{"cve": [{"lastseen": "2017-04-18T15:54:45", "bulletinFamily": "NVD", "description": "The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.", "modified": "2017-01-06T21:59:47", "published": "2014-03-21T10:55:12", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2497", "id": "CVE-2014-2497", "title": "CVE-2014-2497", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:22:17", "bulletinFamily": "scanner", "description": "CVE-2014-2497 gd: NULL pointer dereference in : gdImageCreateFromXpm()\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-05T00:00:00", "id": "FEDORA_2014-8458.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=77206", "published": "2014-08-15T00:00:00", "title": "Fedora 20 : gd-2.1.0-6.fc20 (2014-8458)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-8458.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77206);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/12/05 20:31:22\");\n\n script_cve_id(\"CVE-2014-2497\");\n script_bugtraq_id(66233);\n script_xref(name:\"FEDORA\", value:\"2014-8458\");\n\n script_name(english:\"Fedora 20 : gd-2.1.0-6.fc20 (2014-8458)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2014-2497 gd: NULL pointer dereference in : gdImageCreateFromXpm()\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1076676\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-August/136491.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?af959355\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"gd-2.1.0-6.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gd\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:22:02", "bulletinFamily": "scanner", "description": "Updated gd and libgd packages fix security vulnerability :\n\nThe gdImageCreateFromXpm function in gdxpm.c in the gd image library allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file (CVE-2014-2497).", "modified": "2019-01-02T00:00:00", "id": "MANDRIVA_MDVSA-2014-133.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=76469", "published": "2014-07-11T00:00:00", "title": "Mandriva Linux Security Advisory : gd (MDVSA-2014:133)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:133. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76469);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/01/02 16:37:54\");\n\n script_cve_id(\"CVE-2014-2497\");\n script_bugtraq_id(66233);\n script_xref(name:\"MDVSA\", value:\"2014:133\");\n\n script_name(english:\"Mandriva Linux Security Advisory : gd (MDVSA-2014:133)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated gd and libgd packages fix security vulnerability :\n\nThe gdImageCreateFromXpm function in gdxpm.c in the gd image library\nallows remote attackers to cause a denial of service (NULL pointer\ndereference and application crash) via a crafted color table in an XPM\nfile (CVE-2014-2497).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0288.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gd-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gd-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gd2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"gd-utils-2.0.35-19.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64gd-devel-2.0.35-19.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64gd-static-devel-2.0.35-19.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64gd2-2.0.35-19.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:23:18", "bulletinFamily": "scanner", "description": "Previous patch of #1076676 introduced memory leak.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-05T00:00:00", "id": "FEDORA_2015-0432.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80837", "published": "2015-01-20T00:00:00", "title": "Fedora 21 : gd-2.1.0-8.fc21 (2015-0432)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-0432.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80837);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/12/05 20:31:22\");\n\n script_cve_id(\"CVE-2014-2497\");\n script_bugtraq_id(66233);\n script_xref(name:\"FEDORA\", value:\"2015-0432\");\n\n script_name(english:\"Fedora 21 : gd-2.1.0-8.fc21 (2015-0432)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Previous patch of #1076676 introduced memory leak.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1076676\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-January/148320.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ba3f4fbd\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"gd-2.1.0-8.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gd\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:23:19", "bulletinFamily": "scanner", "description": "Previous patch of #1076676 introduced memory leak.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-05T00:00:00", "id": "FEDORA_2015-0503.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80873", "published": "2015-01-21T00:00:00", "title": "Fedora 20 : gd-2.1.0-8.fc20 (2015-0503)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-0503.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80873);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/12/05 20:31:22\");\n\n script_cve_id(\"CVE-2014-2497\");\n script_bugtraq_id(66233);\n script_xref(name:\"FEDORA\", value:\"2015-0503\");\n\n script_name(english:\"Fedora 20 : gd-2.1.0-8.fc20 (2015-0503)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Previous patch of #1076676 introduced memory leak.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1076676\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-January/148352.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6635adb7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"gd-2.1.0-8.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gd\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:24:12", "bulletinFamily": "scanner", "description": "PHP5 has been updated to fix two security vulnerabilities :\n\n - Heap-based buffer overflow in DNS TXT record parsing (CVE-2014-4049)\n\n - NULL pointer dereference in GD XPM decoder (CVE-2014-2497)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2015-05-20T00:00:00", "id": "SUSE_SU-2014-0868-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83630", "published": "2015-05-20T00:00:00", "title": "SUSE SLES11 Security Update : PHP5 (SUSE-SU-2014:0868-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2014:0868-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83630);\n script_version(\"$Revision: 2.1 $\");\n script_cvs_date(\"$Date: 2015/05/20 15:11:10 $\");\n\n script_cve_id(\"CVE-2014-2497\", \"CVE-2014-4049\");\n script_bugtraq_id(66233, 68007);\n\n script_name(english:\"SUSE SLES11 Security Update : PHP5 (SUSE-SU-2014:0868-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"PHP5 has been updated to fix two security vulnerabilities :\n\n - Heap-based buffer overflow in DNS TXT record parsing\n (CVE-2014-4049)\n\n - NULL pointer dereference in GD XPM decoder\n (CVE-2014-2497)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://download.suse.com/patch/finder/?keywords=5a6e6d1523035a22186fef4bad38da0d\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dc8643d8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-2497.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-4049.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/868624\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/882992\"\n );\n # https://www.suse.com/support/update/announcement/2014/suse-su-20140868-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d6bd146b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11 SP2 LTSS :\n\nzypper in -t patch slessp2-apache2-mod_php5-9409\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-hash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! ereg(pattern:\"^2$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"apache2-mod_php5-5.2.14-0.7.30.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-5.2.14-0.7.30.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-bcmath-5.2.14-0.7.30.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-bz2-5.2.14-0.7.30.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-calendar-5.2.14-0.7.30.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-ctype-5.2.14-0.7.30.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-curl-5.2.14-0.7.30.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-dba-5.2.14-0.7.30.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-dbase-5.2.14-0.7.30.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-dom-5.2.14-0.7.30.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-exif-5.2.14-0.7.30.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-fastcgi-5.2.14-0.7.30.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-ftp-5.2.14-0.7.30.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-gd-5.2.14-0.7.30.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-gettext-5.2.14-0.7.30.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-gmp-5.2.14-0.7.30.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-hash-5.2.14-0.7.30.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-iconv-5.2.14-0.7.30.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-json-5.2.14-0.7.30.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-ldap-5.2.14-0.7.30.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-mbstring-5.2.14-0.7.30.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-mcrypt-5.2.14-0.7.30.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-mysql-5.2.14-0.7.30.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-odbc-5.2.14-0.7.30.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-openssl-5.2.14-0.7.30.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-pcntl-5.2.14-0.7.30.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-pdo-5.2.14-0.7.30.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-pear-5.2.14-0.7.30.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-pgsql-5.2.14-0.7.30.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-pspell-5.2.14-0.7.30.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-shmop-5.2.14-0.7.30.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-snmp-5.2.14-0.7.30.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-soap-5.2.14-0.7.30.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-suhosin-5.2.14-0.7.30.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-sysvmsg-5.2.14-0.7.30.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-sysvsem-5.2.14-0.7.30.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-sysvshm-5.2.14-0.7.30.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-tokenizer-5.2.14-0.7.30.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-wddx-5.2.14-0.7.30.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-xmlreader-5.2.14-0.7.30.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-xmlrpc-5.2.14-0.7.30.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-xmlwriter-5.2.14-0.7.30.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-xsl-5.2.14-0.7.30.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-zip-5.2.14-0.7.30.54.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-zlib-5.2.14-0.7.30.54.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"PHP5\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:23:55", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities were discovered in libgd2, a graphics library :\n\nCVE-2014-2497\n\nThe gdImageCreateFromXpm() function would try to dereference a NULL pointer when reading an XPM file with a special color table. This could allow remote attackers to cause a denial of service (crash) via crafted XPM files.\n\nCVE-2014-9709\n\nImporting an invalid GIF file using the gdImageCreateFromGif() function would cause a read buffer overflow that could allow remote attackers to cause a denial of service (crash) via crafted GIF files.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-07-06T00:00:00", "id": "DEBIAN_DLA-189.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82646", "published": "2015-04-09T00:00:00", "title": "Debian DLA-189-1 : libgd2 security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-189-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82646);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/07/06 11:26:06\");\n\n script_cve_id(\"CVE-2014-2497\", \"CVE-2014-9709\");\n script_bugtraq_id(66233, 73306);\n\n script_name(english:\"Debian DLA-189-1 : libgd2 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were discovered in libgd2, a graphics \nlibrary :\n\nCVE-2014-2497\n\nThe gdImageCreateFromXpm() function would try to dereference a NULL pointer when reading an XPM file with a special color table. This\ncould allow remote attackers to cause a denial of service (crash) via\ncrafted XPM files.\n\nCVE-2014-9709\n\nImporting an invalid GIF file using the gdImageCreateFromGif()\nfunction would cause a read buffer overflow that could allow remote\nattackers to cause a denial of service (crash) via crafted GIF files.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/04/msg00003.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/libgd2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgd2-noxpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgd2-noxpm-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgd2-xpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgd2-xpm-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libgd-tools\", reference:\"2.0.36~rc1~dfsg-5+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libgd2-noxpm\", reference:\"2.0.36~rc1~dfsg-5+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libgd2-noxpm-dev\", reference:\"2.0.36~rc1~dfsg-5+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libgd2-xpm\", reference:\"2.0.36~rc1~dfsg-5+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libgd2-xpm-dev\", reference:\"2.0.36~rc1~dfsg-5+deb6u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:23:51", "bulletinFamily": "scanner", "description": "Updated libgd packages fix security vulnerabilities :\n\nThe gdImageCreateFromXpm function in gdxpm.c in the gd image library allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file (CVE-2014-2497).\n\nA buffer read overflow in gd_gif_in.c in the php#68601 bug referenced in the PHP 5.5.21 ChangeLog has been fixed in the libgd package.", "modified": "2018-07-19T00:00:00", "id": "MANDRIVA_MDVSA-2015-153.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82406", "published": "2015-03-30T00:00:00", "title": "Mandriva Linux Security Advisory : libgd (MDVSA-2015:153)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:153. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82406);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/19 20:59:19\");\n\n script_cve_id(\"CVE-2014-2497\", \"CVE-2014-9709\");\n script_xref(name:\"MDVSA\", value:\"2015:153\");\n\n script_name(english:\"Mandriva Linux Security Advisory : libgd (MDVSA-2015:153)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libgd packages fix security vulnerabilities :\n\nThe gdImageCreateFromXpm function in gdxpm.c in the gd image library\nallows remote attackers to cause a denial of service (NULL pointer\ndereference and application crash) via a crafted color table in an XPM\nfile (CVE-2014-2497).\n\nA buffer read overflow in gd_gif_in.c in the php#68601 bug referenced\nin the PHP 5.5.21 ChangeLog has been fixed in the libgd package.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0288.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2015-0040.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gd-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gd-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gd3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"gd-utils-2.1.0-6.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64gd-devel-2.1.0-6.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64gd-static-devel-2.1.0-6.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64gd3-2.1.0-6.1.mbs2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:23:54", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities were discovered in libgd2, a graphics library :\n\n - CVE-2014-2497 The gdImageCreateFromXpm() function would try to dereference a NULL pointer when reading an XPM file with a special color table. This could allow remote attackers to cause a denial of service (crash) via crafted XPM files.