rpm\r\n 9f81a37218a0d51d4359935dc00d075b mbs1/x86_64/php-bz2-5.3.27-1.mbs1.x86_64.rpm\r\n 5aca27a4f143088ac65c0aa708bb12d7 mbs1/x86_64/php-calendar-5.3.27-1.mbs1.x86_64.rpm\r\n 982aeda31a4791b28cd447e0ed38f3f7 mbs1/x86_64/php-cgi-5.3.27-1.mbs1.x86_64.rpm\r\n a6a13ad22525a91c1f31e320179b970a mbs1/x86_64/php-cli-5.3.27-1.mbs1.x86_64.rpm\r\n b315cf43b025854920ad039bf8827b17 mbs1/x86_64/php-ctype-5.3.27-1.mbs1.x86_64.rpm\r\n 32431e64013954c0d382823e2d271625 mbs1/x86_64/php-curl-5.3.27-1.mbs1.x86_64.rpm\r\n f9286e7daded5ed106846cdbfecfde18 mbs1/x86_64/php-dba-5.3.27-1.mbs1.x86_64.rpm\r\n 1bfb7407b5ec95ac1e1db862a09d5d7b mbs1/x86_64/php-devel-5.3.27-1.mbs1.x86_64.rpm\r\n e2f6e68ebdcdb69feb726f832e32fb50 mbs1/x86_64/php-dom-5.3.27-1.mbs1.x86_64.rpm\r\n af5180f668d903526a721d16d12776d2 mbs1/x86_64/php-eaccelerator-0.9.6.1-12.3.mbs1.x86_64.rpm\r\n 041c7ec1161cab5a778f02774b8c8c1c mbs1/x86_64/php-eaccelerator-admin-0.9.6.1-12.3.mbs1.x86_64.rpm\r\n 12ee61fa0738858356407582c6e545d2 mbs1/x86_64/php-enchant-5.3.27-1.mbs1.x86_64.rpm\r\n 82eb8960a60882e14dd41ff4ecd2aa01 mbs1/x86_64/php-exif-5.3.27-1.mbs1.x86_64.rpm\r\n 8953cbdb4bf0ba9080640dc9f10fc97a mbs1/x86_64/php-fileinfo-5.3.27-1.mbs1.x86_64.rpm\r\n fb44ad3198977723a8500620ff5c1bcd mbs1/x86_64/php-filter-5.3.27-1.mbs1.x86_64.rpm\r\n a14d23167018924494bc69b28bf1f709 mbs1/x86_64/php-fpm-5.3.27-1.mbs1.x86_64.rpm\r\n 88aa5854c0b5fd14d3e75e8efc1b4b88 mbs1/x86_64/php-ftp-5.3.27-1.mbs1.x86_64.rpm\r\n 6ffe367315d4485a7890c107ca3047d4 mbs1/x86_64/php-gd-5.3.27-1.mbs1.x86_64.rpm\r\n dc6ae8bd0ceda7e5dce0b4f1ba74b006 mbs1/x86_64/php-gd-bundled-5.3.27-1.mbs1.x86_64.rpm\r\n af84517e4d0f4538d92fd92cad557098 mbs1/x86_64/php-gettext-5.3.27-1.mbs1.x86_64.rpm\r\n d505df5be8a4ef178ae2a2d5af894be0 mbs1/x86_64/php-gmp-5.3.27-1.mbs1.x86_64.rpm\r\n 2710fb6798654bf0ad310b11b96a3a95 mbs1/x86_64/php-hash-5.3.27-1.mbs1.x86_64.rpm\r\n 4ab8bac931dbfcf2f392e1ade55ef247 mbs1/x86_64/php-iconv-5.3.27-1.mbs1.x86_64.rpm\r\n eee7240c90d86f78ee2cb92e744665fa mbs1/x86_64/php-imap-5.3.27-1.mbs1.x86_64.rpm\r\n f7ecce834029092845da3bfd2ba3fa9e mbs1/x86_64/php-ini-5.3.27-1.mbs1.x86_64.rpm\r\n a3d35dc7aa6505c2e5bba2f9050a8c9f mbs1/x86_64/php-intl-5.3.27-1.mbs1.x86_64.rpm\r\n ae0e54ac3ced67a3f9bb7de5015da501 mbs1/x86_64/php-json-5.3.27-1.mbs1.x86_64.rpm\r\n b711e2526bb9fa1f22249c733a4b4345 mbs1/x86_64/php-ldap-5.3.27-1.mbs1.x86_64.rpm\r\n ea652f11230b70b28cd1e911bc5d941a mbs1/x86_64/php-mbstring-5.3.27-1.mbs1.x86_64.rpm\r\n c3cc881a9e18a3bb16b8b8bf6f6f4e01 mbs1/x86_64/php-mcrypt-5.3.27-1.mbs1.x86_64.rpm\r\n 63be023f5badcebbec008461fd4446ae mbs1/x86_64/php-mssql-5.3.27-1.mbs1.x86_64.rpm\r\n 6983e5e43ed797e9ec9d89935b91b90a mbs1/x86_64/php-mysql-5.3.27-1.mbs1.x86_64.rpm\r\n d0eafd4b4bcc8a43dbbcd45ff6c6ca27 mbs1/x86_64/php-mysqli-5.3.27-1.mbs1.x86_64.rpm\r\n 08267b8cdfd618227978f97f1a0edb66 mbs1/x86_64/php-mysqlnd-5.3.27-1.mbs1.x86_64.rpm\r\n abc826a5af1d8fa7413a7300d64e8f59 mbs1/x86_64/php-odbc-5.3.27-1.mbs1.x86_64.rpm\r\n 9795c0b61e54b67f4b4c12cabaed76df mbs1/x86_64/php-openssl-5.3.27-1.mbs1.x86_64.rpm\r\n 60952041bf3e49017b7ea6ab582bfc32 mbs1/x86_64/php-pcntl-5.3.27-1.mbs1.x86_64.rpm\r\n 7dd080abe4e3c3d2657ad28fb8fa4c3c mbs1/x86_64/php-pdo-5.3.27-1.mbs1.x86_64.rpm\r\n e6f6be01cee9715b2552e3516ee459bd mbs1/x86_64/php-pdo_dblib-5.3.27-1.mbs1.x86_64.rpm\r\n 49dbe30755542f9a1cfea4d8fa325677 mbs1/x86_64/php-pdo_mysql-5.3.27-1.mbs1.x86_64.rpm\r\n 92442e9680adf9cf2efb6834e8cdc5fb mbs1/x86_64/php-pdo_odbc-5.3.27-1.mbs1.x86_64.rpm\r\n bbe73415c9b4ac708e677e1f3249f89b mbs1/x86_64/php-pdo_pgsql-5.3.27-1.mbs1.x86_64.rpm\r\n 6f34525b1d845465b9bd06a75a842d29 mbs1/x86_64/php-pdo_sqlite-5.3.27-1.mbs1.x86_64.rpm\r\n e58eba345e8f6b66102ce87d70849ca8 mbs1/x86_64/php-pgsql-5.3.27-1.mbs1.x86_64.rpm\r\n e6ef2a6112dd7b3ea83c7c5c9ef673d1 mbs1/x86_64/php-phar-5.3.27-1.mbs1.x86_64.rpm\r\n 736ded804ae4848de712549369745fd3 mbs1/x86_64/php-posix-5.3.27-1.mbs1.x86_64.rpm\r\n baeae8e69db5e024a013679d5b041139 mbs1/x86_64/php-readline-5.3.27-1.mbs1.x86_64.rpm\r\n 8dcee05da13e9061bcf2b0547a822e2a mbs1/x86_64/php-recode-5.3.27-1.mbs1.x86_64.rpm\r\n dfc2e837d0a3d4e5e4ea906e579b2c1c mbs1/x86_64/php-session-5.3.27-1.mbs1.x86_64.rpm\r\n 674b49477fcbcd8d351d535e164c0e99 mbs1/x86_64/php-shmop-5.3.27-1.mbs1.x86_64.rpm\r\n c7d5e9a614411c46a20958606f0473b0 mbs1/x86_64/php-snmp-5.3.27-1.mbs1.x86_64.rpm\r\n 95e1afd7a594cf02957a233d41dd1401 mbs1/x86_64/php-soap-5.3.27-1.mbs1.x86_64.rpm\r\n d10f6561da044328cb4f1da28da4203b mbs1/x86_64/php-sockets-5.3.27-1.mbs1.x86_64.rpm\r\n f2d3e41ec14793317286825771f761fb mbs1/x86_64/php-sqlite3-5.3.27-1.mbs1.x86_64.rpm\r\n d474906044d4e273da43199222fe32b5 mbs1/x86_64/php-sqlite-5.3.27-1.mbs1.x86_64.rpm\r\n e02c225c25fcb10087e25979ee4aa8a9 mbs1/x86_64/php-sybase_ct-5.3.27-1.mbs1.x86_64.rpm\r\n 88555ab9bcabe068b9e5a5cd01a63fb2 mbs1/x86_64/php-sysvmsg-5.3.27-1.mbs1.x86_64.rpm\r\n db744fd1790ce682f1915164bb6c46d1 mbs1/x86_64/php-sysvsem-5.3.27-1.mbs1.x86_64.rpm\r\n 9df56cd887104cf39c494a85c62fe624 mbs1/x86_64/php-sysvshm-5.3.27-1.mbs1.x86_64.rpm\r\n 959b348fa48ef1bd24349f6d8474b07c mbs1/x86_64/php-tidy-5.3.27-1.mbs1.x86_64.rpm\r\n 905448075a8b0ddb1edaeb76a515adbd mbs1/x86_64/php-timezonedb-2013.4-1.mbs1.x86_64.rpm\r\n e5a471f627585d375fc7c45bb877abbf mbs1/x86_64/php-tokenizer-5.3.27-1.mbs1.x86_64.rpm\r\n 9055271ad0b2afadcea3413ee0846094 mbs1/x86_64/php-wddx-5.3.27-1.mbs1.x86_64.rpm\r\n 241644927b57c8b20a892f9a7dd5ae5d mbs1/x86_64/php-xml-5.3.27-1.mbs1.x86_64.rpm\r\n c2e9a295fb3f64fab8ceebad762d6edb mbs1/x86_64/php-xmlreader-5.3.27-1.mbs1.x86_64.rpm\r\n 3af470f0a84da1e7c73bd00aad7e8fde mbs1/x86_64/php-xmlrpc-5.3.27-1.mbs1.x86_64.rpm\r\n c13ebdfd28e43bec659ec2bf679b9052 mbs1/x86_64/php-xmlwriter-5.3.27-1.mbs1.x86_64.rpm\r\n fe6f8ac37c04f89610f017dc782f6010 mbs1/x86_64/php-xsl-5.3.27-1.mbs1.x86_64.rpm\r\n 0302a68701a09d9735428cd8486e4d8f mbs1/x86_64/php-zip-5.3.27-1.mbs1.x86_64.rpm\r\n 0ab9dd41b6501fb391b7d91c7e7b1510 mbs1/x86_64/php-zlib-5.3.27-1.mbs1.x86_64.rpm \r\n b46f013c57009fa568a305be1f254a3d mbs1/SRPMS/php-5.3.27-1.mbs1.src.rpm\r\n ed7390405d9a166f9e36644e90a3c1b0 mbs1/SRPMS/php-apc-3.1.13-3.3.mbs1.src.rpm\r\n e3bfe4bd08682f6bb4b93944bc8fabac mbs1/SRPMS/php-eaccelerator-0.9.6.1-12.3.mbs1.src.rpm\r\n 76f25df1bea03d76a89f29606f495fec mbs1/SRPMS/php-gd-bundled-5.3.27-1.mbs1.src.rpm\r\n b6a9e14cace26e625c90019700602ae5 mbs1/SRPMS/php-timezonedb-2013.4-1.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niD8DBQFR4BdymqjQ0CJFipgRAq00AKCAYyUzDi7egJaYvZqvg4RtMn4WRwCfc5wk\r\nWVEnjcFUYPlgs5O07pow2iY=\r\n=aZL0\r\n-----END PGP SIGNATURE-----\r\n\r\n", "published": "2013-07-15T00:00:00", "modified": "2013-07-15T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29607", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2013-4113"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:48", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "bbe4617658591db5430cfca9d7e4755d"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "f64aa750df370215e1b429e5b4dac038"}, {"key": "href", "hash": "3ea708ceb7ebc9d273daca47d995b8f7"}, {"key": "modified", "hash": "c744c6d15c5ed33c64888ee18ab3c93d"}, {"key": "published", "hash": "c744c6d15c5ed33c64888ee18ab3c93d"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "02935da954827b8b0112a36a1b148e1b"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "cc50c93e3749c9faf71d06efbd28173a2b614172f15485a68028227486f67374", "viewCount": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE", "modified": "2018-08-31T11:10:48"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-4113"]}, {"type": "f5", "idList": ["SOL15169"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-2723.NASL", "ALA_ALAS-2013-211.NASL", "SL_20130712_PHP_ON_SL5_X.NASL", "F5_BIGIP_SOL15169.NASL", "ORACLELINUX_ELSA-2013-1050.NASL", "PHP_5_3_27.NASL", "REDHAT-RHSA-2013-1050.NASL", "ORACLELINUX_ELSA-2013-1049.NASL", "PHP_5_5_1.NASL", "REDHAT-RHSA-2013-1062.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310866493", "OPENVAS:1361412562310881764", "OPENVAS:1361412562310871018", "OPENVAS:871018", "OPENVAS:1361412562310123599", "OPENVAS:1361412562310123598", "OPENVAS:1361412562310881765", "OPENVAS:1361412562310120437", "OPENVAS:881766", "OPENVAS:1361412562310803729"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-1049", "ELSA-2013-1063", "ELSA-2013-1050", "ELSA-2013-1307"]}, {"type": "redhat", "idList": ["RHSA-2013:1050", "RHSA-2013:1063", "RHSA-2013:1049", "RHSA-2013:1062", "RHSA-2013:1061"]}, {"type": "centos", "idList": ["CESA-2013:1050", "CESA-2013:1049"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2723-1:0AA87"]}, {"type": "amazon", "idList": ["ALAS-2013-211", "ALAS-2013-212"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:29609", "SECURITYVULNS:VULN:13189"]}, {"type": "slackware", "idList": ["SSA-2013-197-01"]}, {"type": "freebsd", "idList": ["31B145F2-D9D3-49A9-8023-11CF742205DC"]}, {"type": "ubuntu", "idList": ["USN-1905-1"]}, {"type": "suse", "idList": ["SUSE-SU-2013:1316-1", "SUSE-SU-2013:1285-1", "SUSE-SU-2013:1317-1", "SUSE-SU-2013:1285-2", "SUSE-SU-2013:1315-1"]}], "modified": "2018-08-31T11:10:48"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "affectedSoftware": []}

{"cve": [{"lastseen": "2016-09-03T18:43:43", "bulletinFamily": "NVD", "description": "ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function.", "modified": "2014-03-05T23:47:15", "published": "2013-07-13T09:10:01", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4113", "id": "CVE-2013-4113", "title": "CVE-2013-4113", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "f5": [{"lastseen": "2016-09-26T17:22:55", "bulletinFamily": "software", "description": "Recommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, you should expose the Configuration utility only on trusted networks and limit login access to trusted users.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents.\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL10322: FirePass hotfix matrix\n * SOL3430: Installing FirePass hotfixes\n", "modified": "2015-05-14T00:00:00", "published": "2014-04-14T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15169.html", "id": "SOL15169", "title": "SOL15169 - PHP vulnerability CVE-2013-4113", "type": "f5", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-01-16T20:16:58", "bulletinFamily": "scanner", "description": "It was discovered that PHP could perform an invalid free request when\nprocessing crafted XML documents, corrupting the heap and potentially\nleading to arbitrary code execution. Depending on the PHP application,\nthis vulnerability could be exploited remotely.", "modified": "2018-11-10T00:00:00", "published": "2013-07-18T00:00:00", "id": "DEBIAN_DSA-2723.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68942", "title": "Debian DSA-2723-1 : php5 - heap corruption", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2723. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68942);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/11/10 11:49:36\");\n\n script_cve_id(\"CVE-2013-4113\");\n script_bugtraq_id(61128);\n script_xref(name:\"DSA\", value:\"2723\");\n\n script_name(english:\"Debian DSA-2723-1 : php5 - heap corruption\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that PHP could perform an invalid free request when\nprocessing crafted XML documents, corrupting the heap and potentially\nleading to arbitrary code execution. Depending on the PHP application,\nthis vulnerability could be exploited remotely.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/php5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/php5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2013/dsa-2723\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the php5 packages.\n\nFor the oldstable distribution (squeeze), this problem has been fixed\nin version 5.3.3-7+squeeze16.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 5.4.4-14+deb7u3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libapache2-mod-php5\", reference:\"5.3.3-7+squeeze16\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libapache2-mod-php5filter\", reference:\"5.3.3-7+squeeze16\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php-pear\", reference:\"5.3.3-7+squeeze16\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5\", reference:\"5.3.3-7+squeeze16\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-cgi\", reference:\"5.3.3-7+squeeze16\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-cli\", reference:\"5.3.3-7+squeeze16\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-common\", reference:\"5.3.3-7+squeeze16\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-curl\", reference:\"5.3.3-7+squeeze16\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-dbg\", reference:\"5.3.3-7+squeeze16\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-dev\", reference:\"5.3.3-7+squeeze16\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-enchant\", reference:\"5.3.3-7+squeeze16\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-gd\", reference:\"5.3.3-7+squeeze16\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-gmp\", reference:\"5.3.3-7+squeeze16\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-imap\", reference:\"5.3.3-7+squeeze16\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-interbase\", reference:\"5.3.3-7+squeeze16\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-intl\", reference:\"5.3.3-7+squeeze16\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-ldap\", reference:\"5.3.3-7+squeeze16\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-mcrypt\", reference:\"5.3.3-7+squeeze16\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-mysql\", reference:\"5.3.3-7+squeeze16\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-odbc\", reference:\"5.3.3-7+squeeze16\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-pgsql\", reference:\"5.3.3-7+squeeze16\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-pspell\", reference:\"5.3.3-7+squeeze16\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-recode\", reference:\"5.3.3-7+squeeze16\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-snmp\", reference:\"5.3.3-7+squeeze16\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-sqlite\", reference:\"5.3.3-7+squeeze16\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-sybase\", reference:\"5.3.3-7+squeeze16\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-tidy\", reference:\"5.3.3-7+squeeze16\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-xmlrpc\", reference:\"5.3.3-7+squeeze16\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-xsl\", reference:\"5.3.3-7+squeeze16\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libapache2-mod-php5\", reference:\"5.4.4-14+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libapache2-mod-php5filter\", reference:\"5.4.4-14+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libphp5-embed\", reference:\"5.4.4-14+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php-pear\", reference:\"5.4.4-14+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5\", reference:\"5.4.4-14+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-cgi\", reference:\"5.4.4-14+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-cli\", reference:\"5.4.4-14+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-common\", reference:\"5.4.4-14+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-curl\", reference:\"5.4.4-14+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-dbg\", reference:\"5.4.4-14+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-dev\", reference:\"5.4.4-14+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-enchant\", reference:\"5.4.4-14+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-fpm\", reference:\"5.4.4-14+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-gd\", reference:\"5.4.4-14+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-gmp\", reference:\"5.4.4-14+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-imap\", reference:\"5.4.4-14+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-interbase\", reference:\"5.4.4-14+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-intl\", reference:\"5.4.4-14+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-ldap\", reference:\"5.4.4-14+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-mcrypt\", reference:\"5.4.4-14+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-mysql\", reference:\"5.4.4-14+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-mysqlnd\", reference:\"5.4.4-14+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-odbc\", reference:\"5.4.4-14+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-pgsql\", reference:\"5.4.4-14+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-pspell\", reference:\"5.4.4-14+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-recode\", reference:\"5.4.4-14+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-snmp\", reference:\"5.4.4-14+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-sqlite\", reference:\"5.4.4-14+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-sybase\", reference:\"5.4.4-14+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-tidy\", reference:\"5.4.4-14+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-xmlrpc\", reference:\"5.4.4-14+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-xsl\", reference:\"5.4.4-14+deb7u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:17:11", "bulletinFamily": "scanner", "description": "A buffer overflow flaw was found in the way PHP parsed deeply nested\nXML documents. If a PHP application used the xml_parse_into_struct()\nfunction to parse untrusted XML content, an attacker able to supply\nspecially crafted XML could use this flaw to crash the application or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the PHP interpreter. (CVE-2013-4113)", "modified": "2018-04-18T00:00:00", "published": "2013-09-04T00:00:00", "id": "ALA_ALAS-2013-211.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=69769", "title": "Amazon Linux AMI : php (ALAS-2013-211)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2013-211.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69769);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2013-4113\");\n script_xref(name:\"ALAS\", value:\"2013-211\");\n script_xref(name:\"RHSA\", value:\"2013:1049\");\n\n script_name(english:\"Amazon Linux AMI : php (ALAS-2013-211)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow flaw was found in the way PHP parsed deeply nested\nXML documents. If a PHP application used the xml_parse_into_struct()\nfunction to parse untrusted XML content, an attacker able to supply\nspecially crafted XML could use this flaw to crash the application or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the PHP interpreter. (CVE-2013-4113)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2013-211.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update php' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"php-5.3.27-1.0.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-bcmath-5.3.27-1.0.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-cli-5.3.27-1.0.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-common-5.3.27-1.0.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-dba-5.3.27-1.0.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-debuginfo-5.3.27-1.0.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-devel-5.3.27-1.0.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-embedded-5.3.27-1.0.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-enchant-5.3.27-1.0.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-fpm-5.3.27-1.0.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-gd-5.3.27-1.0.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-imap-5.3.27-1.0.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-intl-5.3.27-1.0.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-ldap-5.3.27-1.0.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-mbstring-5.3.27-1.0.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-mcrypt-5.3.27-1.0.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-mssql-5.3.27-1.0.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-mysql-5.3.27-1.0.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-mysqlnd-5.3.27-1.0.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-odbc-5.3.27-1.0.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-pdo-5.3.27-1.0.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-pgsql-5.3.27-1.0.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-process-5.3.27-1.0.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-pspell-5.3.27-1.0.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-recode-5.3.27-1.0.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-snmp-5.3.27-1.0.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-soap-5.3.27-1.0.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-tidy-5.3.27-1.0.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-xml-5.3.27-1.0.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-xmlrpc-5.3.27-1.0.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-debuginfo / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:16:55", "bulletinFamily": "scanner", "description": "A buffer overflow flaw was found in the way PHP parsed deeply nested\nXML documents. If a PHP application used the xml_parse_into_struct()\nfunction to parse untrusted XML content, an attacker able to supply\nspecially- crafted XML could use this flaw to crash the application\nor, possibly, execute arbitrary code with the privileges of the user\nrunning the PHP interpreter. (CVE-2013-4113)\n\nAfter installing the updated packages, the httpd daemon must be\nrestarted for the update to take effect.", "modified": "2018-12-31T00:00:00", "published": "2013-07-14T00:00:00", "id": "SL_20130712_PHP_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68868", "title": "Scientific Linux Security Update : php on SL5.x, SL6.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68868);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/12/31 11:35:01\");\n\n script_cve_id(\"CVE-2013-4113\");\n\n script_name(english:\"Scientific Linux Security Update : php on SL5.x, SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow flaw was found in the way PHP parsed deeply nested\nXML documents. If a PHP application used the xml_parse_into_struct()\nfunction to parse untrusted XML content, an attacker able to supply\nspecially- crafted XML could use this flaw to crash the application\nor, possibly, execute arbitrary code with the privileges of the user\nrunning the PHP interpreter. (CVE-2013-4113)\n\nAfter installing the updated packages, the httpd daemon must be\nrestarted for the update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1307&L=scientific-linux-errata&T=0&P=952\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bd5fd8c3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"php-5.1.6-40.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-bcmath-5.1.6-40.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-cli-5.1.6-40.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-common-5.1.6-40.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-dba-5.1.6-40.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-debuginfo-5.1.6-40.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-devel-5.1.6-40.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-gd-5.1.6-40.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-imap-5.1.6-40.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-ldap-5.1.6-40.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-mbstring-5.1.6-40.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-mysql-5.1.6-40.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-ncurses-5.1.6-40.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-odbc-5.1.6-40.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-pdo-5.1.6-40.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-pgsql-5.1.6-40.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-snmp-5.1.6-40.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-soap-5.1.6-40.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-xml-5.1.6-40.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"php-xmlrpc-5.1.6-40.el5_9\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"php-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-bcmath-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-cli-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-common-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-dba-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-debuginfo-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-devel-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-embedded-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-enchant-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-fpm-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-gd-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-imap-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-intl-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-ldap-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-mbstring-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-mysql-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-odbc-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-pdo-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-pgsql-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-process-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-pspell-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-recode-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-snmp-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-soap-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-tidy-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-xml-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-xmlrpc-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"php-zts-5.3.3-23.el6_4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:21:29", "bulletinFamily": "scanner", "description": "ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing\ndepth, which allows remote attackers to cause a denial of service\n(heap memory corruption) or possibly have unspecified other impact via\na crafted document that is processed by the xml_parse_into_struct\nfunction.", "modified": "2019-01-04T00:00:00", "published": "2015-05-15T00:00:00", "id": "F5_BIGIP_SOL15169.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83477", "title": "F5 Networks BIG-IP : PHP vulnerability (SOL15169)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL15169.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83477);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2019/01/04 10:03:40\");\n\n script_cve_id(\"CVE-2013-4113\");\n script_bugtraq_id(61128);\n\n script_name(english:\"F5 Networks BIG-IP : PHP vulnerability (SOL15169)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing\ndepth, which allows remote attackers to cause a denial of service\n(heap memory corruption) or possibly have unspecified other impact via\na crafted document that is processed by the xml_parse_into_struct\nfunction.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K15169\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL15169.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL15169\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"11.3.0-11.4.1\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"11.5.0-11.6.0\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"11.4.0-11.4.1\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"11.5.0-11.6.0\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"11.0.0-11.4.1\",\"10.1.0-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"11.5.0-11.6.0\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"11.0.0-11.4.1\",\"10.0.0-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"11.5.0-11.6.0\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.0.0-11.4.1\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"11.5.0-11.6.0\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.0.0-11.4.1\",\"10.0.0-10.2.4\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.5.0-11.6.0\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"11.0.0-11.4.1\",\"10.0.0-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"11.5.0-11.6.0\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"11.0.0-11.4.1\",\"10.0.0-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"11.5.0-11.6.0\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"11.3.0-11.4.1\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"11.5.0-11.6.0\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:16:55", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2013:1050 :\n\nUpdated php53 packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nA buffer overflow flaw was found in the way PHP parsed deeply nested\nXML documents. If a PHP application used the xml_parse_into_struct()\nfunction to parse untrusted XML content, an attacker able to supply\nspecially crafted XML could use this flaw to crash the application or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the PHP interpreter. (CVE-2013-4113)\n\nAll php53 users should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.", "modified": "2018-07-18T00:00:00", "published": "2013-07-14T00:00:00", "id": "ORACLELINUX_ELSA-2013-1050.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68864", "title": "Oracle Linux 5 : php53 (ELSA-2013-1050)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:1050 and \n# Oracle Linux Security Advisory ELSA-2013-1050 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68864);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/07/18 17:43:57\");\n\n script_cve_id(\"CVE-2013-4113\");\n script_xref(name:\"RHSA\", value:\"2013:1050\");\n\n script_name(english:\"Oracle Linux 5 : php53 (ELSA-2013-1050)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:1050 :\n\nUpdated php53 packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nA buffer overflow flaw was found in the way PHP parsed deeply nested\nXML documents. If a PHP application used the xml_parse_into_struct()\nfunction to parse untrusted XML content, an attacker able to supply\nspecially crafted XML could use this flaw to crash the application or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the PHP interpreter. (CVE-2013-4113)\n\nAll php53 users should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-July/003577.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected php53 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:php53-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"php53-5.3.3-13.el5_9.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-bcmath-5.3.3-13.el5_9.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-cli-5.3.3-13.el5_9.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-common-5.3.3-13.el5_9.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-dba-5.3.3-13.el5_9.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-devel-5.3.3-13.el5_9.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-gd-5.3.3-13.el5_9.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-imap-5.3.3-13.el5_9.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-intl-5.3.3-13.el5_9.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-ldap-5.3.3-13.el5_9.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-mbstring-5.3.3-13.el5_9.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-mysql-5.3.3-13.el5_9.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-odbc-5.3.3-13.el5_9.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-pdo-5.3.3-13.el5_9.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-pgsql-5.3.3-13.el5_9.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-process-5.3.3-13.el5_9.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-pspell-5.3.3-13.el5_9.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-snmp-5.3.3-13.el5_9.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-soap-5.3.3-13.el5_9.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-xml-5.3.3-13.el5_9.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"php53-xmlrpc-5.3.3-13.el5_9.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php53 / php53-bcmath / php53-cli / php53-common / php53-dba / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:16:55", "bulletinFamily": "scanner", "description": "Updated php53 packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nA buffer overflow flaw was found in the way PHP parsed deeply nested\nXML documents. If a PHP application used the xml_parse_into_struct()\nfunction to parse untrusted XML content, an attacker able to supply\nspecially crafted XML could use this flaw to crash the application or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the PHP interpreter. (CVE-2013-4113)\n\nAll php53 users should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.", "modified": "2018-11-10T00:00:00", "published": "2013-07-14T00:00:00", "id": "REDHAT-RHSA-2013-1050.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68866", "title": "RHEL 5 : php53 (RHSA-2013:1050)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1050. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68866);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/11/10 11:49:52\");\n\n script_cve_id(\"CVE-2013-4113\");\n script_xref(name:\"RHSA\", value:\"2013:1050\");\n\n script_name(english:\"RHEL 5 : php53 (RHSA-2013:1050)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated php53 packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nA buffer overflow flaw was found in the way PHP parsed deeply nested\nXML documents. If a PHP application used the xml_parse_into_struct()\nfunction to parse untrusted XML content, an attacker able to supply\nspecially crafted XML could use this flaw to crash the application or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the PHP interpreter. (CVE-2013-4113)\n\nAll php53 users should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:1050\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4113\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php53-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1050\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-bcmath-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-bcmath-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-bcmath-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-cli-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-cli-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-cli-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-common-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-common-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-common-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-dba-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-dba-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-dba-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-debuginfo-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-debuginfo-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-debuginfo-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-devel-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-devel-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-devel-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-gd-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-gd-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-gd-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-imap-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-imap-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-imap-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-intl-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-intl-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-intl-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-ldap-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-ldap-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-ldap-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-mbstring-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-mbstring-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-mbstring-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-mysql-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-mysql-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-mysql-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-odbc-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-odbc-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-odbc-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-pdo-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-pdo-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-pdo-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-pgsql-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-pgsql-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-pgsql-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-process-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-process-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-process-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-pspell-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-pspell-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-pspell-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-snmp-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-snmp-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-snmp-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-soap-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-soap-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-soap-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-xml-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-xml-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-xml-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php53-xmlrpc-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php53-xmlrpc-5.3.3-13.