\n\n - CVE-2014-9709 Importing an invalid GIF file using the gdImageCreateFromGif() function would cause a read buffer overflow that could allow remote attackers to cause a denial of service (crash) via crafted GIF files.", "modified": "2018-11-28T00:00:00", "id": "DEBIAN_DSA-3215.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82623", "published": "2015-04-08T00:00:00", "title": "Debian DSA-3215-1 : libgd2 - security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3215. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82623);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/28 22:47:42\");\n\n script_cve_id(\"CVE-2014-2497\", \"CVE-2014-9709\");\n script_bugtraq_id(66233, 73306);\n script_xref(name:\"DSA\", value:\"3215\");\n\n script_name(english:\"Debian DSA-3215-1 : libgd2 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were discovered in libgd2, a graphics library\n:\n\n - CVE-2014-2497\n The gdImageCreateFromXpm() function would try to\n dereference a NULL pointer when reading an XPM file with\n a special color table. This could allow remote attackers\n to cause a denial of service (crash) via crafted XPM\n files.\n\n - CVE-2014-9709\n Importing an invalid GIF file using the\n gdImageCreateFromGif() function would cause a read\n buffer overflow that could allow remote attackers to\n cause a denial of service (crash) via crafted GIF files.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744719\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-2497\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/libgd2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3215\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libgd2 packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 2.0.36~rc1~dfsg-6.1+deb7u1.\n\nFor the upcoming stable distribution (jessie), these problems have\nbeen fixed in version 2.1.0-5.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgd2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libgd-tools\", reference:\"2.0.36~rc1~dfsg-6.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgd2-noxpm\", reference:\"2.0.36~rc1~dfsg-6.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgd2-noxpm-dev\", reference:\"2.0.36~rc1~dfsg-6.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgd2-xpm\", reference:\"2.0.36~rc1~dfsg-6.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgd2-xpm-dev\", reference:\"2.0.36~rc1~dfsg-6.1+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:27:27", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201607-04 (GD: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in GD. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "modified": "2016-10-10T00:00:00", "id": "GENTOO_GLSA-201607-04.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=92348", "published": "2016-07-18T00:00:00", "title": "GLSA-201607-04 : GD: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201607-04.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92348);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2016/10/10 14:25:16 $\");\n\n script_cve_id(\"CVE-2014-2497\", \"CVE-2014-9709\", \"CVE-2016-3074\");\n script_xref(name:\"GLSA\", value:\"201607-04\");\n\n script_name(english:\"GLSA-201607-04 : GD: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201607-04\n(GD: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in GD. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201607-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All GD users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/gd-2.2.2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/gd\", unaffected:make_list(\"ge 2.2.2\"), vulnerable:make_list(\"lt 2.2.2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GD\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:22:32", "bulletinFamily": "scanner", "description": "A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.\n\ngd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function.\n\nThe gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.\n\nInteger overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE:\nthis vulnerability exists because of an incomplete fix for CVE-2012-1571 .", "modified": "2018-04-18T00:00:00", "id": "ALA_ALAS-2014-415.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78358", "published": "2014-10-12T00:00:00", "title": "Amazon Linux AMI : php55 (ALAS-2014-415)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-415.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78358);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2012-1571\", \"CVE-2014-2497\", \"CVE-2014-3587\", \"CVE-2014-5120\");\n script_xref(name:\"ALAS\", value:\"2014-415\");\n\n script_name(english:\"Amazon Linux AMI : php55 (ALAS-2014-415)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A denial of service flaw was found in the way the File Information\n(fileinfo) extension parsed certain Composite Document Format (CDF)\nfiles. A remote attacker could use this flaw to crash a PHP\napplication using fileinfo via a specially crafted CDF file.\n\ngd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x\nbefore 5.5.16 does not ensure that pathnames lack %00 sequences, which\nmight allow remote attackers to overwrite arbitrary files via crafted\ninput to an application that calls the (1) imagegd, (2) imagegd2, (3)\nimagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp\nfunction.\n\nThe gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP\n5.4.26 and earlier, allows remote attackers to cause a denial of\nservice (NULL pointer dereference and application crash) via a crafted\ncolor table in an XPM file.\n\nInteger overflow in the cdf_read_property_info function in cdf.c in\nfile through 5.19, as used in the Fileinfo component in PHP before\n5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a\ndenial of service (application crash) via a crafted CDF file. NOTE:\nthis vulnerability exists because of an incomplete fix for\nCVE-2012-1571 .\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-415.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update php55' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"php55-5.5.17-1.90.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-bcmath-5.5.17-1.90.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-cli-5.5.17-1.90.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-common-5.5.17-1.90.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-dba-5.5.17-1.90.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-debuginfo-5.5.17-1.90.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-devel-5.5.17-1.90.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-embedded-5.5.17-1.90.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-enchant-5.5.17-1.90.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-fpm-5.5.17-1.90.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-gd-5.5.17-1.90.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-gmp-5.5.17-1.90.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-imap-5.5.17-1.90.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-intl-5.5.17-1.90.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-ldap-5.5.17-1.90.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-mbstring-5.5.17-1.90.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-mcrypt-5.5.17-1.90.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-mssql-5.5.17-1.90.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-mysqlnd-5.5.17-1.90.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-odbc-5.5.17-1.90.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-opcache-5.5.17-1.90.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-pdo-5.5.17-1.90.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-pgsql-5.5.17-1.90.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-process-5.5.17-1.90.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-pspell-5.5.17-1.90.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-recode-5.5.17-1.90.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-snmp-5.5.17-1.90.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-soap-5.5.17-1.90.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-tidy-5.5.17-1.90.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-xml-5.5.17-1.90.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-xmlrpc-5.5.17-1.90.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php55 / php55-bcmath / php55-cli / php55-common / php55-dba / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "seebug": [{"lastseen": "2017-11-19T17:30:33", "bulletinFamily": "exploit", "description": "Bugtraq ID:66233\r\nCVE ID:CVE-2014-2497\r\n\r\nphp-gd\u662f\u4e00\u4e2a\u56fe\u7247\u5904\u7406\u6269\u5c55\u5e93\u3002\r\n\r\nphp-gd 'gdxpm.c'\u4e2d\u7684gdImageCreateFromXpm()\u51fd\u6570\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8c03\u7528strlen()\u89e3\u6790image.colorTable[i].c_color\u65f6\u5b58\u5728\u7a7a\u6307\u9488\u5f15\u7528\u9519\u8bef\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u4f7f\u94fe\u63a5\u6b64\u5e93\u7684\u5e94\u7528\u5d29\u6e83\u3002\n0\nphp-gd <= v5.4.17-2\n\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a\r\nhttp://www.php.net/", "modified": "2014-03-17T00:00:00", "published": "2014-03-17T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61811", "id": "SSV:61811", "title": "php-gd 'gdxpm.c'\u7a7a\u6307\u9488\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "type": "seebug", "sourceData": "\n php > imagecreatefromxpm("monochome-poc.xpm");\r\n\r\n(gdb) p colorTable[0]\r\n$2 = {string = 0x7fa6cec524c0 "A", symbolic = 0x0, m_color = 0x0, g4_color = 0x0, g_color = 0x0, c_color = 0x7fa6cec58650 "#FFFFFF"}\r\n(gdb) p colorTable[1]\r\n$3 = {string = 0x7fa6cec58670 "B", symbolic = 0x0, m_color = 0x0, g4_color = 0x0, g_color = 0x0, c_color = 0x7fa6cec58690 "#CCCCCC"}\r\n(gdb) p colorTable[2]\r\n$4 = {string = 0x7fa6cec586b0 "C", symbolic = 0x0, m_color = 0x0, g4_color = 0x0, g_color = 0x0, c_color = 0x7fa6cec586d0 "#999999"}\r\n(gdb) p colorTable[3]\r\n$5 = {string = 0x7fa6cec586f0 "D", symbolic = 0x0, m_color = 0x7fa6cec58710 "#666666", g4_color = 0x0, g_color = 0x0, c_color = 0x0}\r\n(gdb) p colorTable[4]\r\n$6 = {string = 0x7fa6cec58730 "E", symbolic = 0x0, m_color = 0x0, g4_color = 0x0, g_color = 0x0, c_color = 0x7fa6cec58750 "#333333"}\r\n(gdb) p colorTable[5]\r\n$7 = {string = 0x7fa6cec58770 "F", symbolic = 0x0, m_color = 0x0, g4_color = 0x0, g_color = 0x0, c_color = 0x7fa6cec58790 "#000000"}\r\n(gdb) c\r\nContinuing.\r\n\r\nProgram received signal SIGSEGV, Segmentation fault.\r\n__strlen_sse2_pminub () at ../sysdeps/x86_64/multiarch/strlen-sse2-pminub.S:39\r\n39\t\tmovdqu\t(%rdi), %xmm1\r\n(gdb) bt\r\n#0 __strlen_sse2_pminub () at ../sysdeps/x86_64/multiarch/strlen-sse2-pminub.S:39\r\n#1 0x00007f009474942a in gdImageCreateFromXpm (filename=<optimized out>) at /usr/src/debug/php-5.4.17/ext/gd/libgd/gdxpm.c:42\r\n#2 0x00007f009473d2c2 in _php_image_create_from (ht=<optimized out>, return_value=0x7f00a169be98, image_type=6, tn=0x7f0094753c00 "XPM", func_p=0x7f0094749340 <gdImageCreateFromXpm>, \r\n ioctx_func_p=<optimized out>, return_value_used=<optimized out>, this_ptr=<optimized out>, return_value_ptr=<optimized out>) at /usr/src/debug/php-5.4.17/ext/gd/gd.c:2534\r\n#3 0x00007f00a19e5181 in zend_do_fcall_common_helper_SPEC (execute_data=0x7f00a1665060) at /usr/src/debug/php-5.4.17/Zend/zend_vm_execute.h:643\r\n#4 0x00007f00a199f017 in execute (op_array=0x7f00a169acf8) at /usr/src/debug/php-5.4.17/Zend/zend_vm_execute.h:410\r\n#5 0x00007f00a1932976 in zend_eval_stringl (str=str@entry=0x7f00a1699c88 "imagecreatefromxpm(\\"0day/zero-day2.xpm\\");\\n", str_len=str_len@entry=42, retval_ptr=retval_ptr@entry=0x0, \r\n string_name=string_name@entry=0x7f00a1a0cbdf "php shell code") at /usr/src/debug/php-5.4.17/Zend/zend_execute_API.c:1197\r\n#6 0x00007f00a181fcdf in readline_shell_run () at /usr/src/debug/php-5.4.17/ext/readline/readline_cli.c:664\r\n#7 0x00007f00a19e78c4 in do_cli (argc=2, argv=0x7ffff35fc268) at /usr/src/debug/php-5.4.17/sapi/cli/php_cli.c:986\r\n#8 0x00007f00a179ea9a in main (argc=2, argv=0x7ffff35fc268) at /usr/src/debug/php-5.4.17/sapi/cli/php_cli.c:1364\n ", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-61811"}, {"lastseen": "2017-11-19T17:30:01", "bulletinFamily": "exploit", "description": "CVE ID: CVE-2014-2497\r\n\r\nPHP\u662f\u4e00\u79cdHTML\u5185\u5d4c\u5f0f\u7684\u8bed\u8a00\u3002\r\n\r\nPHP 5.4.26\u30015.5.10\u7248\u672c\u5728 "gdImageCreateFromXpm()" \u51fd\u6570 (ext/gd/libgd/gdxpm.c)\u7684\u5b9e\u73b0\u4e0a\u5b58\u5728\u7a7a\u6307\u9488\u95f4\u63a5\u5f15\u7528\u9519\u8bef\uff0c\u653b\u51fb\u8005\u901a\u8fc7\u7279\u5236\u7684XPM\u6587\u4ef6\uff0c\u5229\u7528\u6b64\u6f0f\u6d1e\u53ef\u9020\u6210\u5d29\u6e83\u3002\n0\nPHP PHP 5.5.10\r\nPHP PHP 5.4.26\n\u76ee\u524d\u5382\u5546\u8fd8\u6ca1\u6709\u63d0\u4f9b\u8865\u4e01\u6216\u8005\u5347\u7ea7\u7a0b\u5e8f\uff0c\u6211\u4eec\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u7684\u4e3b\u9875\u4ee5\u83b7\u53d6\u6700\u65b0\u7248\u672c\uff1a\r\n\r\nhttp://www.php.net/downloads.php\r\nhttps://bugs.php.net/bug.php?id=66901", "modified": "2014-03-19T00:00:00", "published": "2014-03-19T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61842", "id": "SSV:61842", "title": "PHP "gdImageCreateFromXpm()"\u7a7a\u6307\u9488\u95f4\u63a5\u5f15\u7528\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": ""}], "securityvulns": [{"lastseen": "2018-08-31T11:10:52", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2014:133\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : gd\r\n Date : July 10, 2014\r\n Affected: Business Server 1.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Updated gd and libgd packages fix security vulnerability:\r\n \r\n The gdImageCreateFromXpm function in gdxpm.c in the gd image library\r\n allows remote attackers to cause a denial of service (NULL pointer\r\n dereference and application crash) via a crafted color table in an\r\n XPM file (CVE-2014-2497).\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2497\r\n http://advisories.mageia.org/MGASA-2014-0288.html\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 1/X86_64:\r\n 133d72d12a278f494662878dd8b8fafb mbs1/x86_64/gd-utils-2.0.35-19.1.mbs1.x86_64.rpm\r\n 91c8a7f9053c2c335ea49bbb30bb21fc mbs1/x86_64/lib64gd2-2.0.35-19.1.mbs1.x86_64.rpm\r\n 3422b3f8b50dc626be29096304662d56 mbs1/x86_64/lib64gd-devel-2.0.35-19.1.mbs1.x86_64.rpm\r\n 09b1c9c6e62fc636173aafac4a36f7b6 mbs1/x86_64/lib64gd-static-devel-2.0.35-19.1.mbs1.x86_64.rpm \r\n 7afba6bce1ba80c873bbe2df3bf89862 mbs1/SRPMS/gd-2.0.35-19.1.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niD8DBQFTvkGgmqjQ0CJFipgRAvdqAKClI1iC86cjSTomQLFg54I7hA4YQgCePUiG\r\njNHFELZmnm3bDXG5HDNFcUk=\r\n=jsQo\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2014-07-22T00:00:00", "published": "2014-07-22T00:00:00", "id": "SECURITYVULNS:DOC:30948", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30948", "title": "[ MDVSA-2014:133 ] gd", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:58", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-3215-1 security@debian.org\r\nhttp://www.debian.org/security/ Alessandro Ghedini \r\nApril 06, 2015 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : libgd2\r\nCVE ID : CVE-2014-2497 CVE-2014-9709\r\nDebian Bug : 744719\r\n\r\nMultiple vulnerabilities were discovered in libgd2, a graphics library:\r\n\r\nCVE-2014-2497\r\n\r\n The gdImageCreateFromXpm() function would try to dereference a NULL\r\n pointer when reading an XPM file with a special color table. This\r\n could allow remote attackers to cause a denial of service (crash) via\r\n crafted XPM files.\r\n\r\nCVE-2014-9709\r\n\r\n Importing an invalid GIF file using the gdImageCreateFromGif() function\r\n would cause a read buffer overflow that could allow remote attackers to\r\n cause a denial of service (crash) via crafted GIF files.\r\n\r\nFor the stable distribution (wheezy), these problems have been fixed in\r\nversion 2.0.36~rc1~dfsg-6.1+deb7u1.\r\n\r\nFor the upcoming stable distribution (jessie), these problems have been\r\nfixed in version 2.1.0-5.