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php53-xmlrpc-5.3.3-13.el5_9.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php53 / php53-bcmath / php53-cli / php53-common / php53-dba / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:16:21", "bulletinFamily": "scanner", "description": "According to its banner, the version of PHP 5.3.x installed on the\nremote host is prior to 5.3.27. It is, therefore, potentially \naffected by the following vulnerabilities:\n\n - A buffer overflow error exists in the function\n '_pdo_pgsql_error'. (Bug #64949)\n\n - A heap corruption error exists in numerous functions\n in the file 'ext/xml/xml.c'. (CVE-2013-4113 / Bug #65236)\n\nNote that this plugin does not attempt to exploit these vulnerabilities,\nbut instead relies only on PHP's self-reported version number.", "modified": "2018-11-15T00:00:00", "published": "2013-07-12T00:00:00", "id": "PHP_5_3_27.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67259", "title": "PHP 5.3.x < 5.3.27 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67259);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/11/15 20:50:18\");\n\n script_cve_id(\"CVE-2013-4113\");\n script_bugtraq_id(61128);\n\n script_name(english:\"PHP 5.3.x < 5.3.27 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of PHP\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote web server uses a version of PHP that is potentially\naffected by multiple vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its banner, the version of PHP 5.3.x installed on the\nremote host is prior to 5.3.27. It is, therefore, potentially \naffected by the following vulnerabilities:\n\n - A buffer overflow error exists in the function\n '_pdo_pgsql_error'. (Bug #64949)\n\n - A heap corruption error exists in numerous functions\n in the file 'ext/xml/xml.c'. (CVE-2013-4113 / Bug #65236)\n\nNote that this plugin does not attempt to exploit these vulnerabilities,\nbut instead relies only on PHP's self-reported version number.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=64949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=65236\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.php.net/ChangeLog-5.php#5.3.27\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the vendor patch or upgrade to PHP version 5.3.27 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-4113\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/PHP\");\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^5(\\.3)?$\") exit(1, \"The banner from the PHP install associated with port \"+port+\" - \"+version+\" - is not granular enough to make a determination.\");\nif (version !~ \"^5\\.3\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 5.3.x\", port);\n\nif (version =~ \"^5\\.3\\.([0-9]|1[0-9]|2[0-6])($|[^0-9])\")\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : '+source +\n '\\n Installed version : '+version+\n '\\n Fixed version : 5.3.27\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:16:55", "bulletinFamily": "scanner", "description": "Updated php packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nA buffer overflow flaw was found in the way PHP parsed deeply nested\nXML documents. If a PHP application used the xml_parse_into_struct()\nfunction to parse untrusted XML content, an attacker able to supply\nspecially crafted XML could use this flaw to crash the application or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the PHP interpreter. (CVE-2013-4113)\n\nAll php users should upgrade to these updated packages, which contain\na backported patch to resolve this issue. After installing the updated\npackages, the httpd daemon must be restarted for the update to take\neffect.", "modified": "2018-11-10T00:00:00", "published": "2013-07-14T00:00:00", "id": "REDHAT-RHSA-2013-1049.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68865", "title": "RHEL 5 / 6 : php (RHSA-2013:1049)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1049. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68865);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/11/10 11:49:52\");\n\n script_cve_id(\"CVE-2013-4113\");\n script_xref(name:\"RHSA\", value:\"2013:1049\");\n\n script_name(english:\"RHEL 5 / 6 : php (RHSA-2013:1049)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated php packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nA buffer overflow flaw was found in the way PHP parsed deeply nested\nXML documents. If a PHP application used the xml_parse_into_struct()\nfunction to parse untrusted XML content, an attacker able to supply\nspecially crafted XML could use this flaw to crash the application or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the PHP interpreter. (CVE-2013-4113)\n\nAll php users should upgrade to these updated packages, which contain\na backported patch to resolve this issue. After installing the updated\npackages, the httpd daemon must be restarted for the update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:1049\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4113\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:php-zts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1049\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-bcmath-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-bcmath-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-bcmath-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-cli-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-cli-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-cli-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-common-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-common-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-common-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-dba-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-dba-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-dba-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-debuginfo-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-debuginfo-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-debuginfo-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-devel-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-devel-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-devel-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-gd-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-gd-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-gd-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-imap-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-imap-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-imap-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-ldap-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-ldap-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-ldap-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-mbstring-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-mbstring-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-mbstring-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-mysql-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-mysql-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-mysql-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-ncurses-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-ncurses-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-ncurses-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-odbc-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-odbc-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-odbc-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-pdo-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-pdo-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-pdo-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-pgsql-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-pgsql-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-pgsql-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-snmp-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-snmp-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-snmp-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-soap-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-soap-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-soap-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-xml-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-xml-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-xml-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"php-xmlrpc-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"php-xmlrpc-5.1.6-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"php-xmlrpc-5.1.6-40.el5_9\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-bcmath-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-bcmath-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-bcmath-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-cli-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-cli-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-cli-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-common-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-common-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-common-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-dba-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-dba-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-dba-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-debuginfo-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-debuginfo-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-debuginfo-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-devel-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-devel-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-devel-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-embedded-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-embedded-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-embedded-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-enchant-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-enchant-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-enchant-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-fpm-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-fpm-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-fpm-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-gd-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-gd-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-gd-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-imap-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-imap-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-imap-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-intl-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-intl-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-intl-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-ldap-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-ldap-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-ldap-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-mbstring-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-mbstring-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-mbstring-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-mysql-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-mysql-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-mysql-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-odbc-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-odbc-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-odbc-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-pdo-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-pdo-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-pdo-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-pgsql-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-pgsql-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-pgsql-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-process-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-process-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-process-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-pspell-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-pspell-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-pspell-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-recode-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-recode-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-recode-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-snmp-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-snmp-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-snmp-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-soap-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-soap-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-soap-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-tidy-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-tidy-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-tidy-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-xml-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-xml-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-xml-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-xmlrpc-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-xmlrpc-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-xmlrpc-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"php-zts-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"php-zts-5.3.3-23.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"php-zts-5.3.3-23.el6_4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php / php-bcmath / php-cli / php-common / php-dba / php-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:16:58", "bulletinFamily": "scanner", "description": "XML :\n\n - Fixed bug #65236 (heap corruption in xml parser).\n CVE-2013-4113\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-11-28T00:00:00", "published": "2013-07-19T00:00:00", "id": "FEDORA_2013-12977.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68973", "title": "Fedora 19 : php-5.5.0-2.fc19 (2013-12977)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-12977.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68973);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/11/28 22:47:44\");\n\n script_cve_id(\"CVE-2013-4113\");\n script_bugtraq_id(61128);\n script_xref(name:\"FEDORA\", value:\"2013-12977\");\n\n script_name(english:\"Fedora 19 : php-5.5.0-2.fc19 (2013-12977)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"XML :\n\n - Fixed bug #65236 (heap corruption in xml parser).\n CVE-2013-4113\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=983689\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/111910.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?824fe0c4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"php-5.5.0-2.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:16:55", "bulletinFamily": "scanner", "description": "Updated php packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nA buffer overflow flaw was found in the way PHP parsed deeply nested\nXML documents. If a PHP application used the xml_parse_into_struct()\nfunction to parse untrusted XML content, an attacker able to supply\nspecially crafted XML could use this flaw to crash the application or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the PHP interpreter. (CVE-2013-4113)\n\nAll php users should upgrade to these updated packages, which contain\na backported patch to resolve this issue. After installing the updated\npackages, the httpd daemon must be restarted for the update to take\neffect.", "modified": "2018-11-10T00:00:00", "published": "2013-07-14T00:00:00", "id": "CENTOS_RHSA-2013-1049.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68858", "title": "CentOS 5 / 6 : php (CESA-2013:1049)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1049 and \n# CentOS Errata and Security Advisory 2013:1049 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68858);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/11/10 11:49:30\");\n\n script_cve_id(\"CVE-2013-4113\");\n script_xref(name:\"RHSA\", value:\"2013:1049\");\n\n script_name(english:\"CentOS 5 / 6 : php (CESA-2013:1049)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated php packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nPHP is an HTML-embedded scripting language commonly used with the\nApache HTTP Server.\n\nA buffer overflow flaw was found in the way PHP parsed deeply nested\nXML documents. If a PHP application used the xml_parse_into_struct()\nfunction to parse untrusted XML content, an attacker able to supply\nspecially crafted XML could use this flaw to crash the application or,\npossibly, execute arbitrary code with the privileges of the user\nrunning the PHP interpreter. (CVE-2013-4113)\n\nAll php users should upgrade to these updated packages, which contain\na backported patch to resolve this issue. After installing the updated\npackages, the httpd daemon must be restarted for the update to take\neffect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-July/019850.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cb7dd83e\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-July/019852.