\r\n\r\nFor the unstable distribution (sid), these problems have been fixed in\r\nversion 2.1.0-5.\r\n\r\nWe recommend that you upgrade your libgd2 packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: https://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQIcBAEBCgAGBQJVItElAAoJEAVMuPMTQ89EHlYQAJZNN6UmWnKm3aXtFofBAAuY\r\nnKf/oh8wHtyfuGNtTd9/u9II3FSP6Nv9n8eLiwJJeNluVEfXas28P4+8MNXsr/Hz\r\n5VJPclhOUyU+r1DwtmIuFG1WlBhp8wYd/42OvRFm8N6AI0Qm8uibfMcszSmUdf/d\r\nHyu8tpPpIY6dC++4nAh5yoYwatnk04B5us9CBoyEXTNEpc9JUL2ZtJGn0/HGgT6t\r\nly3/Da6c6GZQm+7XOgLnZVvKLZ53KafTPWB3VimEfcCS2YFoaR8GyP8AM1G11QRQ\r\n9xPMNUCYECMrLs2HRBFQAP1/vBi/TOgwTe7Xaf2xZXPWQKpsHFi6iX/uLQLqJ5T/\r\n9nN95AiKIiapHjscEY6qkJFOewCkSJ5FEWXsKOhr++uyY5iV+6ouia+UK/cPmZvY\r\nfGd7pWym2KbffeyeUD3ZDhTkq0cKAoLp/Dvg6K+ld5THQD0sjtjHDY+u7IgzcwiS\r\nfp+Ge8zr7hkSFUWs3iD3Tmclbqm81OafD8THdmA3bGwHfdbodlTOrnxhuHnP3xut\r\nHUzCaosz+o54TI0Ut9317qk2ORki4WJZJM16JMPSRc+54iSR3bSi0A1M85iD3zvh\r\n9OgAQjNFkjkmbyy1x3Ug5cK/A6go9II0+RpzCHzN3wvBDaC4ncylIAXeZqbLnCHq\r\n44liL++Xwgg4YFq1KExk\r\n=HyfC\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2015-04-07T00:00:00", "published": "2015-04-07T00:00:00", "id": "SECURITYVULNS:DOC:31876", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31876", "title": "[SECURITY] [DSA 3215-1] libgd2 security update", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:59", "bulletinFamily": "software", "description": "Buffer overflow, NULL pointer dereference.", "modified": "2015-04-07T00:00:00", "published": "2015-04-07T00:00:00", "id": "SECURITYVULNS:VULN:14349", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14349", "title": "libgd / PHP security vulnerabilities", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:58", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004\r\n\r\nOS X Yosemite 10.10.3 and Security Update 2015-004 are now available\r\nand address the following:\r\n\r\nAdmin Framework\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: A process may gain admin privileges without properly\r\nauthenticating\r\nDescription: An issue existed when checking XPC entitlements. This\r\nissue was addressed with improved entitlement checking.\r\nCVE-ID\r\nCVE-2015-1130 : Emil Kvarnhammar at TrueSec\r\n\r\napache\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: Multiple vulnerabilities in Apache\r\nDescription: Multiple vulnerabilities existed in Apache versions\r\nprior to 2.4.10 and 2.2.29, including one that may allow a remote\r\nattacker to execute arbitrary code. These issues were addressed by\r\nupdating Apache to versions 2.4.10 and 2.2.29\r\nCVE-ID\r\nCVE-2013-0118\r\nCVE-2013-5704\r\nCVE-2013-6438\r\nCVE-2014-0098\r\nCVE-2014-0117\r\nCVE-2014-0118\r\nCVE-2014-0226\r\nCVE-2014-0231\r\nCVE-2014-3523\r\n\r\nATS\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: Multiple input validation issues existed in fontd.\r\nThese issues were addressed through improved input validation.\r\nCVE-ID\r\nCVE-2015-1131 : Ian Beer of Google Project Zero\r\nCVE-2015-1132 : Ian Beer of Google Project Zero\r\nCVE-2015-1133 : Ian Beer of Google Project Zero\r\nCVE-2015-1134 : Ian Beer of Google Project Zero\r\nCVE-2015-1135 : Ian Beer of Google Project Zero\r\n\r\nCertificate Trust Policy\r\nImpact: Update to the certificate trust policy\r\nDescription: The certificate trust policy was updated. The complete\r\nlist of certificates may be viewed at https://support.apple.com/en-\r\nus/HT202858.\r\n\r\nCFNetwork HTTPProtocol\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: Cookies belonging to one origin may be sent to another\r\norigin\r\nDescription: A cross-domain cookie issue existed in redirect\r\nhandling. Cookies set in a redirect response could be passed on to a\r\nredirect target belonging to another origin. The issue was address\r\nthrough improved handling of redirects.\r\nCVE-ID\r\nCVE-2015-1089 : Niklas Keller\r\n\r\nCFNetwork Session\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: Authentication credentials may be sent to a server on\r\nanother origin\r\nDescription: A cross-domain HTTP request headers issue existed in\r\nredirect handling. HTTP request headers sent in a redirect response\r\ncould be passed on to another origin. The issue was addressed through\r\nimproved handling of redirects.\r\nCVE-ID\r\nCVE-2015-1091 : Diego Torres (http://dtorres.me)\r\n\r\nCFURL\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: Visiting a maliciously crafted website may lead to arbitrary\r\ncode execution\r\nDescription: An input validation issue existed within URL\r\nprocessing. This issue was addressed through improved URL validation.\r\nCVE-ID\r\nCVE-2015-1088 : Luigi Galli\r\n\r\nCoreAnimation\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: Visiting a maliciously crafted website may lead to arbitrary\r\ncode execution\r\nDescription: A use-after-free issue existed in CoreAnimation. This\r\nissue was addressed through improved mutex management.\r\nCVE-ID\r\nCVE-2015-1136 : Apple\r\n\r\nFontParser\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: Processing a maliciously crafted font file may lead to\r\narbitrary code execution\r\nDescription: Multiple memory corruption issues existed in the\r\nprocessing of font files. These issues were addressed through\r\nimproved bounds checking.\r\nCVE-ID\r\nCVE-2015-1093 : Marc Schoenefeld\r\n\r\nGraphics Driver\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A NULL pointer dereference existed in NVIDIA graphics\r\ndriver's handling of certain IOService userclient types. This issue\r\nwas addressed through additional context validation.\r\nCVE-ID\r\nCVE-2015-1137 :\r\nFrank Graziano and John Villamil of the Yahoo Pentest Team\r\n\r\nHypervisor\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: A local application may be able to cause a denial of service\r\nDescription: An input validation issue existed in the hypervisor\r\nframework. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-1138 : Izik Eidus and Alex Fishman\r\n\r\nImageIO\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: Processing a maliciously crafted .sgi file may lead to\r\narbitrary code execution\r\nDescription: A memory corruption issue existed in the handling of\r\n.sgi files. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2015-1139 : Apple\r\n\r\nIOHIDFamily\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: A malicious HID device may be able to cause arbitrary code\r\nexecution\r\nDescription: A memory corruption issue existed in an IOHIDFamily\r\nAPI. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-1095 : Andrew Church\r\n\r\nIOHIDFamily\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A buffer overflow issue existed in IOHIDFamily. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-1140 : lokihardt@ASRT working with HP's Zero Day Initiative,\r\nLuca Todesco\r\n\r\nIOHIDFamily\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: A local user may be able to determine kernel memory layout\r\nDescription: An issue existed in IOHIDFamily that led to the\r\ndisclosure of kernel memory content. This issue was addressed through\r\nimproved bounds checking.\r\nCVE-ID\r\nCVE-2015-1096 : Ilja van Sprundel of IOActive\r\n\r\nIOHIDFamily\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A heap buffer overflow existed in IOHIDFamily's\r\nhandling of key-mapping properties. This issue was addressed through\r\nimproved bounds checking.\r\nCVE-ID\r\nCVE-2014-4404 : Ian Beer of Google Project Zero\r\n\r\nIOHIDFamily\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A null pointer dereference existed in IOHIDFamily's\r\nhandling of key-mapping properties. This issue was addressed through\r\nimproved validation of IOHIDFamily key-mapping properties.\r\nCVE-ID\r\nCVE-2014-4405 : Ian Beer of Google Project Zero\r\n\r\nIOHIDFamily\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\r\nImpact: A user may be able to execute arbitrary code with system\r\nprivileges\r\nDescription: An out-of-bounds write issue exited in the IOHIDFamily\r\ndriver. The issue was addressed through improved input validation.\r\nCVE-ID\r\nCVE-2014-4380 : cunzhang from Adlab of Venustech\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: A local user may be able to cause unexpected system shutdown\r\nDescription: An issue existed in the handling of virtual memory\r\noperations within the kernel. The issue is fixed through improved\r\nhandling of the mach_vm_read operation.\r\nCVE-ID\r\nCVE-2015-1141 : Ole Andre Vadla Ravnas of www.frida.re\r\n\r\nKernel\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: A local user may be able to cause a system denial of service\r\nDescription: A race condition existed in the kernel's setreuid\r\nsystem call. This issue was addressed through improved state\r\nmanagement.\r\nCVE-ID\r\nCVE-2015-1099 : Mark Mentovai of Google Inc.\r\n\r\nKernel\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: A local application may escalate privileges using a\r\ncompromised service intended to run with reduced privileges\r\nDescription: setreuid and setregid system calls failed to drop\r\nprivileges permanently. This issue was addressed by correctly\r\ndropping privileges.\r\nCVE-ID\r\nCVE-2015-1117 : Mark Mentovai of Google Inc.\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: An attacker with a privileged network position may be able\r\nto redirect user traffic to arbitrary hosts\r\nDescription: ICMP redirects were enabled by default on OS X. This\r\nissue was addressed by disabling ICMP redirects.\r\nCVE-ID\r\nCVE-2015-1103 : Zimperium Mobile Security Labs\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: An attacker with a privileged network position may be able\r\nto cause a denial of service\r\nDescription: A state inconsistency existed in the processing of TCP\r\nheaders. This issue was addressed through improved state handling.\r\nCVE-ID\r\nCVE-2015-1102 : Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab\r\n\r\nKernel\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: A local user may be able to cause unexpected system\r\ntermination or read kernel memory\r\nDescription: A out of bounds memory access issue existed in the\r\nkernel. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-1100 : Maxime Villard of m00nbsd\r\n\r\nKernel\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: A remote attacker may be able to bypass network filters\r\nDescription: The system would treat some IPv6 packets from remote\r\nnetwork interfaces as local packets. The issue was addressed by\r\nrejecting these packets.\r\nCVE-ID\r\nCVE-2015-1104 : Stephen Roettger of the Google Security Team\r\n\r\nKernel\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: A local user may be able to execute arbitrary code with\r\nkernel privileges\r\nDescription: A memory corruption issue existed in the kernel. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-1101 : lokihardt@ASRT working with HP's Zero Day Initiative\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: A remote attacker may be able to cause a denial of service\r\nDescription: A state inconsistency issue existed in the handling of\r\nTCP out of band data. This issue was addressed through improved state\r\nmanagement.\r\nCVE-ID\r\nCVE-2015-1105 : Kenton Varda of Sandstorm.io\r\n\r\nLaunchServices\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: A local user may be able to cause the Finder to crash\r\nDescription: An input validation issue existed in LaunchServices's\r\nhandling of application localization data. This issue was addressed\r\nthrough improved validation of localization data.\r\nCVE-ID\r\nCVE-2015-1142\r\n\r\nLaunchServices\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A type confusion issue existed in LaunchServices's\r\nhandling of localized strings. This issue was addressed through\r\nadditional bounds checking.\r\nCVE-ID\r\nCVE-2015-1143 : Apple\r\n\r\nlibnetcore\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: Processing a maliciously crafted configuration profile may\r\nlead to unexpected application termination\r\nDescription: A memory corruption issue existed in the handling of\r\nconfiguration profiles. This issue was addressed through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2015-1118 : Zhaofeng Chen, Hui Xue, Yulong Zhang, and Tao Wei of\r\nFireEye, Inc.\r\n\r\nntp\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: A remote attacker may brute force ntpd authentication keys\r\nDescription: The config_auth function in ntpd generated a weak key\r\nwhen an authentication key was not configured. This issue was\r\naddressed by improved key generation.\r\nCVE-ID\r\nCVE-2014-9298\r\n\r\nOpenLDAP\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: A remote unauthenticated client may be able to cause a\r\ndenial of service\r\nDescription: Multiple input validation issues existed in OpenLDAP.\r\nThese issues were addressed by improved input validation.\r\nCVE-ID\r\nCVE-2015-1545 : Ryan Tandy\r\nCVE-2015-1546 : Ryan Tandy\r\n\r\nOpenSSL\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: Multiple vulnerabilities in OpenSSL\r\nDescription: Multiple vulnerabilities existed in OpenSSL 0.9.8zc,\r\nincluding one that may allow an attacker to intercept connections to\r\na server that supports export-grade ciphers. These issues were\r\naddressed by updating OpenSSL to version 0.9.8zd.\r\nCVE-ID\r\nCVE-2014-3569\r\nCVE-2014-3570\r\nCVE-2014-3571\r\nCVE-2014-3572\r\nCVE-2014-8275\r\nCVE-2015-0204\r\n\r\nOpen Directory Client\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: A password might be sent unencrypted over the network when\r\nusing Open Directory from OS X Server\r\nDescription: If an Open Directory client was bound to an OS X Server\r\nbut did not install the certificates of the OS X Server, and then a\r\nuser on that client changed their password, the password change\r\nrequest was sent over the network without encryption. This issue was\r\naddressed by having the client require encryption for this case.\r\nCVE-ID\r\nCVE-2015-1147 : Apple\r\n\r\nPHP\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: Multiple vulnerabilities in PHP\r\nDescription: Multiple vulnerabilities existed in PHP versions prior\r\nto 5.3.29, 5.4.38, and 5.5.20, including one which may have led to\r\narbitrary code execution. This update addresses the issues by\r\nupdating PHP to versions 5.3.29, 5.4.38, and 5.5.20.\r\nCVE-ID\r\nCVE-2013-6712\r\nCVE-2014-0207\r\nCVE-2014-0237\r\nCVE-2014-0238\r\nCVE-2014-2497\r\nCVE-2014-3478\r\nCVE-2014-3479\r\nCVE-2014-3480\r\nCVE-2014-3487\r\nCVE-2014-3538\r\nCVE-2014-3587\r\nCVE-2014-3597\r\nCVE-2014-3668\r\nCVE-2014-3669\r\nCVE-2014-3670\r\nCVE-2014-3710\r\nCVE-2014-3981\r\nCVE-2014-4049\r\nCVE-2014-4670\r\nCVE-2014-4698\r\nCVE-2014-5120\r\n\r\nQuickLook\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: Opening a maliciously crafted iWork file may lead to\r\narbitrary code execution\r\nDescription: A memory corruption issue existed in the handling of\r\niWork files. This issue was addressed through improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-1098 : Christopher Hickstein\r\n\r\nSceneKit\r\nAvailable for: OS X Mountain Lion v10.8.5\r\nImpact: Viewing a maliciously crafted Collada file may lead to\r\narbitrary code execution\r\nDescription: A heap buffer overflow existed in SceneKit's handling\r\nof Collada files. Viewing a maliciously crafted Collada file may have\r\nled to arbitrary code execution. This issue was addressed through\r\nimproved validation of accessor elements.\r\nCVE-ID\r\nCVE-2014-8830 : Jose Duart of Google Security Team\r\n\r\nScreen Sharing\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: A user's password may be logged to a local file\r\nDescription: In some circumstances, Screen Sharing may log a user's\r\npassword that is not readable by other users on the system. This\r\nissue was addressed by removing logging of credential.\r\nCVE-ID\r\nCVE-2015-1148 : Apple\r\n\r\nSecurity - Code Signing\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: Tampered applications may not be prevented from launching\r\nDescription: Applications containing specially crafted bundles may\r\nhave been able to launch without a completely valid signature. This\r\nissue was addressed by adding additional checks.\r\nCVE-ID\r\nCVE-2015-1145\r\nCVE-2015-1146\r\n\r\nUniformTypeIdentifiers\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.2\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A buffer overflow existed in the way Uniform Type\r\nIdentifiers were handled. This issue was addressed with improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2015-1144 : Apple\r\n\r\nWebKit\r\nAvailable for: OS X Yosemite v10.10 to v10.10.2\r\nImpact: Visiting a maliciously crafted website may lead to arbitrary\r\ncode execution\r\nDescription: A memory corruption issue existed in WebKit. This\r\nissues was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-1069 : lokihardt@ASRT working with HP's Zero Day Initiative\r\n\r\nSecurity Update 2015-004 (available for OS X Mountain Lion v10.8.5\r\nand OS X Mavericks v10.9.5) also addresses an issue caused by the fix\r\nfor CVE-2015-1067 in Security Update 2015-002. This issue prevented\r\nRemote Apple Events clients on any version from connecting to the\r\nRemote Apple Events server. In default configurations, Remote Apple\r\nEvents is not enabled.\r\n\r\nOS X Yosemite 10.10.3 includes the security content of Safari 8.0.5.\r\nhttps://support.apple.com/en-us/HT204658\r\n\r\nOS X Yosemite 10.10.3 and Security Update 2015-004 may be obtained\r\nfrom the Mac App Store or Apple's Software Downloads web site:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBAgAGBQJVJKj2AAoJEBcWfLTuOo7tDh4QAK0LxfwMRKcdOXOKpXsRz6lg\r\nlhZ+CLVcSepq8qBkFQ74f3B5CuhxD0IGQPaAuSXl51tWYdfN+92tkbmyZ9k8901l\r\n+I0vw6upeE+oqRnGtSRzq68UhcARbdV8V1+C0Xl3IIuuHc+xlEgvklDhF9Pc8XM6\r\nDudGiVNqt6MOqd5Oc4s4FFF0nnpnyG9+UJem3mi4Ee88PwI4x1Hev7utPPmaPDzj\r\ncjkVeislko3QArNJxtBpkYudErA4eR5OX8Tdf12jAmPTtjrXUb3VigEf78Nna0RW\r\nkHTOGdB5EZ+YFZ8KlyIQlENBjTtI8CGdCF4/S/2xDN83NTRsimd5Y7LSjdd0uANo\r\npqxAc3Gzn5xngWF1Qbb6V+XZBfz5NoeTq5BXBB5OHz4PSGaQuMsBA2RYFMzNLqWv\r\nD/T5U1JtzRLALt0lYAz63B0OhW7KXeLI9oer1Vo4wWF9O9cUFyuSI4JU5uYLQpJX\r\nkEpSFt4YPFFxMnlzCLzLkmVGax4w9M/tRHYeSKAnRlnsoPBtIGFItlNZE2RduD/R\r\n5n2APoJa3banQ8miycGORYP3WsktDRZzBy+2QPWuz8sE3AvAkO9xWp8PrQBkqf/b\r\n6CIG5UkCYITG2uzBXqnGbfDiEDvBLNN1Yq0ZZI23iYRxrdW0I0pv1CHio354q12G\r\nvVE37tYUU4PnLfwlcazq\r\n=MOsT\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2015-04-09T00:00:00", "published": "2015-04-09T00:00:00", "id": "SECURITYVULNS:DOC:31890", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31890", "title": "APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:59", "bulletinFamily": "software", "description": "80 different vulnerabilities.", "modified": "2015-04-13T00:00:00", "published": "2015-04-13T00:00:00", "id": "SECURITYVULNS:VULN:14366", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14366", "title": "Apple Mac OS X multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-09-01T23:52:06", "bulletinFamily": "scanner", "description": "Check the version of gd", "modified": "2017-07-10T00:00:00", "published": "2015-01-19T00:00:00", "id": "OPENVAS:1361412562310868935", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868935", "title": "Fedora Update for gd FEDORA-2015-0432", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gd FEDORA-2015-0432\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868935\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-19 05:50:15 +0100 (Mon, 19 Jan 2015)\");\n script_cve_id(\"CVE-2014-2497\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for gd FEDORA-2015-0432\");\n script_tag(name: \"summary\", value: \"Check the version of gd\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"The gd graphics library allows your code\nto quickly draw images complete with lines, arcs, text, multiple colors, cut and\npaste from other images, and flood fills, and to write out the result as a PNG or\nJPEG file. This is particularly useful in Web applications, where PNG and JPEG\nare two of the formats accepted for inline images by most browsers. Note that gd\nis not a paint program.\");\n script_tag(name: \"affected\", value: \"gd on Fedora 21\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-0432\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-January/148320.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"gd\", rpm:\"gd~2.1.0~8.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:53:43", "bulletinFamily": "scanner", "description": "Check for the Version of gd", "modified": "2018-04-06T00:00:00", "published": "2014-08-15T00:00:00", "id": "OPENVAS:1361412562310868090", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868090", "title": "Fedora Update for gd FEDORA-2014-8458", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gd FEDORA-2014-8458\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868090\");\n script_version(\"$Revision: 9373 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:57:18 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-15 05:56:01 +0200 (Fri, 15 Aug 2014)\");\n script_cve_id(\"CVE-2014-2497\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for gd FEDORA-2014-8458\");\n\n tag_insight = \"The gd graphics library allows your code to quickly draw images\ncomplete with lines, arcs, text, multiple colors, cut and paste from\nother images, and flood fills, and to write out the result as a PNG or\nJPEG file. This is particularly useful in Web applications, where PNG\nand JPEG are two of the formats accepted for inline images by most\nbrowsers. Note that gd is not a paint program.\n\";\n\n tag_affected = \"gd on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-8458\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-August/136491.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of gd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"gd\", rpm:\"gd~2.1.0~6.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:52:36", "bulletinFamily": "scanner", "description": "Check the version of gd", "modified": "2017-07-10T00:00:00", "published": "2015-01-21T00:00:00", "id": "OPENVAS:1361412562310868938", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868938", "title": "Fedora Update for gd FEDORA-2015-0503", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gd FEDORA-2015-0503\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868938\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-21 05:46:40 +0100 (Wed, 21 Jan 2015)\");\n script_cve_id(\"CVE-2014-2497\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for gd FEDORA-2015-0503\");\n script_tag(name: \"summary\", value: \"Check the version of gd\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"The gd graphics library allows your code\nto quickly draw images complete with lines, arcs, text, multiple colors, cut and\npaste from other images, and flood fills, and to write out the result as a PNG or\nJPEG file. This is particularly useful in Web applications, where PNG and JPEG\nare two of the formats accepted for inline images by most browsers. Note that gd\nis not a paint program.\");\n script_tag(name: \"affected\", value: \"gd on Fedora 20\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-0503\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-January/148352.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"gd\", rpm:\"gd~2.1.0~8.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-22T16:40:37", "bulletinFamily": "scanner", "description": "This host is installed with PHP and is prone to denial of service\n vulnerability.", "modified": "2018-10-12T00:00:00", "published": "2014-05-09T00:00:00", "id": "OPENVAS:1361412562310804292", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804292", "title": "PHP 'LibGD' Denial of Service Vulnerability", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_libgd_dos_vuln.nasl 11867 2018-10-12 10:48:11Z cfischer $\n#\n# PHP 'LibGD' Denial of Service Vulnerability\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804292\");\n script_version(\"$Revision: 11867 $\");\n script_cve_id(\"CVE-2014-2497\");\n script_bugtraq_id(66233);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 12:48:11 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-09 14:18:22 +0530 (Fri, 09 May 2014)\");\n script_name(\"PHP 'LibGD' Denial of Service Vulnerability\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PHP and is prone to denial of service\n vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to a NULL pointer dereference error in 'gdImageCreateFromXpm'\n function within LibGD.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to conduct denial of\n service attacks.\");\n\n script_tag(name:\"affected\", value:\"PHP version 5.x through 5.4.26 and probably other versions.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to PHP version 5.4.32 or 5.5.16 or 5.6.0 or later.\");\n\n script_xref(name:\"URL\", value:\"https://bugs.php.net/bug.php?id=66901\");\n\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_php_detect.nasl\");\n script_mandatory_keys(\"php/installed\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://php.net\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( phpPort = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! phpVer = get_app_version( cpe:CPE, port:phpPort ) ) exit( 0 );\n\nif(version_in_range(version:phpVer, test_version:\"5.0.0\", test_version2:\"5.4.26\")){\n report = report_fixed_ver(installed_version:phpVer, fixed_version:\"5.4.32/5.5.16/5.6.0\");\n security_message(data:report, port:phpPort);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:52:56", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities were\ndiscovered in libgd2, a graphics library:\n\nCVE-2014-2497 \nThe gdImageCreateFromXpm() function would try to dereference a NULL\npointer when reading an XPM file with a special color table. This\ncould allow remote attackers to cause a denial of service (crash) via\ncrafted XPM files.\n\nCVE-2014-9709 \nImporting an invalid GIF file using the gdImageCreateFromGif() function\nwould cause a read buffer overflow that could allow remote attackers to\ncause a denial of service (crash) via crafted GIF files.", "modified": "2017-07-07T00:00:00", "published": "2015-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703215", "id": "OPENVAS:703215", "title": "Debian Security Advisory DSA 3215-1 (libgd2 - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3215.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3215-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703215);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2014-2497\", \"CVE-2014-9709\");\n script_name(\"Debian Security Advisory DSA 3215-1 (libgd2 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-04-06 00:00:00 +0200 (Mon, 06 Apr 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3215.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"libgd2 on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthese problems have been fixed in version 2.0.36~rc1~dfsg-6.1+deb7u1.\n\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 2.1.0-5.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.1.0-5.\n\nWe recommend that you upgrade your libgd2 packages.\");\n script_tag(name: \"summary\", value: \"Multiple vulnerabilities were\ndiscovered in libgd2, a graphics library:\n\nCVE-2014-2497 \nThe gdImageCreateFromXpm() function would try to dereference a NULL\npointer when reading an XPM file with a special color table. This\ncould allow remote attackers to cause a denial of service (crash) via\ncrafted XPM files.\n\nCVE-2014-9709 \nImporting an invalid GIF file using the gdImageCreateFromGif() function\nwould cause a read buffer overflow that could allow remote attackers to\ncause a denial of service (crash) via crafted GIF files.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed\nsoftware version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libgd-tools\", ver:\"2.0.36~rc1~dfsg-6.1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgd2-noxpm:amd64\", ver:\"2.0.36~rc1~dfsg-6.1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgd2-noxpm:i386\", ver:\"2.0.36~rc1~dfsg-6.1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgd2-noxpm-dev:amd64\", ver:\"2.0.36~rc1~dfsg-6.1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgd2-noxpm-dev:i386\", ver:\"2.0.36~rc1~dfsg-6.1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgd2-xpm:amd64\", ver:\"2.0.36~rc1~dfsg-6.1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgd2-xpm:i386\", ver:\"2.0.36~rc1~dfsg-6.1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgd2-xpm-dev:amd64\", ver:\"2.0.36~rc1~dfsg-6.1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgd2-xpm-dev:i386\", ver:\"2.0.36~rc1~dfsg-6.1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:50:24", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities were\ndiscovered in libgd2, a graphics library:\n\nCVE-2014-2497 \nThe gdImageCreateFromXpm() function would try to dereference a NULL\npointer when reading an XPM file with a special color table. This\ncould allow remote attackers to cause a denial of service (crash) via\ncrafted XPM files.\n\nCVE-2014-9709 \nImporting an invalid GIF file using the gdImageCreateFromGif() function\nwould cause a read buffer overflow that could allow remote attackers to\ncause a denial of service (crash) via crafted GIF files.", "modified": "2018-04-06T00:00:00", "published": "2015-04-06T00:00:00", "id": "OPENVAS:1361412562310703215", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703215", "title": "Debian Security Advisory DSA 3215-1 (libgd2 - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3215.nasl 9355 2018-04-06 07:16:07Z cfischer $\n# Auto-generated from advisory DSA 3215-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703215\");\n script_version(\"$Revision: 9355 $\");\n script_cve_id(\"CVE-2014-2497\", \"CVE-2014-9709\");\n script_name(\"Debian Security Advisory DSA 3215-1 (libgd2 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2018-04-06 09:16:07 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value: \"2015-04-06 00:00:00 +0200 (Mon, 06 Apr 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3215.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"libgd2 on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthese problems have been fixed in version 2.0.36~rc1~dfsg-6.1+deb7u1.\n\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 2.1.0-5.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.1.0-5.\n\nWe recommend that you upgrade your libgd2 packages.\");\n script_tag(name: \"summary\", value: \"Multiple vulnerabilities were\ndiscovered in libgd2, a graphics library:\n\nCVE-2014-2497 \nThe gdImageCreateFromXpm() function would try to dereference a NULL\npointer when reading an XPM file with a special color table. This\ncould allow remote attackers to cause a denial of service (crash) via\ncrafted XPM files.\n\nCVE-2014-9709 \nImporting an invalid GIF file using the gdImageCreateFromGif() function\nwould cause a read buffer overflow that could allow remote attackers to\ncause a denial of service (crash) via crafted GIF files.