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?486e0768\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:php-zts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-5.1.6-40.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-bcmath-5.1.6-40.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-cli-5.1.6-40.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-common-5.1.6-40.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-dba-5.1.6-40.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-devel-5.1.6-40.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-gd-5.1.6-40.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-imap-5.1.6-40.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-ldap-5.1.6-40.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-mbstring-5.1.6-40.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-mysql-5.1.6-40.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-ncurses-5.1.6-40.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-odbc-5.1.6-40.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-pdo-5.1.6-40.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-pgsql-5.1.6-40.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-snmp-5.1.6-40.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-soap-5.1.6-40.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-xml-5.1.6-40.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"php-xmlrpc-5.1.6-40.el5_9\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"php-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-bcmath-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-cli-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-common-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-dba-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-devel-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-embedded-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-enchant-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-fpm-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-gd-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-imap-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-intl-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-ldap-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-mbstring-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-mysql-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-odbc-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-pdo-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-pgsql-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-process-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-pspell-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-recode-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-snmp-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-soap-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-tidy-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-xml-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-xmlrpc-5.3.3-23.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"php-zts-5.3.3-23.el6_4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-09-01T23:56:55", "bulletinFamily": "scanner", "description": "Check for the Version of php", "modified": "2018-04-06T00:00:00", "published": "2013-08-20T00:00:00", "id": "OPENVAS:1361412562310866493", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866493", "title": "Fedora Update for php FEDORA-2013-12977", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2013-12977\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866493\");\n script_version(\"$Revision: 9353 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:14:20 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-20 15:11:30 +0530 (Tue, 20 Aug 2013)\");\n script_cve_id(\"CVE-2013-4113\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for php FEDORA-2013-12977\");\n\n tag_insight = \"PHP is an HTML-embedded scripting language. PHP attempts to make it\neasy for developers to write dynamically generated web pages. PHP also\noffers built-in database integration for several commercial and\nnon-commercial database management systems, so writing a\ndatabase-enabled webpage with PHP is fairly simple. The most common\nuse of PHP coding is probably as a replacement for CGI scripts.\n\nThe php package contains the module which adds support for the PHP\nlanguage to Apache HTTP Server.\n\";\n\n tag_affected = \"php on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-12977\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-July/111910.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.5.0~2.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:57:24", "bulletinFamily": "scanner", "description": "Check for the Version of php", "modified": "2018-04-06T00:00:00", "published": "2013-07-16T00:00:00", "id": "OPENVAS:1361412562310881764", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881764", "title": "CentOS Update for php CESA-2013:1049 centos6 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for php CESA-2013:1049 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PHP is an HTML-embedded scripting language commonly used with the Apache\n HTTP Server.\n\n A buffer overflow flaw was found in the way PHP parsed deeply nested XML\n documents. If a PHP application used the xml_parse_into_struct() function\n to parse untrusted XML content, an attacker able to supply\n specially-crafted XML could use this flaw to crash the application or,\n possibly, execute arbitrary code with the privileges of the user running\n the PHP interpreter. (CVE-2013-4113)\n\n All php users should upgrade to these updated packages, which contain a\n backported patch to resolve this issue. After installing the updated\n packages, the httpd daemon must be restarted for the update to take effect.\";\n\n\ntag_affected = \"php on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881764\");\n script_version(\"$Revision: 9353 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:14:20 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-07-16 10:18:41 +0530 (Tue, 16 Jul 2013)\");\n script_cve_id(\"CVE-2013-4113\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Update for php CESA-2013:1049 centos6 \");\n\n script_xref(name: \"CESA\", value: \"2013:1049\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2013-July/019852.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.3~23.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.3.3~23.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.3.3~23.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.3.3~23.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.3.3~23.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.3.3~23.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-embedded\", rpm:\"php-embedded~5.3.3~23.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-enchant\", rpm:\"php-enchant~5.3.3~23.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-fpm\", rpm:\"php-fpm~5.3.3~23.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.3.3~23.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.3.3~23.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-intl\", rpm:\"php-intl~5.3.3~23.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.3.3~23.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.3.3~23.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.3.3~23.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.3.3~23.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.3.3~23.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.3.3~23.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-process\", rpm:\"php-process~5.3.3~23.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.3.3~23.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.3.3~23.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.3.3~23.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.3.3~23.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.3.3~23.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.3.3~23.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.3.3~23.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-zts\", rpm:\"php-zts~5.3.3~23.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-23T15:15:40", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2013-09-06T00:00:00", "id": "OPENVAS:1361412562310871018", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871018", "title": "RedHat Update for php RHSA-2013:1049-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for php RHSA-2013:1049-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871018\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-06 10:21:23 +0530 (Fri, 06 Sep 2013)\");\n script_cve_id(\"CVE-2013-4113\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Update for php RHSA-2013:1049-01\");\n\n\n script_tag(name:\"affected\", value:\"php on Red Hat Enterprise Linux (v. 5 server),\nRed Hat Enterprise Linux Server (v. 6),\nRed Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"insight\", value:\"PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA buffer overflow flaw was found in the way PHP parsed deeply nested XML\ndocuments. If a PHP application used the xml_parse_into_struct() function\nto parse untrusted XML content, an attacker able to supply\nspecially-crafted XML could use this flaw to crash the application or,\npossibly, execute arbitrary code with the privileges of the user running\nthe PHP interpreter. (CVE-2013-4113)\n\nAll php users should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"RHSA\", value:\"2013:1049-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2013-July/msg00016.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(6|5)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.3~23.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.3.3~23.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.3.3~23.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-debuginfo\", rpm:\"php-debuginfo~5.3.3~23.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.3.3~23.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.3.3~23.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.3.3~23.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.3.3~23.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.3.3~23.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.3.3~23.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.3.3~23.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.3.3~23.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.3.3~23.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.1.6~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.1.6~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.1.6~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.1.6~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.1.6~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-debuginfo\", rpm:\"php-debuginfo~5.1.6~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.1.6~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.1.6~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.1.6~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.1.6~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.1.6~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.1.6~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ncurses\", rpm:\"php-ncurses~5.1.6~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.1.6~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.1.6~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.1.6~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.1.6~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.1.6~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.1.6~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.1.6~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-18T11:09:13", "bulletinFamily": "scanner", "description": "Check for the Version of php", "modified": "2018-01-18T00:00:00", "published": "2013-09-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=871018", "id": "OPENVAS:871018", "title": "RedHat Update for php RHSA-2013:1049-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for php RHSA-2013:1049-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(871018);\n script_version(\"$Revision: 8456 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-18 07:58:40 +0100 (Thu, 18 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-06 10:21:23 +0530 (Fri, 06 Sep 2013)\");\n script_cve_id(\"CVE-2013-4113\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Update for php RHSA-2013:1049-01\");\n\n tag_insight = \"\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA buffer overflow flaw was found in the way PHP parsed deeply nested XML\ndocuments. If a PHP application used the xml_parse_into_struct() function\nto parse untrusted XML content, an attacker able to supply\nspecially-crafted XML could use this flaw to crash the application or,\npossibly, execute arbitrary code with the privileges of the user running\nthe PHP interpreter. (CVE-2013-4113)\n\nAll php users should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect.\";\n\n tag_affected = \"\nphp on Red Hat Enterprise Linux (v. 5 server),\nRed Hat Enterprise Linux Server (v. 6),\nRed Hat Enterprise Linux Workstation (v. 6)\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name: \"RHSA\", value: \"2013:1049-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2013-July/msg00016.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.3~23.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.3.3~23.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.3.3~23.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-debuginfo\", rpm:\"php-debuginfo~5.3.3~23.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.3.3~23.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.3.3~23.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.3.3~23.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.3.3~23.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.3.3~23.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.3.3~23.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.3.3~23.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.3.3~23.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.3.3~23.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.1.6~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.1.6~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.1.6~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.1.6~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.1.6~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-debuginfo\", rpm:\"php-debuginfo~5.1.6~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.1.6~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.1.6~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.1.6~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.1.6~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.1.6~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.1.6~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-ncurses\", rpm:\"php-ncurses~5.1.6~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.1.6~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.1.6~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.1.6~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.1.6~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.1.6~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.1.6~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.1.6~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-28T18:25:39", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2013-1050", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123599", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123599", "title": "Oracle Linux Local Check: ELSA-2013-1050", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2013-1050.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123599\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:06:04 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-1050\");\n script_tag(name:\"insight\", value:\"ELSA-2013-1050 - php53 security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-1050\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-1050.html\");\n script_cve_id(\"CVE-2013-4113\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"php53\", rpm:\"php53~5.3.3~13.el5_9.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-bcmath\", rpm:\"php53-bcmath~5.3.3~13.el5_9.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-cli\", rpm:\"php53-cli~5.3.3~13.el5_9.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-common\", rpm:\"php53-common~5.3.3~13.el5_9.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-dba\", rpm:\"php53-dba~5.3.3~13.el5_9.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-devel\", rpm:\"php53-devel~5.3.3~13.el5_9.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-gd\", rpm:\"php53-gd~5.3.3~13.el5_9.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-imap\", rpm:\"php53-imap~5.3.3~13.el5_9.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-intl\", rpm:\"php53-intl~5.3.3~13.el5_9.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-ldap\", rpm:\"php53-ldap~5.3.3~13.el5_9.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-mbstring\", rpm:\"php53-mbstring~5.3.3~13.el5_9.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-mysql\", rpm:\"php53-mysql~5.3.3~13.el5_9.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-odbc\", rpm:\"php53-odbc~5.3.3~13.el5_9.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-pdo\", rpm:\"php53-pdo~5.3.3~13.el5_9.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-pgsql\", rpm:\"php53-pgsql~5.3.3~13.el5_9.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-process\", rpm:\"php53-process~5.3.3~13.el5_9.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-pspell\", rpm:\"php53-pspell~5.3.3~13.el5_9.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-snmp\", rpm:\"php53-snmp~5.3.3~13.el5_9.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-soap\", rpm:\"php53-soap~5.3.3~13.el5_9.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-xml\", rpm:\"php53-xml~5.3.3~13.el5_9.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-xmlrpc\", rpm:\"php53-xmlrpc~5.3.3~13.el5_9.