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed\nsoftware version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libgd-tools\", ver:\"2.0.36~rc1~dfsg-6.1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgd2-noxpm:amd64\", ver:\"2.0.36~rc1~dfsg-6.1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgd2-noxpm:i386\", ver:\"2.0.36~rc1~dfsg-6.1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgd2-noxpm-dev:amd64\", ver:\"2.0.36~rc1~dfsg-6.1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgd2-noxpm-dev:i386\", ver:\"2.0.36~rc1~dfsg-6.1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgd2-xpm:amd64\", ver:\"2.0.36~rc1~dfsg-6.1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgd2-xpm:i386\", ver:\"2.0.36~rc1~dfsg-6.1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgd2-xpm-dev:amd64\", ver:\"2.0.36~rc1~dfsg-6.1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgd2-xpm-dev:i386\", ver:\"2.0.36~rc1~dfsg-6.1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-11-19T13:02:42", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2015-10-16T00:00:00", "id": "OPENVAS:1361412562310851079", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851079", "title": "SuSE Update for PHP5 SUSE-SU-2014:0868-1 (PHP5)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2014_0868_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for PHP5 SUSE-SU-2014:0868-1 (PHP5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851079\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 19:38:19 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2014-2497\", \"CVE-2014-4049\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for PHP5 SUSE-SU-2014:0868-1 (PHP5)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'PHP5'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"PHP5 has been updated to fix two security vulnerabilities:\n\n * Heap-based buffer overflow in DNS TXT record parsing (CVE-2014-4049)\n\n * NULL pointer dereference in GD XPM decoder (CVE-2014-2497)\");\n\n script_tag(name:\"affected\", value:\"PHP5 on SUSE Linux Enterprise Server 11 SP2 LTSS\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"SUSE-SU\", value:\"2014:0868_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLES11\\.0SP2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"SLES11.0SP2\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache2-mod_php5\", rpm:\"apache2-mod_php5~5.2.14~0.7.30.54.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5\", rpm:\"php5~5.2.14~0.7.30.54.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-bcmath\", rpm:\"php5-bcmath~5.2.14~0.7.30.54.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-bz2\", rpm:\"php5-bz2~5.2.14~0.7.30.54.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-calendar\", rpm:\"php5-calendar~5.2.14~0.7.30.54.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-ctype\", rpm:\"php5-ctype~5.2.14~0.7.30.54.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-curl\", rpm:\"php5-curl~5.2.14~0.7.30.54.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-dba\", rpm:\"php5-dba~5.2.14~0.7.30.54.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-dbase\", rpm:\"php5-dbase~5.2.14~0.7.30.54.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-dom\", rpm:\"php5-dom~5.2.14~0.7.30.54.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-exif\", rpm:\"php5-exif~5.2.14~0.7.30.54.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-fastcgi\", rpm:\"php5-fastcgi~5.2.14~0.7.30.54.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-ftp\", rpm:\"php5-ftp~5.2.14~0.7.30.54.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-gd\", rpm:\"php5-gd~5.2.14~0.7.30.54.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-gettext\", rpm:\"php5-gettext~5.2.14~0.7.30.54.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-gmp\", rpm:\"php5-gmp~5.2.14~0.7.30.54.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-hash\", rpm:\"php5-hash~5.2.14~0.7.30.54.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-iconv\", rpm:\"php5-iconv~5.2.14~0.7.30.54.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-json\", rpm:\"php5-json~5.2.14~0.7.30.54.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-ldap\", rpm:\"php5-ldap~5.2.14~0.7.30.54.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-mbstring\", rpm:\"php5-mbstring~5.2.14~0.7.30.54.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-mcrypt\", rpm:\"php5-mcrypt~5.2.14~0.7.30.54.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-mysql\", rpm:\"php5-mysql~5.2.14~0.7.30.54.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-odbc\", rpm:\"php5-odbc~5.2.14~0.7.30.54.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-openssl\", rpm:\"php5-openssl~5.2.14~0.7.30.54.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-pcntl\", rpm:\"php5-pcntl~5.2.14~0.7.30.54.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-pdo\", rpm:\"php5-pdo~5.2.14~0.7.30.54.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-pear\", rpm:\"php5-pear~5.2.14~0.7.30.54.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-pgsql\", rpm:\"php5-pgsql~5.2.14~0.7.30.54.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-pspell\", rpm:\"php5-pspell~5.2.14~0.7.30.54.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-shmop\", rpm:\"php5-shmop~5.2.14~0.7.30.54.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-snmp\", rpm:\"php5-snmp~5.2.14~0.7.30.54.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-soap\", rpm:\"php5-soap~5.2.14~0.7.30.54.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-suhosin\", rpm:\"php5-suhosin~5.2.14~0.7.30.54.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-sysvmsg\", rpm:\"php5-sysvmsg~5.2.14~0.7.30.54.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-sysvsem\", rpm:\"php5-sysvsem~5.2.14~0.7.30.54.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-sysvshm\", rpm:\"php5-sysvshm~5.2.14~0.7.30.54.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-tokenizer\", rpm:\"php5-tokenizer~5.2.14~0.7.30.54.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-wddx\", rpm:\"php5-wddx~5.2.14~0.7.30.54.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-xmlreader\", rpm:\"php5-xmlreader~5.2.14~0.7.30.54.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-xmlrpc\", rpm:\"php5-xmlrpc~5.2.14~0.7.30.54.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-xmlwriter\", rpm:\"php5-xmlwriter~5.2.14~0.7.30.54.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-xsl\", rpm:\"php5-xsl~5.2.14~0.7.30.54.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-zip\", rpm:\"php5-zip~5.2.14~0.7.30.54.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-zlib\", rpm:\"php5-zlib~5.2.14~0.7.30.54.1\", rls:\"SLES11.0SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-28T18:23:50", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2014-1326", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123296", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123296", "title": "Oracle Linux Local Check: ELSA-2014-1326", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-1326.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123296\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:01:54 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-1326\");\n script_tag(name:\"insight\", value:\"ELSA-2014-1326 - php53 and php security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-1326\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-1326.html\");\n script_cve_id(\"CVE-2014-2497\", \"CVE-2014-3587\", \"CVE-2014-3597\", \"CVE-2014-4670\", \"CVE-2014-4698\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"php53\", rpm:\"php53~5.3.3~24.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-bcmath\", rpm:\"php53-bcmath~5.3.3~24.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-cli\", rpm:\"php53-cli~5.3.3~24.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-common\", rpm:\"php53-common~5.3.3~24.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-dba\", rpm:\"php53-dba~5.3.3~24.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-devel\", rpm:\"php53-devel~5.3.3~24.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-gd\", rpm:\"php53-gd~5.3.3~24.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-imap\", rpm:\"php53-imap~5.3.3~24.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-intl\", rpm:\"php53-intl~5.3.3~24.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-ldap\", rpm:\"php53-ldap~5.3.3~24.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-mbstring\", rpm:\"php53-mbstring~5.3.3~24.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-mysql\", rpm:\"php53-mysql~5.3.3~24.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-odbc\", rpm:\"php53-odbc~5.3.3~24.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-pdo\", rpm:\"php53-pdo~5.3.3~24.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-pgsql\", rpm:\"php53-pgsql~5.3.3~24.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-process\", rpm:\"php53-process~5.3.3~24.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-pspell\", rpm:\"php53-pspell~5.3.3~24.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-snmp\", rpm:\"php53-snmp~5.3.3~24.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-soap\", rpm:\"php53-soap~5.3.3~24.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-xml\", rpm:\"php53-xml~5.3.3~24.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php53-xmlrpc\", rpm:\"php53-xmlrpc~5.3.3~24.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.3.3~27.el6_5.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-bcmath\", rpm:\"php-bcmath~5.3.3~27.el6_5.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.3.3~27.el6_5.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.3.3~27.el6_5.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-dba\", rpm:\"php-dba~5.3.3~27.el6_5.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-devel\", rpm:\"php-devel~5.3.3~27.el6_5.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-embedded\", rpm:\"php-embedded~5.3.3~27.el6_5.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-enchant\", rpm:\"php-enchant~5.3.3~27.el6_5.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-fpm\", rpm:\"php-fpm~5.3.3~27.el6_5.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.3.3~27.el6_5.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-imap\", rpm:\"php-imap~5.3.3~27.el6_5.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-intl\", rpm:\"php-intl~5.3.3~27.el6_5.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.3.3~27.el6_5.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-mbstring\", rpm:\"php-mbstring~5.3.3~27.el6_5.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.3.3~27.el6_5.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.3.3~27.el6_5.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.3.3~27.el6_5.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.3.3~27.el6_5.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-process\", rpm:\"php-process~5.3.3~27.el6_5.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-pspell\", rpm:\"php-pspell~5.3.3~27.el6_5.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.3.3~27.el6_5.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-snmp\", rpm:\"php-snmp~5.3.3~27.el6_5.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.3.3~27.el6_5.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-tidy\", rpm:\"php-tidy~5.3.3~27.el6_5.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.3.3~27.el6_5.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.3.3~27.el6_5.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"php-zts\", rpm:\"php-zts~5.3.3~27.el6_5.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-19T13:02:27", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2015-10-13T00:00:00", "id": "OPENVAS:1361412562310850787", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850787", "title": "SuSE Update for php53 SUSE-SU-2014:0869-1 (php53)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2014_0869_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for php53 SUSE-SU-2014:0869-1 (php53)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850787\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-13 18:35:00 +0530 (Tue, 13 Oct 2015)\");\n script_cve_id(\"CVE-2014-0237\", \"CVE-2014-0238\", \"CVE-2014-2497\", \"CVE-2014-4049\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for php53 SUSE-SU-2014:0869-1 (php53)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php53'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"php53 was updated to fix the following security vulnerabilities:\n\n * Heap-based buffer overflow in DNS TXT record parsing. (CVE-2014-4049)\n\n * Denial of service in Fileinfo component. (CVE-2014-0238)\n\n * Performance degradation by too many file_printf calls.\n (CVE-2014-0237)\n\n * NULL pointer dereference in GD XPM decoder. (CVE-2014-2497)\n\n Security Issues references:\n\n * CVE-2014-4049\n\n * CVE-2014-0238\n\n * CVE-2014-0237\n\n * CVE-2014-2497\");\n script_tag(name:\"affected\", value:\"php53 on SUSE Linux Enterprise Server 11 SP3\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"SUSE-SU\", value:\"2014:0869_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLES11\\.0SP3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"SLES11.0SP3\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache2-mod_php53\", rpm:\"apache2-mod_php53~5.3.17~0.23.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53\", rpm:\"php53~5.3.17~0.23.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-bcmath\", rpm:\"php53-bcmath~5.3.17~0.23.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-bz2\", rpm:\"php53-bz2~5.3.17~0.23.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-calendar\", rpm:\"php53-calendar~5.3.17~0.23.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-ctype\", rpm:\"php53-ctype~5.3.17~0.23.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-curl\", rpm:\"php53-curl~5.3.17~0.23.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-dba\", rpm:\"php53-dba~5.3.17~0.23.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-dom\", rpm:\"php53-dom~5.3.17~0.23.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-exif\", rpm:\"php53-exif~5.3.17~0.23.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-fastcgi\", rpm:\"php53-fastcgi~5.3.17~0.23.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-fileinfo\", rpm:\"php53-fileinfo~5.3.17~0.23.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-ftp\", rpm:\"php53-ftp~5.3.17~0.23.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-gd\", rpm:\"php53-gd~5.3.17~0.23.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-gettext\", rpm:\"php53-gettext~5.3.17~0.23.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-gmp\", rpm:\"php53-gmp~5.3.17~0.23.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-iconv\", rpm:\"php53-iconv~5.3.17~0.23.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-intl\", rpm:\"php53-intl~5.3.17~0.23.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-json\", rpm:\"php53-json~5.3.17~0.23.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-ldap\", rpm:\"php53-ldap~5.3.17~0.23.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-mbstring\", rpm:\"php53-mbstring~5.3.17~0.23.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-mcrypt\", rpm:\"php53-mcrypt~5.3.17~0.23.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-mysql\", rpm:\"php53-mysql~5.3.17~0.23.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-odbc\", rpm:\"php53-odbc~5.3.17~0.23.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-openssl\", rpm:\"php53-openssl~5.3.17~0.23.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-pcntl\", rpm:\"php53-pcntl~5.3.17~0.23.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-pdo\", rpm:\"php53-pdo~5.3.17~0.23.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-pear\", rpm:\"php53-pear~5.3.17~0.23.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-pgsql\", rpm:\"php53-pgsql~5.3.17~0.23.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-pspell\", rpm:\"php53-pspell~5.3.17~0.23.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-shmop\", rpm:\"php53-shmop~5.3.17~0.23.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-snmp\", rpm:\"php53-snmp~5.3.17~0.23.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-soap\", rpm:\"php53-soap~5.3.17~0.23.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-suhosin\", rpm:\"php53-suhosin~5.3.17~0.23.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-sysvmsg\", rpm:\"php53-sysvmsg~5.3.17~0.23.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-sysvsem\", rpm:\"php53-sysvsem~5.3.17~0.23.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-sysvshm\", rpm:\"php53-sysvshm~5.3.17~0.23.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-tokenizer\", rpm:\"php53-tokenizer~5.3.17~0.23.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-wddx\", rpm:\"php53-wddx~5.3.17~0.23.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-xmlreader\", rpm:\"php53-xmlreader~5.3.17~0.23.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-xmlrpc\", rpm:\"php53-xmlrpc~5.3.17~0.23.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-xmlwriter\", rpm:\"php53-xmlwriter~5.3.17~0.23.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-xsl\", rpm:\"php53-xsl~5.3.17~0.23.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-zip\", rpm:\"php53-zip~5.3.17~0.23.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php53-zlib\", rpm:\"php53-zlib~5.3.17~0.23.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-19T13:00:07", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2016-06-01T00:00:00", "id": "OPENVAS:1361412562310842778", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842778", "title": "Ubuntu Update for libgd2 USN-2987-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for libgd2 USN-2987-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842778\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-01 05:24:20 +0200 (Wed, 01 Jun 2016)\");\n script_cve_id(\"CVE-2014-2497\", \"CVE-2014-9709\", \"CVE-2015-8874\", \"CVE-2015-8877\", \"CVE-2016-3074\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for libgd2 USN-2987-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libgd2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the GD library\n incorrectly handled certain color tables in XPM images. If a user or automated\n system were tricked into processing a specially crafted XPM image, an attacker\n could cause a denial of service. This issue only affected Ubuntu 12.04 LTS and\n Ubuntu 14.04 LTS. (CVE-2014-2497)\n\n It was discovered that the GD library incorrectly handled certain malformed\n GIF images. If a user or automated system were tricked into processing a\n specially crafted GIF image, an attacker could cause a denial of service.\n This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.\n (CVE-2014-9709)\n\n It was discovered that the GD library incorrectly handled memory when using\n gdImageFillToBorder(). A remote attacker could possibly use this issue to\n cause a denial of service. (CVE-2015-8874)\n\n It was discovered that the GD library incorrectly handled memory when using\n gdImageScaleTwoPass(). A remote attacker could possibly use this issue to\n cause a denial of service. This issue only applied to Ubuntu 14.04 LTS,\n Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2015-8877)\n\n Hans Jerry Illikainen discovered that the GD library incorrectly handled\n certain malformed GD images. If a user or automated system were tricked\n into processing a specially crafted GD image, an attacker could cause a\n denial of service or possibly execute arbitrary code. (CVE-2016-3074)\");\n script_tag(name:\"affected\", value:\"libgd2 on Ubuntu 16.04 LTS,\n Ubuntu 15.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2987-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2987-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|16\\.04 LTS|15\\.10)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libgd3:i386\", ver:\"2.1.0-3ubuntu0.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgd3:amd64\", ver:\"2.1.0-3ubuntu0.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libgd2-noxpm:amd64\", ver:\"2.0.36~rc1~dfsg-6ubuntu2.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgd2-noxpm:i386\", ver:\"2.0.36~rc1~dfsg-6ubuntu2.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgd2-xpm:i386\", ver:\"2.0.36~rc1~dfsg-6ubuntu2.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgd2-xpm:amd64\", ver:\"2.0.36~rc1~dfsg-6ubuntu2.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libgd3:i386\", ver:\"2.1.1-4ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgd3:amd64\", ver:\"2.1.1-4ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libgd3:amd64\", ver:\"2.1.1-4ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgd3:i386\", ver:\"2.1.1-4ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-18T13:50:16", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3215-1 security@debian.org\nhttp://www.debian.org/security/ Alessandro Ghedini \nApril 06, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libgd2\nCVE ID : CVE-2014-2497 CVE-2014-9709\nDebian Bug : 744719\n\nMultiple vulnerabilities were discovered in libgd2, a graphics library:\n\nCVE-2014-2497\n\n The gdImageCreateFromXpm() function would try to dereference a NULL\n pointer when reading an XPM file with a special color table. This\n could allow remote attackers to cause a denial of service (crash) via\n crafted XPM files.\n\nCVE-2014-9709\n\n Importing an invalid GIF file using the gdImageCreateFromGif() function\n would cause a read buffer overflow that could allow remote attackers to\n cause a denial of service (crash) via crafted GIF files.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 2.0.36~rc1~dfsg-6.1+deb7u1.\n\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 2.1.0-5.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.1.0-5.\n\nWe recommend that you upgrade your libgd2 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2015-04-06T18:33:19", "published": "2015-04-06T18:33:19", "id": "DEBIAN:DSA-3215-1:57CF8", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00102.html", "title": "[SECURITY] [DSA 3215-1] libgd2 security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-16T22:13:53", "bulletinFamily": "unix", "description": "Package : libgd2\nVersion : 2.0.36~rc1~dfsg-5+deb6u1\nCVE ID : CVE-2014-2497 CVE-2014-9709\nDebian Bug : 744719\n\nMultiple vulnerabilities were discovered in libgd2, a graphics library:\n\nCVE-2014-2497\n\n The gdImageCreateFromXpm() function would try to dereference a NULL\n pointer when reading an XPM file with a special color table. This\n could allow remote attackers to cause a denial of service (crash) via\n crafted XPM files.\n\nCVE-2014-9709\n\n Importing an invalid GIF file using the gdImageCreateFromGif() function\n would cause a read buffer overflow that could allow remote attackers to\n cause a denial of service (crash) via crafted GIF files.\n\n", "modified": "2015-04-08T17:30:26", "published": "2015-04-08T17:30:26", "id": "DEBIAN:DLA-189-1:098BE", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201504/msg00003.html", "title": "[SECURITY] [DLA 189-1] libgd2 security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T11:35:06", "bulletinFamily": "unix", "description": "PHP5 has been updated to fix two security vulnerabilities:\n\n * Heap-based buffer overflow in DNS TXT record parsing (CVE-2014-4049)\n * NULL pointer dereference in GD XPM decoder (CVE-2014-2497)\n", "modified": "2014-07-04T00:04:20", "published": "2014-07-04T00:04:20", "id": "SUSE-SU-2014:0868-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00001.html", "type": "suse", "title": "Security update for PHP5 (important)", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:17:56", "bulletinFamily": "unix", "description": "PHP5 has been updated to fix four security vulnerabilities:\n\n * Heap-based buffer overflow in DNS TXT record parsing (CVE-2014-4049)\n * NULL pointer dereference in GD XPM decoder (CVE-2014-2497)\n * Memory corrpution in openssl_parse_x509 (CVE-2013-6420)\n * Attackers can perform man-in-the-middle attacks by specially\n crafting certificates (CVE-2013-4248)\n\n Security Issues:\n\n * CVE-2014-4049\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049</a>>\n * CVE-2014-2497\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2497\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2497</a>>\n * CVE-2013-6420\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420</a>>\n * CVE-2013-4248\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4248\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4248</a>>\n\n\n", "modified": "2014-07-05T02:05:05", "published": "2014-07-05T02:05:05", "id": "SUSE-SU-2014:0873-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00004.html", "title": "Security update for PHP5 (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:57:54", "bulletinFamily": "unix", "description": "php53 was updated to fix the following security vulnerabilities:\n\n * Heap-based buffer overflow in DNS TXT record parsing. (CVE-2014-4049)\n * Denial of service in Fileinfo component. (CVE-2014-0238)\n * Performance degradation by too many file_printf calls.\n (CVE-2014-0237)\n * NULL pointer dereference in GD XPM decoder. (CVE-2014-2497)\n\n Security Issues references:\n\n * CVE-2014-4049\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049</a>>\n * CVE-2014-0238\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238</a>>\n * CVE-2014-0237\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237</a>>\n * CVE-2014-2497\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2497\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2497</a>>\n\n", "modified": "2014-07-04T01:04:18", "published": "2014-07-04T01:04:18", "id": "SUSE-SU-2014:0869-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html", "type": "suse", "title": "Security update for php53 (important)", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:50:21", "bulletinFamily": "unix", "description": "PHP5 has been updated to fix four security vulnerabilities:\n\n * Heap-based buffer overflow in DNS TXT record parsing (CVE-2014-4049)\n * Heap based buffer overflow in time handling in openssl_x509_parse\n (CVE-2013-6420)\n * Man in the Middle attack in the the openssl_x509_parse due to lack\n of \\0 handling (CVE-2013-4248)\n * NULL pointer dereference in GD XPM decoder (CVE-2014-2497)\n\n Security Issues:\n\n * CVE-2014-4049\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049</a>>\n * CVE-2013-6420\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420</a>>\n * CVE-2013-4248\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4248\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4248</a>>\n * CVE-2014-2497\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2497\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2497</a>>\n\n", "modified": "2014-07-07T19:04:42", "published": "2014-07-07T19:04:42", "id": "SUSE-SU-2014:0873-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00005.html", "title": "Security update for PHP5 (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:50", "bulletinFamily": "unix", "description": "### Background\n\nGD is a graphic library for fast image creation.\n\n### Description\n\nMultiple vulnerabilities have been discovered in GD. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll GD users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/gd-2.2.2\"", "modified": "2016-07-16T00:00:00", "published": "2016-07-16T00:00:00", "id": "GLSA-201607-04", "href": "https://security.gentoo.org/glsa/201607-04", "type": "gentoo", "title": "GD: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-06T19:46:57", "bulletinFamily": "unix", "description": "### Background\n\nPHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. \n\n### Description\n\nMultiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA context-dependent attacker can cause arbitrary code execution, create a Denial of Service condition, read or write arbitrary files, impersonate other servers, hijack a web session, or have other unspecified impact. Additionally, a local attacker could gain escalated privileges. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll PHP 5.5 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/php-5.5.16\"\n \n\nAll PHP 5.4 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/php-5.4.32\"\n \n\nAll PHP 5.3 users should upgrade to the latest version. This release marks the end of life of the PHP 5.3 series. Future releases of this series are not planned. All PHP 5.3 users are encouraged to upgrade to the current stable version of PHP 5.5 or previous stable version of PHP 5.4, which are supported till at least 2016 and 2015 respectively. \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/php-5.3.29\"", "modified": "2015-08-22T00:00:00", "published": "2014-08-29T00:00:00", "id": "GLSA-201408-11", "href": "https://security.gentoo.org/glsa/201408-11", "type": "gentoo", "title": "PHP: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cloudfoundry": [{"lastseen": "2018-09-07T03:25:49", "bulletinFamily": "software", "description": "USN-2987-1 GD library vulnerabilities\n\n# \n\nMedium\n\n# Vendor\n\nlibgd2, Canonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04 LTS \n\n# Description\n\nIt was discovered that the GD library incorrectly handled certain color tables in XPM images. If a user or automated system were tricked into processing a specially crafted XPM image, an attacker could cause a denial of service. ([CVE-2014-2497](<http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-2497.html>))\n\nIt was discovered that the GD library incorrectly handled certain malformed GIF images. If a user or automated system were tricked into processing a specially crafted GIF image, an attacker could cause a denial of service. ([CVE-2014-9709](<http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9709.html>))\n\nIt was discovered that the GD library incorrectly handled memory when using gdImageFillToBorder(). A remote attacker could possibly use this issue to cause a denial of service. ([CVE-2015-8874](<http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8874.html>))\n\nIt was discovered that the GD library incorrectly handled memory when using gdImageScaleTwoPass(). A remote attacker could possibly use this issue to cause a denial of service. ([CVE-2015-8877](<http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8877.html>))\n\nHans Jerry Illikainen discovered that the GD library incorrectly handled certain malformed GD images. If a user or automated system were tricked into processing a specially crafted GD image, an attacker could cause a denial of service or possibly execute arbitrary code. ([CVE-2016-3074](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3074.html>))\n\n# Affected Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * All versions of Cloud Foundry cflinuxfs2 prior to v.1.64.0 \n\n# Mitigation\n\nUsers of affected versions should apply the following mitigation:\n\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 v.1.64.0 or later versions \n\n# Credit\n\nHans Jerry Illikainen\n\n# References\n\n * <http://www.ubuntu.com/usn/usn-2987-1/>\n * <http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-2497.html>\n * <http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9709.html>\n * <http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8874.html>\n * <http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8877.html>\n * <http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3074.html>\n", "modified": "2016-06-13T00:00:00", "published": "2016-06-13T00:00:00", "id": "CFOUNDRY:29A67C6EFF8B00905B423AF785FD3E4C", "href": "https://www.cloudfoundry.org/blog/usn-2987-1/", "title": "USN-2987-1 GD library vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "amazon": [{"lastseen": "2018-10-02T16:55:21", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nA denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. \n\ngd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function. \n\nThe gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file. \n\nInteger overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for [CVE-2012-1571 __](<https://access.redhat.com/security/cve/CVE-2012-1571>).