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-28T18:24:23", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2013-1049", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123598", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123598", "title": "Oracle Linux Local Check: ELSA-2013-1049", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2013-1049.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123598\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:06:03 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-1049\");\n script_tag(name:\"insight\", value:\"ELSA-2013-1049 - php security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-1049\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-1049.html\");\n script_cve_id(\"CVE-2013-4113\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.1.6~40.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.1.6~40.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.1.6~40.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.1.6~40.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.1.6~40.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.1.6~40.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.1.6~40.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.1.6~40.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.1.6~40.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.1.6~40.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.1.6~40.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-ncurses\", rpm:\"php-ncurses~5.1.6~40.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.1.6~40.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.1.6~40.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.1.6~40.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.1.6~40.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.1.6~40.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.1.6~40.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.1.6~40.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.3~23.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.3.3~23.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.3.3~23.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.3.3~23.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.3.3~23.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.3.3~23.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-embedded\", rpm:\"php-embedded~5.3.3~23.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-enchant\", rpm:\"php-enchant~5.3.3~23.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-fpm\", rpm:\"php-fpm~5.3.3~23.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.3.3~23.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.3.3~23.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-intl\", rpm:\"php-intl~5.3.3~23.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.3.3~23.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.3.3~23.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.3.3~23.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.3.3~23.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.3.3~23.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.3.3~23.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-process\", rpm:\"php-process~5.3.3~23.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.3.3~23.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.3.3~23.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.3.3~23.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.3.3~23.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.3.3~23.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.3.3~23.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.3.3~23.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-zts\", rpm:\"php-zts~5.3.3~23.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:55:50", "bulletinFamily": "scanner", "description": "Check for the Version of php53", "modified": "2018-04-06T00:00:00", "published": "2013-07-16T00:00:00", "id": "OPENVAS:1361412562310881765", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881765", "title": "CentOS Update for php53 CESA-2013:1050 centos5 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for php53 CESA-2013:1050 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PHP is an HTML-embedded scripting language commonly used with the Apache\n HTTP Server.\n\n A buffer overflow flaw was found in the way PHP parsed deeply nested XML\n documents. If a PHP application used the xml_parse_into_struct() function\n to parse untrusted XML content, an attacker able to supply\n specially-crafted XML could use this flaw to crash the application or,\n possibly, execute arbitrary code with the privileges of the user running\n the PHP interpreter. (CVE-2013-4113)\n\n All php53 users should upgrade to these updated packages, which contain a\n backported patch to resolve this issue. After installing the updated\n packages, the httpd daemon must be restarted for the update to take effect.\";\n\n\ntag_affected = \"php53 on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881765\");\n script_version(\"$Revision: 9372 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:56:37 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-07-16 10:18:45 +0530 (Tue, 16 Jul 2013)\");\n script_cve_id(\"CVE-2013-4113\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Update for php53 CESA-2013:1050 centos5 \");\n\n script_xref(name: \"CESA\", value: \"2013:1050\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2013-July/019851.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of php53\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"php53\", rpm:\"php53~5.3.3~13.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-bcmath\", rpm:\"php53-bcmath~5.3.3~13.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-cli\", rpm:\"php53-cli~5.3.3~13.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-common\", rpm:\"php53-common~5.3.3~13.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-dba\", rpm:\"php53-dba~5.3.3~13.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-devel\", rpm:\"php53-devel~5.3.3~13.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-gd\", rpm:\"php53-gd~5.3.3~13.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-imap\", rpm:\"php53-imap~5.3.3~13.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-intl\", rpm:\"php53-intl~5.3.3~13.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-ldap\", rpm:\"php53-ldap~5.3.3~13.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-mbstring\", rpm:\"php53-mbstring~5.3.3~13.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-mysql\", rpm:\"php53-mysql~5.3.3~13.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-odbc\", rpm:\"php53-odbc~5.3.3~13.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-pdo\", rpm:\"php53-pdo~5.3.3~13.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-pgsql\", rpm:\"php53-pgsql~5.3.3~13.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-process\", rpm:\"php53-process~5.3.3~13.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-pspell\", rpm:\"php53-pspell~5.3.3~13.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-snmp\", rpm:\"php53-snmp~5.3.3~13.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-soap\", rpm:\"php53-soap~5.3.3~13.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-xml\", rpm:\"php53-xml~5.3.3~13.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-xmlrpc\", rpm:\"php53-xmlrpc~5.3.3~13.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-02T14:33:32", "bulletinFamily": "scanner", "description": "Amazon Linux Local Security Checks", "modified": "2018-10-01T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120437", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120437", "title": "Amazon Linux Local Check: ALAS-2013-212", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2013-212.nasl 6577 2017-07-06 13:43:46Z cfischer$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120437\");\n script_version(\"$Revision: 11703 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:26:21 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 10:05:31 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: ALAS-2013-212\");\n script_tag(name:\"insight\", value:\"A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially-crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-4113 )\");\n script_tag(name:\"solution\", value:\"Run yum update php54 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2013-212.html\");\n script_cve_id(\"CVE-2013-4113\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"php54-pspell\", rpm:\"php54-pspell~5.4.17~2.40.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-snmp\", rpm:\"php54-snmp~5.4.17~2.40.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-bcmath\", rpm:\"php54-bcmath~5.4.17~2.40.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-ldap\", rpm:\"php54-ldap~5.4.17~2.40.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-xml\", rpm:\"php54-xml~5.4.17~2.40.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-mysql\", rpm:\"php54-mysql~5.4.17~2.40.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-xmlrpc\", rpm:\"php54-xmlrpc~5.4.17~2.40.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-imap\", rpm:\"php54-imap~5.4.17~2.40.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-soap\", rpm:\"php54-soap~5.4.17~2.40.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-mcrypt\", rpm:\"php54-mcrypt~5.4.17~2.40.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-tidy\", rpm:\"php54-tidy~5.4.17~2.40.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-cli\", rpm:\"php54-cli~5.4.17~2.40.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-dba\", rpm:\"php54-dba~5.4.17~2.40.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-mysqlnd\", rpm:\"php54-mysqlnd~5.4.17~2.40.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-devel\", rpm:\"php54-devel~5.4.17~2.40.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-pdo\", rpm:\"php54-pdo~5.4.17~2.40.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-process\", rpm:\"php54-process~5.4.17~2.40.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54\", rpm:\"php54~5.4.17~2.40.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-gd\", rpm:\"php54-gd~5.4.17~2.40.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-embedded\", rpm:\"php54-embedded~5.4.17~2.40.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-mbstring\", rpm:\"php54-mbstring~5.4.17~2.40.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-pgsql\", rpm:\"php54-pgsql~5.4.17~2.40.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-mssql\", rpm:\"php54-mssql~5.4.17~2.40.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-enchant\", rpm:\"php54-enchant~5.4.17~2.40.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-fpm\", rpm:\"php54-fpm~5.4.17~2.40.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-intl\", rpm:\"php54-intl~5.4.17~2.40.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-debuginfo\", rpm:\"php54-debuginfo~5.4.17~2.40.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-recode\", rpm:\"php54-recode~5.4.17~2.40.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-odbc\", rpm:\"php54-odbc~5.4.17~2.40.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-common\", rpm:\"php54-common~5.4.17~2.40.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:51:34", "bulletinFamily": "scanner", "description": "It was discovered that PHP could perform an invalid free request when\nprocessing crafted XML documents, corrupting the heap and potentially\nleading to arbitrary code execution. Depending on the PHP\napplication, this vulnerability could be exploited remotely.", "modified": "2017-07-07T00:00:00", "published": "2013-07-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=892723", "id": "OPENVAS:892723", "title": "Debian Security Advisory DSA 2723-1 (php5 - heap corruption)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2723.nasl 6611 2017-07-07 12:07:20Z cfischer $\n# Auto-generated from advisory DSA 2723-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"php5 on Debian Linux\";\ntag_insight = \"This package is a metapackage that, when installed, guarantees that you\nhave at least one of the three server-side versions of the PHP5 interpreter\ninstalled. Removing this package won't remove PHP5 from your system, however\nit may remove other packages that depend on this one.\";\ntag_solution = \"For the oldstable distribution (squeeze), this problem has been fixed in\nversion 5.3.3-7+squeeze16.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 5.4.4-14+deb7u3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 5.5.0+dfsg-15.\n\nWe recommend that you upgrade your php5 packages.\";\ntag_summary = \"It was discovered that PHP could perform an invalid free request when\nprocessing crafted XML documents, corrupting the heap and potentially\nleading to arbitrary code execution. Depending on the PHP\napplication, this vulnerability could be exploited remotely.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(892723);\n script_version(\"$Revision: 6611 $\");\n script_cve_id(\"CVE-2013-4113\");\n script_name(\"Debian Security Advisory DSA 2723-1 (php5 - heap corruption)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-07 14:07:20 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2013-07-17 00:00:00 +0200 (Wed, 17 Jul 2013)\");\n script_tag(name: \"cvss_base\", value:\"6.8\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2013/dsa-2723.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libphp5-embed\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysqlnd\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:57:23", "bulletinFamily": "scanner", "description": "It was discovered that PHP could perform an invalid free request when\nprocessing crafted XML documents, corrupting the heap and potentially\nleading to arbitrary code execution. Depending on the PHP\napplication, this vulnerability could be exploited remotely.", "modified": "2018-04-06T00:00:00", "published": "2013-07-17T00:00:00", "id": "OPENVAS:1361412562310892723", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892723", "title": "Debian Security Advisory DSA 2723-1 (php5 - heap corruption)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2723.nasl 9353 2018-04-06 07:14:20Z cfischer $\n# Auto-generated from advisory DSA 2723-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"php5 on Debian Linux\";\ntag_insight = \"This package is a metapackage that, when installed, guarantees that you\nhave at least one of the three server-side versions of the PHP5 interpreter\ninstalled. Removing this package won't remove PHP5 from your system, however\nit may remove other packages that depend on this one.\";\ntag_solution = \"For the oldstable distribution (squeeze), this problem has been fixed in\nversion 5.3.3-7+squeeze16.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 5.4.4-14+deb7u3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 5.5.0+dfsg-15.\n\nWe recommend that you upgrade your php5 packages.\";\ntag_summary = \"It was discovered that PHP could perform an invalid free request when\nprocessing crafted XML documents, corrupting the heap and potentially\nleading to arbitrary code execution. Depending on the PHP\napplication, this vulnerability could be exploited remotely.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892723\");\n script_version(\"$Revision: 9353 $\");\n script_cve_id(\"CVE-2013-4113\");\n script_name(\"Debian Security Advisory DSA 2723-1 (php5 - heap corruption)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2018-04-06 09:14:20 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value:\"2013-07-17 00:00:00 +0200 (Wed, 17 Jul 2013)\");\n script_tag(name: \"cvss_base\", value:\"6.8\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2013/dsa-2723.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.3.3-7+squeeze16\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libphp5-embed\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysqlnd\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.4.4-14+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:41:28", "bulletinFamily": "unix", "description": "[5.3.3-23]\n- add security fix for CVE-2013-4113", "modified": "2013-07-12T00:00:00", "published": "2013-07-12T00:00:00", "id": "ELSA-2013-1049", "href": "http://linux.oracle.com/errata/ELSA-2013-1049.html", "title": "php security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:48:35", "bulletinFamily": "unix", "description": "[4.3.9-3.37.0.1]\n- rebuild with higher version\n[4.3.9-3.36.0.1]\n- add security fix for CVE-2013-4113 (orabz: #15820)", "modified": "2013-07-22T00:00:00", "published": "2013-07-22T00:00:00", "id": "ELSA-2013-1063", "href": "http://linux.oracle.com/errata/ELSA-2013-1063.html", "title": "php security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:48:01", "bulletinFamily": "unix", "description": "[5.3.3-13.1]\n- add security fix for CVE-2013-4113", "modified": "2013-07-12T00:00:00", "published": "2013-07-12T00:00:00", "id": "ELSA-2013-1050", "href": "http://linux.oracle.com/errata/ELSA-2013-1050.html", "title": "php53 security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:44:32", "bulletinFamily": "unix", "description": "[5.3.3-21]\r\n- add security fix for CVE-2013-4248\r\n \n[5.3.3-20]\r\n- add security fix for CVE-2013-4113\r\n \n[5.3.3-19]\r\n- add upstream reproducer for error_handler (#951075)\r\n \n[5.3.3-18]\r\n- add security fixes for CVE-2006-7243\r\n \n[5.3.3-17]\r\n- reorder security patches\r\n- add security fixes for CVE-2012-2688, CVE-2012-0831,\r\n CVE-2011-1398, CVE-2013-1643\r\n \n[5.3.3-15]\r\n- fix segfault in error_handler with\r\n allow_call_time_pass_reference = Off (#951075)\r\n- fix double free when destroy_zend_class fails (#951076)\r\n \n[5.3.3-14]\r\n- fix possible buffer overflow in pdo_odbc (#869694)\r\n- rename php-5.3.3-extrglob.patch and reorder\r\n- php script hangs when it exceeds max_execution_time\r\n when inside an ODBC call (#864954)\r\n- fix zend garbage collector (#892695)\r\n- fix transposed memset arguments in libzip (#953818)\r\n- fix possible segfault in pdo_mysql (#869693)\r\n- fix imap_open DISABLE_AUTHENTICATOR param ignores array (#859369)\r\n- fix stream support in fileinfo (#869697)\r\n- fix setDate when DateTime created from timestamp (#869691)\r\n- fix permission on source files (#869688)\r\n- add php(language) and missing provides (#837044)\r\n- fix copy doesn't report failure on partial copy (#951413)", "modified": "2013-10-02T00:00:00", "published": "2013-10-02T00:00:00", "id": "ELSA-2013-1307", "href": "http://linux.oracle.com/errata/ELSA-2013-1307.html", "title": "php53 security, bug fix and enhancement update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-12-11T17:44:48", "bulletinFamily": "unix", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA buffer overflow flaw was found in the way PHP parsed deeply nested XML\ndocuments. If a PHP application used the xml_parse_into_struct() function\nto parse untrusted XML content, an attacker able to supply\nspecially-crafted XML could use this flaw to crash the application or,\npossibly, execute arbitrary code with the privileges of the user running\nthe PHP interpreter. (CVE-2013-4113)\n\nAll php53 users should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect.\n", "modified": "2017-09-08T11:55:23", "published": "2013-07-12T04:00:00", "id": "RHSA-2013:1050", "href": "https://access.redhat.com/errata/RHSA-2013:1050", "type": "redhat", "title": "(RHSA-2013:1050) Critical: php53 security update", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T17:43:13", "bulletinFamily": "unix", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA buffer overflow flaw was found in the way PHP parsed deeply nested XML\ndocuments. If a PHP application used the xml_parse_into_struct() function\nto parse untrusted XML content, an attacker able to supply\nspecially-crafted XML could use this flaw to crash the application or,\npossibly, execute arbitrary code with the privileges of the user running\nthe PHP interpreter. (CVE-2013-4113)\n\nAll php users should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect.\n", "modified": "2017-09-08T11:47:56", "published": "2013-07-15T04:00:00", "id": "RHSA-2013:1063", "href": "https://access.redhat.com/errata/RHSA-2013:1063", "type": "redhat", "title": "(RHSA-2013:1063) Critical: php security update", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T17:42:02", "bulletinFamily": "unix", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA buffer overflow flaw was found in the way PHP parsed deeply nested XML\ndocuments. If a PHP application used the xml_parse_into_struct() function\nto parse untrusted XML content, an attacker able to supply\nspecially-crafted XML could use this flaw to crash the application or,\npossibly, execute arbitrary code with the privileges of the user running\nthe PHP interpreter. (CVE-2013-4113)\n\nAll php53 users should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect.\n", "modified": "2017-09-08T12:06:51", "published": "2013-07-15T04:00:00", "id": "RHSA-2013:1062", "href": "https://access.redhat.com/errata/RHSA-2013:1062", "type": "redhat", "title": "(RHSA-2013:1062) Critical: php53 security update", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T19:40:57", "bulletinFamily": "unix", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA buffer overflow flaw was found in the way PHP parsed deeply nested XML\ndocuments. If a PHP application used the xml_parse_into_struct() function\nto parse untrusted XML content, an attacker able to supply\nspecially-crafted XML could use this flaw to crash the application or,\npossibly, execute arbitrary code with the privileges of the user running\nthe PHP interpreter. (CVE-2013-4113)\n\nAll php users should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect.\n", "modified": "2018-06-06T20:24:30", "published": "2013-07-12T04:00:00", "id": "RHSA-2013:1049", "href": "https://access.redhat.com/errata/RHSA-2013:1049", "type": "redhat", "title": "(RHSA-2013:1049) Critical: php security update", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T17:42:31", "bulletinFamily": "unix", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA buffer overflow flaw was found in the way PHP parsed deeply nested XML\ndocuments. If a PHP application used the xml_parse_into_struct() function\nto parse untrusted XML content, an attacker able to supply\nspecially-crafted XML could use this flaw to crash the application or,\npossibly, execute arbitrary code with the privileges of the user running\nthe PHP interpreter. (CVE-2013-4113)\n\nAll php users should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect.\n", "modified": "2017-09-08T12:12:12", "published": "2013-07-15T04:00:00", "id": "RHSA-2013:1061", "href": "https://access.redhat.com/errata/RHSA-2013:1061", "type": "redhat", "title": "(RHSA-2013:1061) Critical: php security update", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2017-10-03T18:25:34", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2013:1050\n\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA buffer overflow flaw was found in the way PHP parsed deeply nested XML\ndocuments. If a PHP application used the xml_parse_into_struct() function\nto parse untrusted XML content, an attacker able to supply\nspecially-crafted XML could use this flaw to crash the application or,\npossibly, execute arbitrary code with the privileges of the user running\nthe PHP interpreter. (CVE-2013-4113)\n\nAll php53 users should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-July/019851.html\n\n**Affected packages:**\nphp53\nphp53-bcmath\nphp53-cli\nphp53-common\nphp53-dba\nphp53-devel\nphp53-gd\nphp53-imap\nphp53-intl\nphp53-ldap\nphp53-mbstring\nphp53-mysql\nphp53-odbc\nphp53-pdo\nphp53-pgsql\nphp53-process\nphp53-pspell\nphp53-snmp\nphp53-soap\nphp53-xml\nphp53-xmlrpc\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-1050.html", "modified": "2013-07-12T21:36:11", "published": "2013-07-12T21:36:11", "href": "http://lists.centos.org/pipermail/centos-announce/2013-July/019851.html", "id": "CESA-2013:1050", "title": "php53 security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-03T18:25:05", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2013:1049\n\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA buffer overflow flaw was found in the way PHP parsed deeply nested XML\ndocuments. If a PHP application used the xml_parse_into_struct() function\nto parse untrusted XML content, an attacker able to supply\nspecially-crafted XML could use this flaw to crash the application or,\npossibly, execute arbitrary code with the privileges of the user running\nthe PHP interpreter. (CVE-2013-4113)\n\nAll php users should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-July/019850.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-July/019852.html\n\n**Affected packages:**\nphp\nphp-bcmath\nphp-cli\nphp-common\nphp-dba\nphp-devel\nphp-embedded\nphp-enchant\nphp-fpm\nphp-gd\nphp-imap\nphp-intl\nphp-ldap\nphp-mbstring\nphp-mysql\nphp-ncurses\nphp-odbc\nphp-pdo\nphp-pgsql\nphp-process\nphp-pspell\nphp-recode\nphp-snmp\nphp-soap\nphp-tidy\nphp-xml\nphp-xmlrpc\nphp-zts\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-1049.html", "modified": "2013-07-12T21:37:36", "published": "2013-07-12T21:32:43", "href": "http://lists.centos.org/pipermail/centos-announce/2013-July/019850.html", "id": "CESA-2013:1049", "title": "php security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-18T13:49:52", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2723-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weiemr\nJuly 17, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : php5\nVulnerability : heap corruption\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2013-4113\nDebian Bug : 717139\n\nIt was discovered that PHP could perform an invalid free request when\nprocessing crafted XML documents, corrupting the heap and potentially\nleading to arbitrary code execution. Depending on the PHP\napplication, this vulnerability could be exploited remotely.\n\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 5.3.3-7+squeeze16.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 5.4.4-14+deb7u3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 5.5.0+dfsg-15.\n\nWe recommend that you upgrade your php5 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2013-07-17T20:19:51", "published": "2013-07-17T20:19:51", "id": "DEBIAN:DSA-2723-1:0AA87", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2013/msg00133.html", "title": "[SECURITY] [DSA 2723-1] php5 security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "slackware": [{"lastseen": "2018-08-31T02:37:03", "bulletinFamily": "unix", "description": "New php packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,\n14.0, and -current to fix a security issue.\n\n\nHere are the details from the Slackware 14.0 ChangeLog:\n\npatches/packages/php-5.4.17-i486-1_slack14.0.txz: Upgraded.\n This update fixes an issue where XML in PHP does not properly consider\n parsing depth, which allows remote attackers to cause a denial of service\n (heap memory corruption) or possibly have unspecified other impact via a\n crafted document that is processed by the xml_parse_into_struct function.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4113\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the &quot;Get Slack&quot; section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/php-5.3.27-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/php-5.3.27-i486-1_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/php-5.3.27-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/php-5.3.27-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/php-5.3.27-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/php-5.3.27-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/php-5.3.27-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/php-5.3.27-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.17-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.17-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.4.17-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.4.17-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 12.1 package:\n085d55c6b01cc65cfbf28e3bc4859886 php-5.3.27-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\na39f1e4919283763ea7f96ab76d97e74 php-5.3.27-i486-1_slack12.2.tgz\n\nSlackware 13.0 package:\n526f7e5fbc91eb9c77846a7665ff7952 php-5.3.27-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n9c9f30b0faefd03b1f4e5a5ee1cf0c98 php-5.3.27-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n4410fafd158d51e135a063a23a4eb7a9 php-5.3.27-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n8b76077d090702bb4acbde69d22e30ce php-5.3.27-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\naa950c3641ae93a80c3a555176c222be php-5.3.27-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n6959e80fbc2332e73962dbcfbc6d11b0 php-5.3.27-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\ne08e5d2c7a0911e65d13acbd03c10136 php-5.4.17-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n1270cada2c7bfc4af7743f489683d8c8 php-5.4.17-x86_64-1_slack14.0.txz\n\nSlackware -current package:\nfa8047a34a388ecfc2ffecae9c700a90 n/php-5.4.17-i486-1.txz\n\nSlackware x86_64 -current package:\n9439336bfb58b642306ed3c2246e3dae n/php-5.4.17-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg php-5.4.17-i486-1_slack14.0.txz\n\nThen, restart Apache httpd:\n > /etc/rc.d/rc.httpd stop\n > /etc/rc.d/rc.httpd start", "modified": "2013-07-16T16:02:38", "published": "2013-07-16T16:02:38", "id": "SSA-2013-197-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.516041", "title": "php", "type": "slackware", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "amazon": [{"lastseen": "2018-10-02T16:55:21", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nA buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially-crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. ([CVE-2013-4113 __](<https://access.redhat.com/security/cve/CVE-2013-4113>))\n\n \n**Affected Packages:** \n\n\nphp54\n\n \n**Issue Correction:** \nRun _yum update php54_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n php54-pspell-5.4.17-2.40.amzn1.i686 \n php54-snmp-5.4.17-2.40.amzn1.i686 \n php54-bcmath-5.4.17-2.40.amzn1.i686 \n php54-ldap-5.4.17-2.40.amzn1.i686 \n php54-xml-5.4.17-2.40.amzn1.i686 \n php54-mysql-5.4.17-2.40.amzn1.i686 \n php54-xmlrpc-5.4.17-2.40.amzn1.i686 \n php54-imap-5.4.17-2.40.amzn1.i686 \n php54-soap-5.4.17-2.40.amzn1.i686 \n php54-mcrypt-5.4.17-2.40.amzn1.i686 \n php54-tidy-5.4.17-2.40.amzn1.i686 \n php54-cli-5.4.17-2.40.amzn1.i686 \n php54-dba-5.4.17-2.40.amzn1.i686 \n php54-mysqlnd-5.4.17-2.40.amzn1.i686 \n php54-devel-5.4.17-2.40.amzn1.i686 \n php54-pdo-5.4.17-2.40.amzn1.i686 \n php54-process-5.4.17-2.40.amzn1.i686 \n php54-5.4.17-2.40.amzn1.i686 \n php54-gd-5.4.17-2.40.amzn1.i686 \n php54-embedded-5.4.17-2.40.amzn1.i686 \n php54-mbstring-5.4.17-2.40.amzn1.i686 \n php54-pgsql-5.4.17-2.40.amzn1.i686 \n php54-mssql-5.4.17-2.40.amzn1.i686 \n php54-enchant-5.4.17-2.40.amzn1.i686 \n php54-fpm-5.4.17-2.40.amzn1.i686 \n php54-intl-5.4.17-2.40.amzn1.i686 \n php54-debuginfo-5.4.17-2.40.amzn1.i686 \n php54-recode-5.4.17-2.40.amzn1.i686 \n php54-odbc-5.4.17-2.40.amzn1.i686 \n php54-common-5.4.17-2.40.amzn1.i686 \n \n src: \n php54-5.4.17-2.40.amzn1.src \n \n x86_64: \n php54-bcmath-5.4.17-2.40.amzn1.x86_64 \n php54-pspell-5.4.17-2.40.amzn1.x86_64 \n php54-recode-5.4.17-2.40.amzn1.x86_64 \n php54-common-5.4.17-2.40.amzn1.x86_64 \n php54-fpm-5.4.17-2.40.amzn1.x86_64 \n php54-odbc-5.4.17-2.40.amzn1.x86_64 \n php54-xmlrpc-5.4.17-2.40.amzn1.x86_64 \n php54-dba-5.4.17-2.40.amzn1.x86_64 \n php54-xml-5.4.17-2.40.amzn1.x86_64 \n php54-mbstring-5.4.17-2.40.amzn1.x86_64 \n php54-debuginfo-5.4.17-2.40.amzn1.x86_64 \n php54-tidy-5.4.17-2.40.amzn1.x86_64 \n php54-devel-5.4.17-2.40.amzn1.x86_64 \n php54-5.4.17-2.40.amzn1.x86_64 \n php54-soap-5.4.17-2.40.amzn1.x86_64 \n php54-pgsql-5.4.17-2.40.amzn1.x86_64 \n php54-pdo-5.4.17-2.40.amzn1.x86_64 \n php54-snmp-5.4.17-2.40.amzn1.x86_64 \n php54-mysqlnd-5.4.17-2.40.amzn1.x86_64 \n php54-embedded-5.4.17-2.40.amzn1.x86_64 \n php54-mysql-5.4.17-2.40.amzn1.x86_64 \n php54-gd-5.4.17-2.40.amzn1.x86_64 \n php54-process-5.4.17-2.40.amzn1.x86_64 \n php54-imap-5.4.17-2.40.amzn1.x86_64 \n php54-cli-5.4.17-2.40.amzn1.x86_64 \n php54-enchant-5.4.17-2.40.amzn1.x86_64 \n php54-mssql-5.4.17-2.40.amzn1.x86_64 \n php54-intl-5.4.17-2.40.amzn1.x86_64 \n php54-mcrypt-5.4.17-2.40.amzn1.x86_64 \n php54-ldap-5.4.17-2.40.amzn1.x86_64 \n \n \n", "modified": "2014-09-15T23:18:00", "published": "2014-09-15T23:18:00", "id": "ALAS-2013-212", "href": "https://alas.aws.amazon.com/ALAS-2013-212.html", "title": "Critical: php54", "type": "amazon", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-02T16:55:22", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nA buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially-crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. ([CVE-2013-4113 __](<https://access.redhat.com/security/cve/CVE-2013-4113>))\n\n \n**Affected Packages:** \n\n\nphp\n\n \n**Issue Correction:** \nRun _yum update php_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n php-snmp-5.3.27-1.0.amzn1.i686 \n php-mysql-5.3.27-1.0.amzn1.i686 \n php-mssql-5.3.27-1.0.amzn1.i686 \n php-xml-5.3.27-1.0.amzn1.i686 \n php-intl-5.3.27-1.0.amzn1.i686 \n php-mysqlnd-5.3.27-1.0.amzn1.i686 \n php-pdo-5.3.27-1.0.amzn1.i686 \n php-odbc-5.3.27-1.0.amzn1.i686 \n php-embedded-5.3.27-1.0.amzn1.i686 \n php-dba-5.3.27-1.0.amzn1.i686 \n php-xmlrpc-5.3.27-1.0.amzn1.i686 \n php-mbstring-5.3.27-1.0.amzn1.i686 \n php-debuginfo-5.3.27-1.0.amzn1.i686 \n php-ldap-5.3.27-1.0.amzn1.i686 \n php-5.3.27-1.0.amzn1.i686 \n php-enchant-5.3.27-1.0.amzn1.i686 \n php-cli-5.3.27-1.0.amzn1.i686 \n php-pgsql-5.3.27-1.0.amzn1.i686 \n php-common-5.3.27-1.0.amzn1.i686 \n php-bcmath-5.3.27-1.0.amzn1.i686 \n php-soap-5.3.27-1.0.amzn1.i686 \n php-imap-5.3.27-1.0.amzn1.i686 \n php-devel-5.3.27-1.0.amzn1.i686 \n php-gd-5.3.27-1.0.amzn1.i686 \n php-process-5.3.27-1.0.amzn1.i686 \n php-recode-5.3.27-1.0.amzn1.i686 \n php-mcrypt-5.3.27-1.0.amzn1.i686 \n php-fpm-5.3.27-1.0.amzn1.i686 \n php-tidy-5.3.27-1.0.amzn1.i686 \n php-pspell-5.3.27-1.0.amzn1.i686 \n \n src: \n php-5.3.27-1.0.amzn1.src \n \n x86_64: \n php-fpm-5.3.27-1.0.amzn1.x86_64 \n php-intl-5.3.27-1.0.amzn1.x86_64 \n php-common-5.3.27-1.0.amzn1.x86_64 \n php-snmp-5.3.27-1.0.amzn1.x86_64 \n php-mbstring-5.3.27-1.0.amzn1.x86_64 \n php-xml-5.3.27-1.0.amzn1.x86_64 \n php-pdo-5.3.27-1.0.amzn1.x86_64 \n php-process-5.3.27-1.0.amzn1.x86_64 \n php-dba-5.3.27-1.0.amzn1.x86_64 \n php-mysqlnd-5.3.27-1.0.amzn1.x86_64 \n php-gd-5.3.27-1.0.amzn1.x86_64 \n php-mssql-5.3.27-1.0.amzn1.x86_64 \n php-recode-5.3.27-1.0.amzn1.x86_64 \n php-mysql-5.3.27-1.0.amzn1.x86_64 \n php-bcmath-5.3.27-1.0.amzn1.x86_64 \n php-embedded-5.3.27-1.0.amzn1.x86_64 \n php-devel-5.3.27-1.0.amzn1.x86_64 \n php-imap-5.3.27-1.0.amzn1.x86_64 \n php-xmlrpc-5.3.27-1.0.amzn1.x86_64 \n php-pgsql-5.3.27-1.0.amzn1.x86_64 \n php-tidy-5.3.27-1.0.amzn1.x86_64 \n php-cli-5.3.27-1.0.amzn1.x86_64 \n php-odbc-5.3.27-1.0.amzn1.x86_64 \n php-debuginfo-5.3.27-1.0.amzn1.x86_64 \n php-soap-5.3.27-1.0.amzn1.x86_64 \n php-ldap-5.3.27-1.0.amzn1.x86_64 \n php-mcrypt-5.3.27-1.0.amzn1.x86_64 \n php-5.3.27-1.0.amzn1.x86_64 \n php-pspell-5.3.27-1.0.amzn1.x86_64 \n php-enchant-5.3.27-1.0.amzn1.x86_64 \n \n \n", "modified": "2014-09-15T23:17:00", "published": "2014-09-15T23:17:00", "id": "ALAS-2013-211", "href": "https://alas.aws.amazon.com/ALAS-2013-211.html", "title": "Critical: php", "type": "amazon", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:48", "bulletinFamily": "software", "description": "\r\n\r\nHey guys,\r\nRelated to this I?ve found a proof of concept test script:\r\n\r\nphp -r &#39;xml_parse_into_struct&#40;xml_\r\nparser_create_ns&#40;&#41;, str_repeat&#40;&quot;&lt;blah&gt;&quot;, 1000&#41;, $b&#41;;&#39;\r\n\r\nGabe\r\ntwitter: @gmaggiotti\r\n\r\n\r\n\r\nOn Mon, Jul 15, 2013 at 3:41 AM, &lt;security@mandriva.com&gt; wrote:\r\n&gt;\r\n&gt; -----BEGIN PGP SIGNED MESSAGE-----\r\n&gt; Hash: SHA1\r\n&gt;\r\n&gt; _______________________________________________________________________\r\n&gt;\r\n&gt; Mandriva Linux Security Advisory MDVSA-2013:195\r\n&gt; http://www.mandriva.com/en/support/security/\r\n&gt; _______________________________________________________________________\r\n&gt;\r\n&gt; Package : php\r\n&gt; Date : July 12, 2013\r\n&gt; Affected: Business Server 1.0, Enterprise Server 5.0\r\n&gt; _______________________________________________________________________\r\n&gt;\r\n&gt; Problem Description:\r\n&gt;\r\n&gt; A vulnerability has been discovered and corrected in php:\r\n&gt;\r\n&gt; * Fixed PHP bug #65236 &#40;heap corruption in xml parser&#41; &#40;CVE-2013-4113&#41;.