\n\n \n**Affected Packages:** \n\n\nphp55\n\n \n**Issue Correction:** \nRun _yum update php55_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n php55-opcache-5.5.17-1.90.amzn1.i686 \n php55-bcmath-5.5.17-1.90.amzn1.i686 \n php55-fpm-5.5.17-1.90.amzn1.i686 \n php55-recode-5.5.17-1.90.amzn1.i686 \n php55-pgsql-5.5.17-1.90.amzn1.i686 \n php55-snmp-5.5.17-1.90.amzn1.i686 \n php55-embedded-5.5.17-1.90.amzn1.i686 \n php55-ldap-5.5.17-1.90.amzn1.i686 \n php55-pdo-5.5.17-1.90.amzn1.i686 \n php55-tidy-5.5.17-1.90.amzn1.i686 \n php55-enchant-5.5.17-1.90.amzn1.i686 \n php55-intl-5.5.17-1.90.amzn1.i686 \n php55-pspell-5.5.17-1.90.amzn1.i686 \n php55-soap-5.5.17-1.90.amzn1.i686 \n php55-common-5.5.17-1.90.amzn1.i686 \n php55-xmlrpc-5.5.17-1.90.amzn1.i686 \n php55-gmp-5.5.17-1.90.amzn1.i686 \n php55-xml-5.5.17-1.90.amzn1.i686 \n php55-devel-5.5.17-1.90.amzn1.i686 \n php55-mssql-5.5.17-1.90.amzn1.i686 \n php55-debuginfo-5.5.17-1.90.amzn1.i686 \n php55-gd-5.5.17-1.90.amzn1.i686 \n php55-dba-5.5.17-1.90.amzn1.i686 \n php55-imap-5.5.17-1.90.amzn1.i686 \n php55-mbstring-5.5.17-1.90.amzn1.i686 \n php55-mcrypt-5.5.17-1.90.amzn1.i686 \n php55-mysqlnd-5.5.17-1.90.amzn1.i686 \n php55-odbc-5.5.17-1.90.amzn1.i686 \n php55-5.5.17-1.90.amzn1.i686 \n php55-cli-5.5.17-1.90.amzn1.i686 \n php55-process-5.5.17-1.90.amzn1.i686 \n \n src: \n php55-5.5.17-1.90.amzn1.src \n \n x86_64: \n php55-fpm-5.5.17-1.90.amzn1.x86_64 \n php55-ldap-5.5.17-1.90.amzn1.x86_64 \n php55-intl-5.5.17-1.90.amzn1.x86_64 \n php55-odbc-5.5.17-1.90.amzn1.x86_64 \n php55-mbstring-5.5.17-1.90.amzn1.x86_64 \n php55-gmp-5.5.17-1.90.amzn1.x86_64 \n php55-pgsql-5.5.17-1.90.amzn1.x86_64 \n php55-cli-5.5.17-1.90.amzn1.x86_64 \n php55-bcmath-5.5.17-1.90.amzn1.x86_64 \n php55-gd-5.5.17-1.90.amzn1.x86_64 \n php55-xmlrpc-5.5.17-1.90.amzn1.x86_64 \n php55-tidy-5.5.17-1.90.amzn1.x86_64 \n php55-mssql-5.5.17-1.90.amzn1.x86_64 \n php55-devel-5.5.17-1.90.amzn1.x86_64 \n php55-xml-5.5.17-1.90.amzn1.x86_64 \n php55-mcrypt-5.5.17-1.90.amzn1.x86_64 \n php55-pspell-5.5.17-1.90.amzn1.x86_64 \n php55-soap-5.5.17-1.90.amzn1.x86_64 \n php55-pdo-5.5.17-1.90.amzn1.x86_64 \n php55-common-5.5.17-1.90.amzn1.x86_64 \n php55-opcache-5.5.17-1.90.amzn1.x86_64 \n php55-embedded-5.5.17-1.90.amzn1.x86_64 \n php55-enchant-5.5.17-1.90.amzn1.x86_64 \n php55-imap-5.5.17-1.90.amzn1.x86_64 \n php55-5.5.17-1.90.amzn1.x86_64 \n php55-snmp-5.5.17-1.90.amzn1.x86_64 \n php55-debuginfo-5.5.17-1.90.amzn1.x86_64 \n php55-mysqlnd-5.5.17-1.90.amzn1.x86_64 \n php55-process-5.5.17-1.90.amzn1.x86_64 \n php55-recode-5.5.17-1.90.amzn1.x86_64 \n php55-dba-5.5.17-1.90.amzn1.x86_64 \n \n \n", "modified": "2014-09-19T12:11:00", "published": "2014-09-19T12:11:00", "id": "ALAS-2014-415", "href": "https://alas.aws.amazon.com/ALAS-2014-415.html", "title": "Medium: php55", "type": "amazon", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:00", "bulletinFamily": "unix", "description": "It was discovered that the GD library incorrectly handled certain color tables in XPM images. If a user or automated system were tricked into processing a specially crafted XPM image, an attacker could cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-2497)\n\nIt was discovered that the GD library incorrectly handled certain malformed GIF images. If a user or automated system were tricked into processing a specially crafted GIF image, an attacker could cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-9709)\n\nIt was discovered that the GD library incorrectly handled memory when using gdImageFillToBorder(). A remote attacker could possibly use this issue to cause a denial of service. (CVE-2015-8874)\n\nIt was discovered that the GD library incorrectly handled memory when using gdImageScaleTwoPass(). A remote attacker could possibly use this issue to cause a denial of service. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2015-8877)\n\nHans Jerry Illikainen discovered that the GD library incorrectly handled certain malformed GD images. If a user or automated system were tricked into processing a specially crafted GD image, an attacker could cause a denial of service or possibly execute arbitrary code. (CVE-2016-3074)", "modified": "2016-05-31T00:00:00", "published": "2016-05-31T00:00:00", "id": "USN-2987-1", "href": "https://usn.ubuntu.com/2987-1/", "title": "GD library vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2017-10-03T18:26:26", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2014:1326\n\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. PHP's fileinfo module provides functions used to identify a\nparticular file according to the type of data contained by the file.\n\nIt was found that the fix for CVE-2012-1571 was incomplete; the File\nInformation (fileinfo) extension did not correctly parse certain Composite\nDocument Format (CDF) files. A remote attacker could use this flaw to crash\na PHP application using fileinfo via a specially crafted CDF file.\n(CVE-2014-3587)\n\nA NULL pointer dereference flaw was found in the gdImageCreateFromXpm()\nfunction of PHP's gd extension. A remote attacker could use this flaw to\ncrash a PHP application using gd via a specially crafted X PixMap (XPM)\nfile. (CVE-2014-2497)\n\nMultiple buffer over-read flaws were found in the php_parserr() function of\nPHP. A malicious DNS server or a man-in-the-middle attacker could possibly\nuse this flaw to execute arbitrary code as the PHP interpreter if a PHP\napplication used the dns_get_record() function to perform a DNS query.\n(CVE-2014-3597)\n\nTwo use-after-free flaws were found in the way PHP handled certain Standard\nPHP Library (SPL) Iterators and ArrayIterators. A malicious script author\ncould possibly use either of these flaws to disclose certain portions of\nserver memory. (CVE-2014-4670, CVE-2014-4698)\n\nThe CVE-2014-3597 issue was discovered by David Kutalek of the Red Hat\nBaseOS QE.\n\nAll php53 and php users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After installing\nthe updated packages, the httpd daemon must be restarted for the update to\ntake effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-September/020602.html\nhttp://lists.centos.org/pipermail/centos-announce/2014-September/020654.html\n\n**Affected packages:**\nphp\nphp-bcmath\nphp-cli\nphp-common\nphp-dba\nphp-devel\nphp-embedded\nphp-enchant\nphp-fpm\nphp-gd\nphp-imap\nphp-intl\nphp-ldap\nphp-mbstring\nphp-mysql\nphp-odbc\nphp-pdo\nphp-pgsql\nphp-process\nphp-pspell\nphp-recode\nphp-snmp\nphp-soap\nphp-tidy\nphp-xml\nphp-xmlrpc\nphp-zts\nphp53\nphp53-bcmath\nphp53-cli\nphp53-common\nphp53-dba\nphp53-devel\nphp53-gd\nphp53-imap\nphp53-intl\nphp53-ldap\nphp53-mbstring\nphp53-mysql\nphp53-odbc\nphp53-pdo\nphp53-pgsql\nphp53-process\nphp53-pspell\nphp53-snmp\nphp53-soap\nphp53-xml\nphp53-xmlrpc\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1326.html", "modified": "2014-09-30T11:23:15", "published": "2014-09-30T10:27:47", "href": "http://lists.centos.org/pipermail/centos-announce/2014-September/020602.html", "id": "CESA-2014:1326", "title": "php, php53 security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-03T18:26:14", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2014:1327\n\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. PHP's fileinfo module provides functions used to identify a\nparticular file according to the type of data contained by the file.\n\nA buffer overflow flaw was found in the way the File Information (fileinfo)\nextension processed certain Pascal strings. A remote attacker able to make\na PHP application using fileinfo convert a specially crafted Pascal string\nprovided by an image file could cause that application to crash.\n(CVE-2014-3478)\n\nMultiple flaws were found in the File Information (fileinfo) extension\nregular expression rules for detecting various files. A remote attacker\ncould use either of these flaws to cause a PHP application using fileinfo\nto consume an excessive amount of CPU. (CVE-2014-3538)\n\nIt was found that the fix for CVE-2012-1571 was incomplete; the File\nInformation (fileinfo) extension did not correctly parse certain Composite\nDocument Format (CDF) files. A remote attacker could use this flaw to crash\na PHP application using fileinfo via a specially crafted CDF file.\n(CVE-2014-3587)\n\nIt was found that PHP's gd extension did not properly handle file names\nwith a null character. A remote attacker could possibly use this flaw to\nmake a PHP application access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2014-5120)\n\nA NULL pointer dereference flaw was found in the gdImageCreateFromXpm()\nfunction of PHP's gd extension. A remote attacker could use this flaw to\ncrash a PHP application using gd via a specially crafted X PixMap (XPM)\nfile. (CVE-2014-2497)\n\nMultiple buffer over-read flaws were found in the php_parserr() function of\nPHP. A malicious DNS server or a man-in-the-middle attacker could possibly\nuse this flaw to execute arbitrary code as the PHP interpreter if a PHP\napplication used the dns_get_record() function to perform a DNS query.\n(CVE-2014-3597)\n\nTwo use-after-free flaws were found in the way PHP handled certain Standard\nPHP Library (SPL) Iterators and ArrayIterators. A malicious script author\ncould possibly use either of these flaws to disclose certain portions of\nserver memory. (CVE-2014-4670, CVE-2014-4698)\n\nThe CVE-2014-3478 issue was discovered by Francisco Alonso of Red Hat\nProduct Security, the CVE-2014-3538 issue was discovered by Jan Kalu\u017ea of\nthe Red Hat Web Stack Team, and the CVE-2014-3597 issue was discovered by\nDavid Kut\u00e1lek of the Red Hat BaseOS QE.\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-September/020604.html\n\n**Affected packages:**\nphp\nphp-bcmath\nphp-cli\nphp-common\nphp-dba\nphp-devel\nphp-embedded\nphp-enchant\nphp-fpm\nphp-gd\nphp-intl\nphp-ldap\nphp-mbstring\nphp-mysql\nphp-mysqlnd\nphp-odbc\nphp-pdo\nphp-pgsql\nphp-process\nphp-pspell\nphp-recode\nphp-snmp\nphp-soap\nphp-xml\nphp-xmlrpc\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1327.html", "modified": "2014-09-30T10:59:18", "published": "2014-09-30T10:59:18", "href": "http://lists.centos.org/pipermail/centos-announce/2014-September/020604.html", "id": "CESA-2014:1327", "title": "php security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "f5": [{"lastseen": "2018-01-23T12:54:19", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 479897 (BIG-IP), ID 486354 (BIG-IQ), and ID 486355 (Enterprise Manager) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H480933 on the **Diagnostics **> **Identified **> **High **screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM | 11.0.0 - 11.6.0* \n10.0.0 - 10.2.4* | 12.0.0 | Configuration utility \nBIG-IP AAM | 11.4.0 - 11.6.0* | 12.0.0 | Configuration utility \nBIG-IP AFM | 11.3.0 - 11.6.0* | 12.0.0 | Configuration utility \nBIG-IP Analytics | 11.0.0 - 11.6.0* | 12.0.0 | Configuration utility \nBIG-IP APM | 11.0.0 - 11.6.0* \n10.1.0 - 10.2.4* | 12.0.0 | Configuration utility \nBIG-IP ASM | 11.0.0 - 11.6.0* \n10.0.0 - 10.2.4* | 12.0.0 | Configuration utility \nBIG-IP DNS | None | 12.0.0 | None \nBIG-IP Edge Gateway | 11.0.0 - 11.3.0* \n10.1.0 - 10.2.4* | None | Configuration utility \nBIG-IP GTM | 11.0.0 - 11.6.0* \n10.0.0 - 10.2.4* | None | Configuration utility \nBIG-IP Link Controller | 11.0.0 - 11.6.0* \n10.0.0 - 10.2.4* | 12.0.0 | Configuration utility \nBIG-IP PEM | 11.3.0 - 11.6.0* | 12.0.0 | Configuration utility \nBIG-IP PSM | 11.0.0 - 11.4.1* \n10.0.0 - 10.2.4* | None | Configuration utility \nBIG-IP WebAccelerator | 11.0.0 - 11.3.0* \n10.0.0 - 10.2.4* | None | Configuration utility \nBIG-IP WOM | 11.0.0 - 11.3.0* \n10.0.0 - 10.2.4* | None | Configuration utility \nARX | None | 6.0.0 - 6.4.0 | None \nEnterprise Manager | 3.0.0 - 3.1.1* \n2.1.0 - 2.3.0* | None | Configuration utility \nFirePass | None | 7.0.0 \n6.0.0 - 6.1.0 | None \nBIG-IQ ADC | 4.5.0* | None | Configuration utility \nBIG-IQ Cloud | 4.0.0 - 4.5.0* | None | Configuration utility \nBIG-IQ Device | 4.2.0 - 4.5.0* | None | Configuration utility \nBIG-IQ Security | 4.0.0 - 4.5.0* | None | Configuration utility \n \n*The affected versions ship with vulnerable code; however, F5 Product Development has determined that the vulnerability is unlikely to be exploited as BIG-IP, BIG-IQ, and Enterprise Manager have mitigations in place.\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists. \n \nF5 is responding to this vulnerability as determined by the parameters defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "modified": "2016-01-09T02:06:00", "published": "2014-10-30T19:36:00", "href": "https://support.f5.com/csp/article/K15761", "id": "F5:K15761", "title": "Multiple PHP 5.x vulnerabilities", "type": "f5", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:23:20", "bulletinFamily": "software", "description": " * [CVE-2014-2497](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2497>)\n\nThe gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.\n\n * [CVE-2014-3597](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3597>)\n\nMultiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049.\n\n * [CVE-2014-4670](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4670>)\n\nUse-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments.\n\n * [CVE-2014-4698](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4698>)\n\nUse-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments.\n\n * [CVE-2014-5120](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5120>)\n\ngd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function.\n", "modified": "2015-09-17T00:00:00", "published": "2014-10-30T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/700/sol15761.html", "id": "SOL15761", "title": "SOL15761 - Multiple PHP 5.x vulnerabilities", "type": "f5", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-12-11T19:41:55", "bulletinFamily": "unix", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. PHP's fileinfo module provides functions used to identify a\nparticular file according to the type of data contained by the file.\n\nIt was found that the fix for CVE-2012-1571 was incomplete; the File\nInformation (fileinfo) extension did not correctly parse certain Composite\nDocument Format (CDF) files. A remote attacker could use this flaw to crash\na PHP application using fileinfo via a specially crafted CDF file.\n(CVE-2014-3587)\n\nA NULL pointer dereference flaw was found in the gdImageCreateFromXpm()\nfunction of PHP's gd extension. A remote attacker could use this flaw to\ncrash a PHP application using gd via a specially crafted X PixMap (XPM)\nfile. (CVE-2014-2497)\n\nMultiple buffer over-read flaws were found in the php_parserr() function of\nPHP. A malicious DNS server or a man-in-the-middle attacker could possibly\nuse this flaw to execute arbitrary code as the PHP interpreter if a PHP\napplication used the dns_get_record() function to perform a DNS query.\n(CVE-2014-3597)\n\nTwo use-after-free flaws were found in the way PHP handled certain Standard\nPHP Library (SPL) Iterators and ArrayIterators. A malicious script author\ncould possibly use either of these flaws to disclose certain portions of\nserver memory. (CVE-2014-4670, CVE-2014-4698)\n\nThe CVE-2014-3597 issue was discovered by David Kutalek of the Red Hat\nBaseOS QE.\n\nAll php53 and php users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After installing\nthe updated packages, the httpd daemon must be restarted for the update to\ntake effect.\n", "modified": "2018-06-09T14:16:49", "published": "2014-09-30T04:00:00", "id": "RHSA-2014:1326", "href": "https://access.redhat.com/errata/RHSA-2014:1326", "type": "redhat", "title": "(RHSA-2014:1326) Moderate: php53 and php security update", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T17:41:18", "bulletinFamily": "unix", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. PHP's fileinfo module provides functions used to identify a\nparticular file according to the type of data contained by the file.\n\nA buffer overflow flaw was found in the way the File Information (fileinfo)\nextension processed certain Pascal strings. A remote attacker able to make\na PHP application using fileinfo convert a specially crafted Pascal string\nprovided by an image file could cause that application to crash.\n(CVE-2014-3478)\n\nMultiple flaws were found in the File Information (fileinfo) extension\nregular expression rules for detecting various files. A remote attacker\ncould use either of these flaws to cause a PHP application using fileinfo\nto consume an excessive amount of CPU. (CVE-2014-3538)\n\nIt was found that the fix for CVE-2012-1571 was incomplete; the File\nInformation (fileinfo) extension did not correctly parse certain Composite\nDocument Format (CDF) files. A remote attacker could use this flaw to crash\na PHP application using fileinfo via a specially crafted CDF file.