\r\n&gt;\r\n&gt; The updated packages have been upgraded to the 5.3.27 version which\r\n&gt; is not vulnerable to this issue.\r\n&gt;\r\n&gt; The php-timezonedb package has been updated to the 2013.4 version.\r\n&gt;\r\n&gt; Additionally, some packages which requires so has been rebuilt for\r\n&gt; php-5.3.27.\r\n&gt; _______________________________________________________________________\r\n&gt;\r\n&gt; References:\r\n&gt;\r\n&gt; http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4113\r\n&gt; http://www.php.net/ChangeLog-5.php#5.3.27\r\n&gt; _______________________________________________________________________\r\n&gt;\r\n&gt; Updated Packages:\r\n&gt;\r\n&gt; Mandriva Enterprise Server 5:\r\n&gt; b600e684742020a5f0cc6cab7712a5a2 mes5/i586/apache-mod_php-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; 8c6d7ecbcd19741d6f359ace12986dc0 mes5/i586/libphp5_common5-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; caccd5c4e63ec27c2f87a8dd6483b771 mes5/i586/php-apc-3.1.13-0.5mdvmes5.2.i586.rpm\r\n&gt; 1ce4a19b3f4156c1bc6ae6486cb409ed mes5/i586/php-apc-admin-3.1.13-0.5mdvmes5.2.i586.rpm\r\n&gt; d0ee0ab323ba74bb4838bfd773fa4170 mes5/i586/php-bcmath-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; ba2b58c17989f7e14baec639d1a5f5e0 mes5/i586/php-bz2-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; 14429e2eefef79177a9965d436843644 mes5/i586/php-calendar-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; d983c7e358d07b8d278f6482144b84dc mes5/i586/php-cgi-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; d0f9b4981112bfa8429b8d512953ec36 mes5/i586/php-cli-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; 067421d3601521fc88e0e5ea81905749 mes5/i586/php-ctype-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; fbc030238f172de2816079683fa2d403 mes5/i586/php-curl-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; a40b2b3198f2c3a7533fc293f6b3c1c5 mes5/i586/php-dba-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; 1703ce9efd667a253e8dc5bcac40e479 mes5/i586/php-devel-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; 328111ececd3f9c80c2b0fe1717bdb50 mes5/i586/php-doc-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; 53835cfb06f14655b2dbbd8b72907b20 mes5/i586/php-dom-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; 62aafcf0c1bcdf58567b341365957039 mes5/i586/php-eaccelerator-0.9.6.1-0.11mdvmes5.2.i586.rpm\r\n&gt; c61d2f2752af5056852b067c8b0b6ebd mes5/i586/php-eaccelerator-admin-0.9.6.1-0.11mdvmes5.2.i586.rpm\r\n&gt; ef4af2387b2520b65087d884d0c12374 mes5/i586/php-enchant-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; 4b9f60ba95d7ab43207ad9119dfa50a4 mes5/i586/php-exif-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; 9102ecabb9ea1f45f63b373cbffff339 mes5/i586/php-fileinfo-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; eb8f5b55a16a394c34fe77f6e401a518 mes5/i586/php-filter-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; 52531ad0e8663500c7d1c220dabae52e mes5/i586/php-fpm-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; b6e720e32592416025d40a0d17232467 mes5/i586/php-ftp-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; 6fd1398953fd88149f95aca44641749f mes5/i586/php-gd-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; 47ff6b25c0c4867fb1c1493d0951150e mes5/i586/php-gd-bundled-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; 38cce97a1a62fbd14b189f2d2aaace42 mes5/i586/php-gettext-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; 7fa398db7247a32cff766fb4f9aca846 mes5/i586/php-gmp-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; abab206fc2c06ced553af47fe2149953 mes5/i586/php-hash-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; e9bd5f23725646e59493fcb883ba5402 mes5/i586/php-iconv-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; ccbe8aa26af20a2ec8da04fc7ea271cb mes5/i586/php-imap-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; 0c06723e63d034f864cc5163292a1ae0 mes5/i586/php-ini-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; 6444a4e3da67e4a3402b12e50da96dc4 mes5/i586/php-intl-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; feefc0cd26fe0600c438a83963ebe419 mes5/i586/php-json-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; 5e5f91e47deccf2c3ca41986c44f92a6 mes5/i586/php-ldap-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; 59e192ad5a76e9e10252fed81cb24b2d mes5/i586/php-mbstring-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; c1af9e1ae6f4abda2ef0669eb983c6af mes5/i586/php-mcrypt-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; 71e8b3bc20551353f4a5e7b74761e4ba mes5/i586/php-mssql-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; 63ec2927731362b746f6f77862df65e3 mes5/i586/php-mysql-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; 759104a8ca48a4038a7668463fdd41df mes5/i586/php-mysqli-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; 3e5db916e46171670a9ebef7ce3816fc mes5/i586/php-mysqlnd-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; b2f820e7aa3c18207a28af06f9004ed2 mes5/i586/php-odbc-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; 960ff9eb39fe8bc5161b8f2e4fa1ce84 mes5/i586/php-openssl-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; 103fc11df349005ece33662e9e27acf7 mes5/i586/php-pcntl-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; 6f5bacb6664fe0e738090b6f2996a2fc mes5/i586/php-pdo-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; e732b3aa9d6854c6849fee5516d938c7 mes5/i586/php-pdo_dblib-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; fc3b4deb2c2078273ef859428d1503a1 mes5/i586/php-pdo_mysql-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; 28e1e726970c77f4e66cb5b45b09541d mes5/i586/php-pdo_odbc-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; 32ec3bda3969144317440a1a6b77e030 mes5/i586/php-pdo_pgsql-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; df32f13a121ec66e19572b9a0fc7a480 mes5/i586/php-pdo_sqlite-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; d3631c517f25c700c785aa8e2a7772d4 mes5/i586/php-pgsql-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; c554116a669ad3f49ebc1a65f32367d1 mes5/i586/php-phar-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; 1f104f05e6d942c842b367994d46a787 mes5/i586/php-posix-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; 7f0a6127b179d2454eaeb5bb21d97200 mes5/i586/php-pspell-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; e9300f16888d9e25056ad47777cf381e mes5/i586/php-readline-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; 3f36ddacfd7d659d2aa33c0651f5cd21 mes5/i586/php-recode-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; b7da38add3614d2f9ab4f875ef0cc92e mes5/i586/php-session-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; da8502c5aa2059e9c67595e5c2cfb027 mes5/i586/php-shmop-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; 48ee235ff289babd4237b4c8cbbed0bf mes5/i586/php-snmp-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; 0e70969ff3822af88143605096f81f16 mes5/i586/php-soap-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; 5bedf2e45a5aebc47e03fd0050772a44 mes5/i586/php-sockets-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; 04ab937a9b54dac8ee40414a2083a557 mes5/i586/php-sqlite3-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; 1ba0398ca0de676080d6c1916705af87 mes5/i586/php-sqlite-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; 2b0d16304ab6e3d60b5d7362a41228f6 mes5/i586/php-sybase_ct-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; 9d0b16128381f8e0762ca4a260b16a0e mes5/i586/php-sysvmsg-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; b5df67f50fc9fc74070aca9543602852 mes5/i586/php-sysvsem-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; ac08e143a7a75e1c737e2a3b57864ee1 mes5/i586/php-sysvshm-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; eb816dafc55f1b9c4d70879636657212 mes5/i586/php-tidy-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; bff6ecb2de2ac2aa60ba3329251f7280 mes5/i586/php-timezonedb-2013.4-0.1mdvmes5.2.i586.rpm\r\n&gt; 14844090039d558385d5cd9dfdf36589 mes5/i586/php-tokenizer-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; 87024bf11e2e4473d42f1e274046f816 mes5/i586/php-wddx-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; 7e8754ee3e3906813887ba1f84a2a98b mes5/i586/php-xml-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; ea2fdf9cb085077224b5319d0887e558 mes5/i586/php-xmlreader-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; 768d97bf64f3e2848887ba2c1fec3251 mes5/i586/php-xmlrpc-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; 3225c44d75e38d711eec50561a7a7869 mes5/i586/php-xmlwriter-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; 144efbd1b0ef25659d4a69905f519383 mes5/i586/php-xsl-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; b93630598591194aa354f2aa13fe46d7 mes5/i586/php-zip-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; bf87de194976fad9dc10c3e7f1329185 mes5/i586/php-zlib-5.3.27-0.1mdvmes5.2.i586.rpm\r\n&gt; d08fda590c90745c3ca71b69201c518a mes5/SRPMS/apache-mod_php-5.3.27-0.1mdvmes5.2.src.rpm\r\n&gt; ae4f59b9c68278aab05d6feb4cf415bd mes5/SRPMS/php-5.3.27-0.1mdvmes5.2.src.rpm\r\n&gt; b9dc4f62d7dd3fdc8015691e67c105cc mes5/SRPMS/php-apc-3.1.13-0.5mdvmes5.2.src.rpm\r\n&gt; daed87613430472165c67aba22983146 mes5/SRPMS/php-eaccelerator-0.9.6.1-0.11mdvmes5.2.src.rpm\r\n&gt; f9ebbe9594224c4b0f2ce61fd51a2339 mes5/SRPMS/php-gd-bundled-5.3.27-0.1mdvmes5.2.src.rpm\r\n&gt; 0697671664727040ae04fec03a8113d5 mes5/SRPMS/php-ini-5.3.27-0.1mdvmes5.2.src.rpm\r\n&gt; a16687b0b02d5243b067f2909a855602 mes5/SRPMS/php-timezonedb-2013.4-0.1mdvmes5.2.src.rpm\r\n&gt;\r\n&gt; Mandriva Enterprise Server 5/X86_64:\r\n&gt; 697652ce5918260b7378df8b8482bff2 mes5/x86_64/apache-mod_php-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; 3fc3606f447194ef2ba1b4259e36d0f6 mes5/x86_64/lib64php5_common5-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; 48056fef628214a55f00429acf6cf57e mes5/x86_64/php-apc-3.1.13-0.5mdvmes5.2.x86_64.rpm\r\n&gt; b6aee3e2d91134e972b9241e2e3ea64e mes5/x86_64/php-apc-admin-3.1.13-0.5mdvmes5.2.x86_64.rpm\r\n&gt; 666544a4538ec1b982666f50811a0136 mes5/x86_64/php-bcmath-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; 93599d706c12066a27a54c8608af2387 mes5/x86_64/php-bz2-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; e88fe0a8ca5a42802659ef7f569f760f mes5/x86_64/php-calendar-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; 7dbcd3f76a098c4de27d8284e18ecdbc mes5/x86_64/php-cgi-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; 9c71abf547143b6b5e2704bbb16f73d0 mes5/x86_64/php-cli-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; 91c4e393df688f98e1de7e5b1bfe560d mes5/x86_64/php-ctype-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; cb9e867e7fec83bac5486ea678bc7c16 mes5/x86_64/php-curl-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; 3d66605bfc5689c0e83012b96a91fc14 mes5/x86_64/php-dba-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; c06f8bfb3dfa5d1ce9b675387dc11e05 mes5/x86_64/php-devel-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; 9fbdc6dfd9dcb116844ef63f3053d4a9 mes5/x86_64/php-doc-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; 5470fea5b29256f6c829b0b01c9ac420 mes5/x86_64/php-dom-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; 1670037fc2340c45f311cbb891ff4dfc mes5/x86_64/php-eaccelerator-0.9.6.1-0.11mdvmes5.2.x86_64.rpm\r\n&gt; ab571707cc7c9e26f565aeb7da7745d5 mes5/x86_64/php-eaccelerator-admin-0.9.6.1-0.11mdvmes5.2.x86_64.rpm\r\n&gt; 0f59ff9136986fc414819c21cedb7007 mes5/x86_64/php-enchant-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; ce7b1d192b60a4032ff82f2e2e93ef4c mes5/x86_64/php-exif-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; a40130ea8d6a36734413bfa6e838872d mes5/x86_64/php-fileinfo-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; f65574d3e8aa542fe7c9ff3e4ac569b0 mes5/x86_64/php-filter-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; 995999b94dab7b18a1bef6ea5bef9f39 mes5/x86_64/php-fpm-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; d30963d3e6134bedcfcac76fa7343185 mes5/x86_64/php-ftp-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; 509916771185806789eb025d468a7d71 mes5/x86_64/php-gd-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; 415b37c623470f7c4366db274576e75c mes5/x86_64/php-gd-bundled-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; cc781b167f3d0906c3cda108cc0407ae mes5/x86_64/php-gettext-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; f9df366797b10c1d6fdf1c3af817c30e mes5/x86_64/php-gmp-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; 1b0b3563a53baa863cf6b5a5d6e13d1c mes5/x86_64/php-hash-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; c71eb40d1146909d58e5f0b2e33e4d8e mes5/x86_64/php-iconv-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; 006d1f73612feed62212fead46eee8fc mes5/x86_64/php-imap-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; 8c184369d48e5bcf41a8dc31bafc4418 mes5/x86_64/php-ini-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; 5596056a590e379b5f2f4b51cb10ce6d mes5/x86_64/php-intl-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; c2aafdaff2fd18eee13a74e804e09bae mes5/x86_64/php-json-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; fae3288db05a5ce483ca020b7e7d7671 mes5/x86_64/php-ldap-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; 69229acb275f26ec2da065bd9b4089df mes5/x86_64/php-mbstring-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; b22d494e7bab4b24ef4be1c9d5136703 mes5/x86_64/php-mcrypt-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; 535a16d222c5ecdb0990557b33ff8380 mes5/x86_64/php-mssql-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; 4cce578bc708ea4d8e5e7cf5bfdca0c9 mes5/x86_64/php-mysql-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; ec662ea6a9419f1390ddfbeec6d1a37b mes5/x86_64/php-mysqli-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; 784be9eb1c06b9766385b047b58adb15 mes5/x86_64/php-mysqlnd-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; ce372affbb05b36a23ac17fd24f1ac42 mes5/x86_64/php-odbc-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; 87fffde5f2c743377a1dec3952b79ce1 mes5/x86_64/php-openssl-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; 8a14e360ebf63bbf490f11938a6523dc mes5/x86_64/php-pcntl-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; b8941452373a37c68dd777484807b4bf mes5/x86_64/php-pdo-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; d132bd6f57b59f9849f5bfd2ddb93a3e mes5/x86_64/php-pdo_dblib-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; 1401b237e7bec4b28a7f2153299f1cb3 mes5/x86_64/php-pdo_mysql-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; f68e51f8eeac99522239069669424aee mes5/x86_64/php-pdo_odbc-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; 8f765068b9674ca30282f439adf8b1d2 mes5/x86_64/php-pdo_pgsql-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; 8af4084f8870f5deff2e345a0f8c7e96 mes5/x86_64/php-pdo_sqlite-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; bcfab232435d988262d1a1bb8cc89a91 mes5/x86_64/php-pgsql-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; adc36613e02265647003e3044283d4fe mes5/x86_64/php-phar-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; e1ee3680ab8b95c5fd646a7edfdf97bd mes5/x86_64/php-posix-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; 47079d61843785c7c973e3b2e4f4725a mes5/x86_64/php-pspell-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; 564b47e3616fe90b94e9afb630ec2fe5 mes5/x86_64/php-readline-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; 477d940a270f86f649ab34c960661fc9 mes5/x86_64/php-recode-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; 9677b11bcb656af5a185e1cd75d20521 mes5/x86_64/php-session-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; 6b0d45503490fd814060a5b55ea69038 mes5/x86_64/php-shmop-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; a2bd55690c91daa015ea3ce9d45bdcd4 mes5/x86_64/php-snmp-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; 7bcfec32d1d9471654808afa80c0c767 mes5/x86_64/php-soap-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; 8e24f934ef6d0266b5aa92b63040e66f mes5/x86_64/php-sockets-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; 94e4d2fae52970ab956df1924372854f mes5/x86_64/php-sqlite3-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; 5ea986f7f7ba4a1f9f32dfc0ce4f38ca mes5/x86_64/php-sqlite-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; fbb32aa8ae6c7c673fd0c05b6e4a6a9b mes5/x86_64/php-sybase_ct-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; 41cb6d9f75472ed60058900de55f1e78 mes5/x86_64/php-sysvmsg-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; c61615d1c9581dd4cd014def61f3b58f mes5/x86_64/php-sysvsem-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; 4ad4cddd865dc5c78651ad8dc454c5dd mes5/x86_64/php-sysvshm-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; 55740724562bc1f2b50130a39909438e mes5/x86_64/php-tidy-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; 52593e8b36091e0d2860580b279d353a mes5/x86_64/php-timezonedb-2013.4-0.1mdvmes5.2.x86_64.rpm\r\n&gt; 89a49d756d8291e973872e686e8978bb mes5/x86_64/php-tokenizer-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; e14dc6aede31c58cbf30aa2f8f478ee7 mes5/x86_64/php-wddx-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; d2a993124b89a1c5a1d973d68c1c51aa mes5/x86_64/php-xml-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; 5bb9ceebe3b9f0ddaeced6965f0d2dd1 mes5/x86_64/php-xmlreader-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; 21a0a586c9fe202b30f24cc493ff011f mes5/x86_64/php-xmlrpc-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; e57dd6a325b3392c18aa80cf6e582e0f mes5/x86_64/php-xmlwriter-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; 18f37d16bc5323615b76a3251c9b488b mes5/x86_64/php-xsl-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; d023e553394edfc258a73b867bd63e7f mes5/x86_64/php-zip-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; 2b1053f0b88c99de4d8dbb62d144ab57 mes5/x86_64/php-zlib-5.3.27-0.1mdvmes5.2.x86_64.rpm\r\n&gt; d08fda590c90745c3ca71b69201c518a mes5/SRPMS/apache-mod_php-5.3.27-0.1mdvmes5.2.src.rpm\r\n&gt; ae4f59b9c68278aab05d6feb4cf415bd mes5/SRPMS/php-5.3.27-0.1mdvmes5.2.src.rpm\r\n&gt; b9dc4f62d7dd3fdc8015691e67c105cc mes5/SRPMS/php-apc-3.1.13-0.5mdvmes5.2.src.rpm\r\n&gt; daed87613430472165c67aba22983146 mes5/SRPMS/php-eaccelerator-0.9.6.1-0.11mdvmes5.2.src.rpm\r\n&gt; f9ebbe9594224c4b0f2ce61fd51a2339 mes5/SRPMS/php-gd-bundled-5.3.27-0.1mdvmes5.2.src.rpm\r\n&gt; 0697671664727040ae04fec03a8113d5 mes5/SRPMS/php-ini-5.3.27-0.1mdvmes5.2.src.rpm\r\n&gt; a16687b0b02d5243b067f2909a855602 mes5/SRPMS/php-timezonedb-2013.4-0.1mdvmes5.2.src.rpm\r\n&gt;\r\n&gt; Mandriva Business Server 1/X86_64:\r\n&gt; 75bded5ac83308a827431394dd64c8d0 mbs1/x86_64/apache-mod_php-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; c41c25303d1b93e21a156f4e47b28873 mbs1/x86_64/lib64php5_common5-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; c16b2ea8fd23f41f3a77988be5db4cfa mbs1/x86_64/php-apc-3.1.13-3.3.mbs1.x86_64.rpm\r\n&gt; 1cf130896be8a195da27906e621a7e1a mbs1/x86_64/php-apc-admin-3.1.13-3.3.mbs1.x86_64.rpm\r\n&gt; 0c1c0fd2bab96cff73cc31c20dddb566 mbs1/x86_64/php-bcmath-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; 9f81a37218a0d51d4359935dc00d075b mbs1/x86_64/php-bz2-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; 5aca27a4f143088ac65c0aa708bb12d7 mbs1/x86_64/php-calendar-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; 982aeda31a4791b28cd447e0ed38f3f7 mbs1/x86_64/php-cgi-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; a6a13ad22525a91c1f31e320179b970a mbs1/x86_64/php-cli-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; b315cf43b025854920ad039bf8827b17 mbs1/x86_64/php-ctype-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; 32431e64013954c0d382823e2d271625 mbs1/x86_64/php-curl-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; f9286e7daded5ed106846cdbfecfde18 mbs1/x86_64/php-dba-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; 1bfb7407b5ec95ac1e1db862a09d5d7b mbs1/x86_64/php-devel-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; e2f6e68ebdcdb69feb726f832e32fb50 mbs1/x86_64/php-dom-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; af5180f668d903526a721d16d12776d2 mbs1/x86_64/php-eaccelerator-0.9.6.1-12.3.mbs1.x86_64.rpm\r\n&gt; 041c7ec1161cab5a778f02774b8c8c1c mbs1/x86_64/php-eaccelerator-admin-0.9.6.1-12.3.mbs1.x86_64.rpm\r\n&gt; 12ee61fa0738858356407582c6e545d2 mbs1/x86_64/php-enchant-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; 82eb8960a60882e14dd41ff4ecd2aa01 mbs1/x86_64/php-exif-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; 8953cbdb4bf0ba9080640dc9f10fc97a mbs1/x86_64/php-fileinfo-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; fb44ad3198977723a8500620ff5c1bcd mbs1/x86_64/php-filter-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; a14d23167018924494bc69b28bf1f709 mbs1/x86_64/php-fpm-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; 88aa5854c0b5fd14d3e75e8efc1b4b88 mbs1/x86_64/php-ftp-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; 6ffe367315d4485a7890c107ca3047d4 mbs1/x86_64/php-gd-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; dc6ae8bd0ceda7e5dce0b4f1ba74b006 mbs1/x86_64/php-gd-bundled-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; af84517e4d0f4538d92fd92cad557098 mbs1/x86_64/php-gettext-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; d505df5be8a4ef178ae2a2d5af894be0 mbs1/x86_64/php-gmp-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; 2710fb6798654bf0ad310b11b96a3a95 mbs1/x86_64/php-hash-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; 4ab8bac931dbfcf2f392e1ade55ef247 mbs1/x86_64/php-iconv-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; eee7240c90d86f78ee2cb92e744665fa mbs1/x86_64/php-imap-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; f7ecce834029092845da3bfd2ba3fa9e mbs1/x86_64/php-ini-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; a3d35dc7aa6505c2e5bba2f9050a8c9f mbs1/x86_64/php-intl-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; ae0e54ac3ced67a3f9bb7de5015da501 mbs1/x86_64/php-json-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; b711e2526bb9fa1f22249c733a4b4345 mbs1/x86_64/php-ldap-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; ea652f11230b70b28cd1e911bc5d941a mbs1/x86_64/php-mbstring-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; c3cc881a9e18a3bb16b8b8bf6f6f4e01 mbs1/x86_64/php-mcrypt-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; 63be023f5badcebbec008461fd4446ae mbs1/x86_64/php-mssql-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; 6983e5e43ed797e9ec9d89935b91b90a mbs1/x86_64/php-mysql-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; d0eafd4b4bcc8a43dbbcd45ff6c6ca27 mbs1/x86_64/php-mysqli-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; 08267b8cdfd618227978f97f1a0edb66 mbs1/x86_64/php-mysqlnd-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; abc826a5af1d8fa7413a7300d64e8f59 mbs1/x86_64/php-odbc-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; 9795c0b61e54b67f4b4c12cabaed76df mbs1/x86_64/php-openssl-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; 60952041bf3e49017b7ea6ab582bfc32 mbs1/x86_64/php-pcntl-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; 7dd080abe4e3c3d2657ad28fb8fa4c3c mbs1/x86_64/php-pdo-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; e6f6be01cee9715b2552e3516ee459bd mbs1/x86_64/php-pdo_dblib-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; 49dbe30755542f9a1cfea4d8fa325677 mbs1/x86_64/php-pdo_mysql-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; 92442e9680adf9cf2efb6834e8cdc5fb mbs1/x86_64/php-pdo_odbc-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; bbe73415c9b4ac708e677e1f3249f89b mbs1/x86_64/php-pdo_pgsql-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; 6f34525b1d845465b9bd06a75a842d29 mbs1/x86_64/php-pdo_sqlite-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; e58eba345e8f6b66102ce87d70849ca8 mbs1/x86_64/php-pgsql-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; e6ef2a6112dd7b3ea83c7c5c9ef673d1 mbs1/x86_64/php-phar-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; 736ded804ae4848de712549369745fd3 mbs1/x86_64/php-posix-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; baeae8e69db5e024a013679d5b041139 mbs1/x86_64/php-readline-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; 8dcee05da13e9061bcf2b0547a822e2a mbs1/x86_64/php-recode-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; dfc2e837d0a3d4e5e4ea906e579b2c1c mbs1/x86_64/php-session-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; 674b49477fcbcd8d351d535e164c0e99 mbs1/x86_64/php-shmop-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; c7d5e9a614411c46a20958606f0473b0 mbs1/x86_64/php-snmp-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; 95e1afd7a594cf02957a233d41dd1401 mbs1/x86_64/php-soap-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; d10f6561da044328cb4f1da28da4203b mbs1/x86_64/php-sockets-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; f2d3e41ec14793317286825771f761fb mbs1/x86_64/php-sqlite3-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; d474906044d4e273da43199222fe32b5 mbs1/x86_64/php-sqlite-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; e02c225c25fcb10087e25979ee4aa8a9 mbs1/x86_64/php-sybase_ct-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; 88555ab9bcabe068b9e5a5cd01a63fb2 mbs1/x86_64/php-sysvmsg-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; db744fd1790ce682f1915164bb6c46d1 mbs1/x86_64/php-sysvsem-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; 9df56cd887104cf39c494a85c62fe624 mbs1/x86_64/php-sysvshm-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; 959b348fa48ef1bd24349f6d8474b07c mbs1/x86_64/php-tidy-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; 905448075a8b0ddb1edaeb76a515adbd mbs1/x86_64/php-timezonedb-2013.4-1.mbs1.x86_64.rpm\r\n&gt; e5a471f627585d375fc7c45bb877abbf mbs1/x86_64/php-tokenizer-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; 9055271ad0b2afadcea3413ee0846094 mbs1/x86_64/php-wddx-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; 241644927b57c8b20a892f9a7dd5ae5d mbs1/x86_64/php-xml-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; c2e9a295fb3f64fab8ceebad762d6edb mbs1/x86_64/php-xmlreader-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; 3af470f0a84da1e7c73bd00aad7e8fde mbs1/x86_64/php-xmlrpc-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; c13ebdfd28e43bec659ec2bf679b9052 mbs1/x86_64/php-xmlwriter-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; fe6f8ac37c04f89610f017dc782f6010 mbs1/x86_64/php-xsl-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; 0302a68701a09d9735428cd8486e4d8f mbs1/x86_64/php-zip-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; 0ab9dd41b6501fb391b7d91c7e7b1510 mbs1/x86_64/php-zlib-5.3.27-1.mbs1.x86_64.rpm\r\n&gt; b46f013c57009fa568a305be1f254a3d mbs1/SRPMS/php-5.3.27-1.mbs1.src.rpm\r\n&gt; ed7390405d9a166f9e36644e90a3c1b0 mbs1/SRPMS/php-apc-3.1.13-3.3.mbs1.src.rpm\r\n&gt; e3bfe4bd08682f6bb4b93944bc8fabac mbs1/SRPMS/php-eaccelerator-0.9.6.1-12.3.mbs1.src.rpm\r\n&gt; 76f25df1bea03d76a89f29606f495fec mbs1/SRPMS/php-gd-bundled-5.3.27-1.mbs1.src.rpm\r\n&gt; b6a9e14cace26e625c90019700602ae5 mbs1/SRPMS/php-timezonedb-2013.4-1.mbs1.src.rpm\r\n&gt; _______________________________________________________________________\r\n&gt;\r\n&gt; To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n&gt; of md5 checksums and GPG signatures is performed automatically for you.\r\n&gt;\r\n&gt; All packages are signed by Mandriva for security. You can obtain the\r\n&gt; GPG public key of the Mandriva Security Team by executing:\r\n&gt;\r\n&gt; gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n&gt;\r\n&gt; You can view other update advisories for Mandriva Linux at:\r\n&gt;\r\n&gt; http://www.mandriva.com/en/support/security/advisories/\r\n&gt;\r\n&gt; If you want to report vulnerabilities, please contact\r\n&gt;\r\n&gt; security_&#40;at&#41;_mandriva.com\r\n&gt; _______________________________________________________________________\r\n&gt;\r\n&gt; Type Bits/KeyID Date User ID\r\n&gt; pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n&gt; &lt;security*mandriva.com&gt;\r\n&gt; -----BEGIN PGP SIGNATURE-----\r\n&gt; Version: GnuPG v1.4.12 &#40;GNU/Linux&#41;\r\n&gt;\r\n&gt; iD8DBQFR4BdymqjQ0CJFipgRAq00AKCAYyUzDi7egJaYvZqvg4RtMn4WRwCfc5wk\r\n&gt; WVEnjcFUYPlgs5O07pow2iY=\r\n&gt; =aZL0\r\n&gt; -----END PGP SIGNATURE-----\r\n&gt;\r\n", "modified": "2013-07-16T00:00:00", "published": "2013-07-16T00:00:00", "id": "SECURITYVULNS:DOC:29609", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29609", "title": "Re: [ MDVSA-2013:195 ] php", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:52", "bulletinFamily": "software", "description": "Memory corruption in XML parsing, jdtojewish function DoS.", "modified": "2013-07-16T00:00:00", "published": "2013-07-16T00:00:00", "id": "SECURITYVULNS:VULN:13189", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13189", "title": "PHP memory corruption", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2018-08-31T01:14:55", "bulletinFamily": "unix", "description": "\nThe PHP development team reports:\n\next/xml/xml.c in PHP before 5.3.27 does not properly\n\t consider parsing depth, which allows remote attackers to\n\t cause a denial of service (heap memory corruption) or\n\t possibly have unspecified other impact via a crafted\n\t document that is processed by the xml_parse_into_struct\n\t function.\n\n", "modified": "2013-07-10T00:00:00", "published": "2013-07-10T00:00:00", "id": "31B145F2-D9D3-49A9-8023-11CF742205DC", "href": "https://vuxml.freebsd.org/freebsd/31b145f2-d9d3-49a9-8023-11cf742205dc.html", "title": "PHP5 -- Heap corruption in XML parser", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:40", "bulletinFamily": "unix", "description": "It was discovered that PHP incorrectly handled the xml_parse_into_struct function. If a PHP application parsed untrusted XML, an attacker could use this flaw with a specially-crafted XML document to cause PHP to crash, resulting in a denial of service, or to possibly execute arbitrary code. (CVE-2013-4113)\n\nIt was discovered that PHP incorrectly handled the jdtojewish function. An attacker could use this flaw to cause PHP to crash, resulting in a denial of service. (CVE-2013-4635)", "modified": "2013-07-16T00:00:00", "published": "2013-07-16T00:00:00", "id": "USN-1905-1", "href": "https://usn.ubuntu.com/1905-1/", "title": "PHP vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T11:45:48", "bulletinFamily": "unix", "description": "The following security issues have been fixed:\n\n * CVE-2013-4635 (bnc#828020): o Integer overflow in\n SdnToJewish()\n * CVE-2013-4113 (bnc#829207): o heap corruption due to\n badly formed xml\n\n Security Issues:\n\n * CVE-2013-4113\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4113\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4113</a>\n &gt;\n * CVE-2013-4635\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4635\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4635</a>\n &gt;\n\n", "modified": "2013-08-09T23:04:13", "published": "2013-08-09T23:04:13", "id": "SUSE-SU-2013:1316-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00007.html", "title": "Security update for PHP5 (important)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:47:01", "bulletinFamily": "unix", "description": "The following security issues have been fixed:\n\n * CVE-2013-4635 (bnc#828020): o Integer overflow in\n SdnToJewish()\n * CVE-2013-1635 and CVE-2013-1643 (bnc#807707): o\n reading system files via untrusted SOAP input o\n soap.wsdl_cache_dir function did not honour PHP open_basedir\n * CVE-2013-4113 (bnc#829207): o heap corruption due to\n badly formed xml\n", "modified": "2013-08-01T00:04:12", "published": "2013-08-01T00:04:12", "id": "SUSE-SU-2013:1285-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00034.html", "title": "Security update for PHP5 (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:32:37", "bulletinFamily": "unix", "description": "The following security issues have been fixed:\n\n * CVE-2013-4635 (bnc#828020): o Integer overflow in\n SdnToJewish()\n * CVE-2013-1635 and CVE-2013-1643 (bnc#807707): o\n reading system files via untrusted SOAP input o\n soap.wsdl_cache_dir function did not honour PHP open_basedir\n * CVE-2013-4113 (bnc#829207): o heap corruption due to\n badly formed xml\n\n Security Issues:\n\n * CVE-2013-4635\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4635\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4635</a>\n &gt;\n * CVE-2013-4113\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4113\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4113</a>\n &gt;\n * CVE-2013-1635\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1635\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1635</a>\n &gt;\n * CVE-2013-1643\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1643\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1643</a>\n &gt;\n\n", "modified": "2013-08-09T23:04:20", "published": "2013-08-09T23:04:20", "id": "SUSE-SU-2013:1317-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00009.html", "type": "suse", "title": "Security update for PHP5 (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:52:15", "bulletinFamily": "unix", "description": "The following security issues have been fixed:\n\n * CVE-2013-4635 (bnc#828020): o Integer overflow in\n SdnToJewish()\n * CVE-2013-1635 and CVE-2013-1643 (bnc#807707): o\n reading system files via untrusted SOAP input o\n soap.wsdl_cache_dir function did not honour PHP open_basedir\n * CVE-2013-4113 (bnc#829207): o heap corruption due to\n badly formed xml\n", "modified": "2013-08-09T23:04:16", "published": "2013-08-09T23:04:16", "id": "SUSE-SU-2013:1285-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00008.html", "type": "suse", "title": "Security update for PHP5 (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:42:03", "bulletinFamily": "unix", "description": "The following security issues have been fixed in PHP5:\n\n *\n\n CVE-2013-4635: Integer overflow in the SdnToJewish\n function in jewish.c in the Calendar component in PHP\n allowed context-dependent attackers to cause a denial of\n service (application hang) via a large argument to the\n jdtojewish function.\n\n *\n\n CVE-2013-1635: ext/soap/soap.c in PHP did not\n validate the relationship between the soap.wsdl_cache_dir\n directive and the open_basedir directive, which allowed\n remote attackers to bypass intended access restrictions by\n triggering the creation of cached SOAP WSDL files in an\n arbitrary directory.\n\n *\n\n CVE-2013-1643: The SOAP parser in PHP allowed remote\n attackers to read arbitrary files via a SOAP WSDL file\n containing an XML external entity declaration in\n conjunction with an entity reference, related to an XML\n External Entity (XXE) issue in the soap_xmlParseFile and\n soap_xmlParseMemory functions.\n\n *\n\n CVE-2013-4113: ext/xml/xml.c in PHP before 5.3.27\n does not properly consider parsing depth, which allows\n remote attackers to cause a denial of service (heap memory\n corruption) or possibly have unspecified other impact via a\n crafted document that is processed by the\n xml_parse_into_struct function.\n\n *\n\n CVE-2011-1398 / CVE-2012-4388: The sapi_header_op\n function in main/SAPI.c in PHP did not check for %0D\n sequences (aka carriage return characters), which allowed\n remote attackers to bypass an HTTP response-splitting\n protection mechanism via a crafted URL, related to improper\n interaction between the PHP header function and certain\n browsers, as demonstrated by Internet Explorer and Google\n Chrome.\n\n A hardening measure has been implemented without CVE:\n\n * use FilesMatch with 'SetHandler' rather than\n 'AddHandler' [bnc#775852]\n * fixed php bug #43200 (Interface implementation /\n inheritence not possible in abstract classes) [bnc#783239]\n", "modified": "2013-08-09T22:04:14", "published": "2013-08-09T22:04:14", "id": "SUSE-SU-2013:1315-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.html", "type": "suse", "title": "Security update for PHP5 (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}