\n(CVE-2014-3587)\n\nIt was found that PHP's gd extension did not properly handle file names\nwith a null character. A remote attacker could possibly use this flaw to\nmake a PHP application access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2014-5120)\n\nA NULL pointer dereference flaw was found in the gdImageCreateFromXpm()\nfunction of PHP's gd extension. A remote attacker could use this flaw to\ncrash a PHP application using gd via a specially crafted X PixMap (XPM)\nfile. (CVE-2014-2497)\n\nMultiple buffer over-read flaws were found in the php_parserr() function of\nPHP. A malicious DNS server or a man-in-the-middle attacker could possibly\nuse this flaw to execute arbitrary code as the PHP interpreter if a PHP\napplication used the dns_get_record() function to perform a DNS query.\n(CVE-2014-3597)\n\nTwo use-after-free flaws were found in the way PHP handled certain Standard\nPHP Library (SPL) Iterators and ArrayIterators. A malicious script author\ncould possibly use either of these flaws to disclose certain portions of\nserver memory. (CVE-2014-4670, CVE-2014-4698)\n\nThe CVE-2014-3478 issue was discovered by Francisco Alonso of Red Hat\nProduct Security, the CVE-2014-3538 issue was discovered by Jan Kalu\u017ea of\nthe Red Hat Web Stack Team, and the CVE-2014-3597 issue was discovered by\nDavid Kut\u00e1lek of the Red Hat BaseOS QE.\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\n", "modified": "2018-04-12T03:32:47", "published": "2014-09-30T04:00:00", "id": "RHSA-2014:1327", "href": "https://access.redhat.com/errata/RHSA-2014:1327", "type": "redhat", "title": "(RHSA-2014:1327) Moderate: php security update", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T21:40:57", "bulletinFamily": "unix", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA buffer overflow flaw was found in the Exif extension. A specially crafted\nJPEG or TIFF file could cause a PHP application using the exif_thumbnail()\nfunction to crash or, possibly, execute arbitrary code. (CVE-2014-3670)\n\nMultiple buffer overflow flaws were found in the way PHP parsed DNS\nresponses. A malicious DNS server or a man-in-the-middle attacker could\nuse these flaws to crash or, possibly, execute arbitrary code with the\nprivileges of a PHP application that uses the dns_get_record() function.\n(CVE-2014-4049, CVE-2014-3597)\n\nMultiple denial of service flaws were found in the File Information\n(fileinfo) extension. A remote attacker could use these flaws to cause a\nPHP application using fileinfo to consume an excessive amount of CPU and\npossibly crash. (CVE-2014-0237, CVE-2014-0238, CVE-2014-3538)\n\nMultiple boundary check flaws were found in the File Information (fileinfo)\nextension. A remote attacker could use these flaws to cause a PHP\napplication using fileinfo to crash. (CVE-2014-0207, CVE-2014-3478,\nCVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3587, CVE-2014-3710)\n\nA type confusion issue was found in PHP's phpinfo() function. A malicious\nscript author could possibly use this flaw to disclose certain portions of\nserver memory. (CVE-2014-4721)\n\nA type confusion issue was found in the SPL ArrayObject and\nSPLObjectStorage classes' unserialize() method. A remote attacker able to\nsubmit specially crafted input to a PHP application, which would then\nunserialize this input using one of the aforementioned methods, could use\nthis flaw to execute arbitrary code with the privileges of the user running\nthat PHP application. (CVE-2014-3515)\n\nTwo use-after-free flaws were found in the way PHP handled certain Standard\nPHP Library (SPL) Iterators and ArrayIterators. A malicious script author\ncould possibly use either of these flaws to disclose certain portions of\nserver memory. (CVE-2014-4670, CVE-2014-4698)\n\nAn integer overflow flaw was found in the way custom objects were\nunserialized. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash. (CVE-2014-3669)\n\nIt was found that PHP's gd extension did not properly handle file names\nwith a null character. A remote attacker could possibly use this flaw to\nmake a PHP application access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2014-5120)\n\nA NULL pointer dereference flaw was found in the gdImageCreateFromXpm()\nfunction of PHP's gd extension. A remote attacker could use this flaw to\ncrash a PHP application using gd via a specially crafted X PixMap (XPM)\nfile. (CVE-2014-2497)\n\nAn out of bounds read flaw was found in the way the xmlrpc extension parsed\ndates in the ISO 8601 format. A specially crafted XML-RPC request or\nresponse could possibly cause a PHP application to crash. (CVE-2014-3668)\n\nThe CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3478,\nCVE-2014-3479, CVE-2014-3480, CVE-2014-3487, and CVE-2014-3710 issues were\ndiscovered by Francisco Alonso of Red Hat Product Security; the\nCVE-2014-3538 issue was discovered by Jan Kalu\u017ea of the Red Hat Web Stack\nTeam; the CVE-2014-3597 issue was discovered by David Kut\u00e1lek of Red Hat\nBaseOS QE.\n\nAll php55-php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd24-httpd service must be restarted for the\nupdate to take effect.\n", "modified": "2018-06-13T01:28:25", "published": "2014-10-30T04:00:00", "id": "RHSA-2014:1766", "href": "https://access.redhat.com/errata/RHSA-2014:1766", "type": "redhat", "title": "(RHSA-2014:1766) Important: php55-php security update", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T19:42:45", "bulletinFamily": "unix", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA buffer overflow flaw was found in the Exif extension. A specially crafted\nJPEG or TIFF file could cause a PHP application using the exif_thumbnail()\nfunction to crash or, possibly, execute arbitrary code. (CVE-2014-3670)\n\nMultiple buffer overflow flaws were found in the way PHP parsed DNS\nresponses. A malicious DNS server or a man-in-the-middle attacker could\nuse these flaws to crash or, possibly, execute arbitrary code with the\nprivileges of a PHP application that uses the dns_get_record() function.\n(CVE-2014-4049, CVE-2014-3597)\n\nMultiple denial of service flaws were found in the File Information\n(fileinfo) extension. A remote attacker could use these flaws to cause a\nPHP application using fileinfo to consume an excessive amount of CPU and\npossibly crash. (CVE-2013-7345, CVE-2014-0237, CVE-2014-0238,\nCVE-2014-1943, CVE-2014-3538)\n\nMultiple boundary check flaws were found in the File Information\n(fileinfo) extension. A remote attacker could use these flaws to cause a\nPHP application using fileinfo to crash. (CVE-2014-0207, CVE-2014-2270,\nCVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3587,\nCVE-2014-3710)\n\nA type confusion issue was found in PHP's phpinfo() function. A malicious\nscript author could possibly use this flaw to disclose certain portions of\nserver memory. (CVE-2014-4721)\n\nA type confusion issue was found in the SPL ArrayObject and\nSPLObjectStorage classes' unserialize() method. A remote attacker able to\nsubmit specially crafted input to a PHP application, which would then\nunserialize this input using one of the aforementioned methods, could use\nthis flaw to execute arbitrary code with the privileges of the user running\nthat PHP application. (CVE-2014-3515)\n\nTwo use-after-free flaws were found in the way PHP handled certain Standard\nPHP Library (SPL) Iterators and ArrayIterators. A malicious script author\ncould possibly use either of these flaws to disclose certain portions of\nserver memory. (CVE-2014-4670, CVE-2014-4698)\n\nAn integer overflow flaw was found in the way custom objects were\nunserialized. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash. (CVE-2014-3669)\n\nIt was found that PHP's gd extension did not properly handle file names\nwith a null character. A remote attacker could possibly use this flaw to\nmake a PHP application access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2014-5120)\n\nA NULL pointer dereference flaw was found in the gdImageCreateFromXpm()\nfunction of PHP's gd extension. A remote attacker could use this flaw to\ncrash a PHP application using gd via a specially crafted X PixMap (XPM)\nfile. (CVE-2014-2497)\n\nA buffer over-read flaw was found in the way the DateInterval class parsed\ninterval specifications. An attacker able to make a PHP application parse a\nspecially crafted specification using DateInterval could possibly cause the\nPHP interpreter to crash. (CVE-2013-6712)\n\nAn out of bounds read flaw was found in the way the xmlrpc extension parsed\ndates in the ISO 8601 format. A specially crafted XML-RPC request or\nresponse could possibly cause a PHP application to crash. (CVE-2014-3668)\n\nThe CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3478,\nCVE-2014-3479, CVE-2014-3480, CVE-2014-3487, and CVE-2014-3710 issues were\ndiscovered by Francisco Alonso of Red Hat Product Security; the\nCVE-2014-3538 issue was discovered by Jan Kalu\u017ea of the Red Hat Web Stack\nTeam; the CVE-2014-3597 issue was discovered by David Kut\u00e1lek of Red Hat\nBaseOS QE.\n\nAll php54-php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd service must be restarted for the update to\ntake effect.\n", "modified": "2018-06-13T01:28:16", "published": "2014-10-30T04:00:00", "id": "RHSA-2014:1765", "href": "https://access.redhat.com/errata/RHSA-2014:1765", "type": "redhat", "title": "(RHSA-2014:1765) Important: php54-php security update", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:43:11", "bulletinFamily": "unix", "description": "[5.3.3-27.2]\n- spl: fix use-after-free in ArrayIterator due to object\n change during sorting. CVE-2014-4698\n- spl: fix use-after-free in SPL Iterators. CVE-2014-4670\n- gd: fix NULL pointer dereference in gdImageCreateFromXpm.\n CVE-2014-2497\n- fileinfo: fix incomplete fix for CVE-2012-1571 in\n cdf_read_property_info. CVE-2014-3587\n- core: fix incomplete fix for CVE-2014-4049 DNS TXT\n record parsing. CVE-2014-3597", "modified": "2014-09-30T00:00:00", "published": "2014-09-30T00:00:00", "id": "ELSA-2014-1326", "href": "http://linux.oracle.com/errata/ELSA-2014-1326.html", "title": "php53 and php security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:47:44", "bulletinFamily": "unix", "description": "[5.4.16-23.1]\n- gd: fix NULL pointer dereference in gdImageCreateFromXpm().\n CVE-2014-2497\n- gd: fix NUL byte injection in file names. CVE-2014-5120\n- fileinfo: fix extensive backtracking in regular expression\n (incomplete fix for CVE-2013-7345). CVE-2014-3538\n- fileinfo: fix mconvert incorrect handling of truncated\n pascal string size. CVE-2014-3478\n- fileinfo: fix cdf_read_property_info\n (incomplete fix for CVE-2012-1571). CVE-2014-3587\n- spl: fix use-after-free in ArrayIterator due to object\n change during sorting. CVE-2014-4698\n- spl: fix use-after-free in SPL Iterators. CVE-2014-4670\n- network: fix segfault in dns_get_record\n (incomplete fix for CVE-2014-4049). CVE-2014-3597", "modified": "2014-09-30T00:00:00", "published": "2014-09-30T00:00:00", "id": "ELSA-2014-1327", "href": "http://linux.oracle.com/errata/ELSA-2014-1327.html", "title": "php security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:47:20", "bulletinFamily": "unix", "description": "[5.4.16-36]\n- fix more functions accept paths with NUL character #1213407\n[5.4.16-35]\n- core: fix multipart/form-data request can use excessive\n amount of CPU usage CVE-2015-4024\n- fix various functions accept paths with NUL character\n CVE-2015-4025, CVE-2015-4026, #1213407\n- fileinfo: fix denial of service when processing a crafted\n file #1213442\n- ftp: fix integer overflow leading to heap overflow when\n reading FTP file listing CVE-2015-4022\n- phar: fix buffer over-read in metadata parsing CVE-2015-2783\n- phar: invalid pointer free() in phar_tar_process_metadata()\n CVE-2015-3307\n- phar: fix buffer overflow in phar_set_inode() CVE-2015-3329\n- phar: fix memory corruption in phar_parse_tarfile caused by\n empty entry file name CVE-2015-4021\n- soap: fix type confusion through unserialize #1222538\n- apache2handler: fix pipelined request executed in deinitialized\n interpreter under httpd 2.4 CVE-2015-3330\n[5.4.16-34]\n- fix memory corruption in fileinfo module on big endian\n machines #1082624\n- fix segfault in pdo_odbc on x86_64 #1159892\n- fix segfault in gmp allocator #1154760\n[5.4.16-33]\n- core: use after free vulnerability in unserialize()\n CVE-2014-8142 and CVE-2015-0231\n- core: fix use-after-free in unserialize CVE-2015-2787\n- core: fix NUL byte injection in file name argument of\n move_uploaded_file() CVE-2015-2348\n- date: use after free vulnerability in unserialize CVE-2015-0273\n- enchant: fix heap buffer overflow in enchant_broker_request_dict\n CVE-2014-9705\n- exif: free called on unitialized pointer CVE-2015-0232\n- fileinfo: fix out of bounds read in mconvert CVE-2014-9652\n- gd: fix buffer read overflow in gd_gif_in.c CVE-2014-9709\n- phar: use after free in phar_object.c CVE-2015-2301\n- soap: fix type confusion through unserialize\n[5.4.16-31]\n- fileinfo: fix out-of-bounds read in elf note headers. CVE-2014-3710\n[5.4.16-29]\n- xmlrpc: fix out-of-bounds read flaw in mkgmtime() CVE-2014-3668\n- core: fix integer overflow in unserialize() CVE-2014-3669\n- exif: fix heap corruption issue in exif_thumbnail() CVE-2014-3670\n[5.4.16-27]\n- gd: fix NULL pointer dereference in gdImageCreateFromXpm().\n CVE-2014-2497\n- gd: fix NUL byte injection in file names. CVE-2014-5120\n- fileinfo: fix extensive backtracking in regular expression\n (incomplete fix for CVE-2013-7345). CVE-2014-3538\n- fileinfo: fix mconvert incorrect handling of truncated\n pascal string size. CVE-2014-3478\n- fileinfo: fix cdf_read_property_info\n (incomplete fix for CVE-2012-1571). CVE-2014-3587\n- spl: fix use-after-free in ArrayIterator due to object\n change during sorting. CVE-2014-4698\n- spl: fix use-after-free in SPL Iterators. CVE-2014-4670\n- network: fix segfault in dns_get_record\n (incomplete fix for CVE-2014-4049). CVE-2014-3597\n[5.4.16-25]\n- fix segfault after startup on aarch64 (#1107567)\n- compile php with -O3 on ppc64le (#1123499)", "modified": "2015-06-23T00:00:00", "published": "2015-06-23T00:00:00", "id": "ELSA-2015-1135", "href": "http://linux.oracle.com/errata/ELSA-2015-1135.html", "title": "php security and bug fix update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "slackware": [{"lastseen": "2018-08-31T02:36:56", "bulletinFamily": "unix", "description": "New php packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/php-5.4.32-i486-1_slack14.1.txz: Upgraded.\n This update fixes bugs and security issues.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2497\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3597\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4670\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4698\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5120\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/php-5.3.29-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/php-5.3.29-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/php-5.3.29-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/php-5.3.29-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/php-5.3.29-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/php-5.3.29-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.32-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.32-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.32-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.32-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.4.32-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.4.32-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 package:\n3e1fd13039dff552ec1f2c0e36ce6690 php-5.3.29-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n0277c500c1fee8c8fedb27ecc7f6f72d php-5.3.29-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n44b2d357e3cd96860538ed089d8a2543 php-5.3.29-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n6e81137a8f032d88b419b1e5147281dd php-5.3.29-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\ne09260a202e5c5b7eb89ffbe23f7c48e php-5.3.29-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n8689f526c10fb85f5c7dbd7f3293326f php-5.3.29-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\nb8f8fdbf63e00cbf53e330b0b8b6a305 php-5.4.32-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nee12ffa350439f4d6a0a70cd800a7350 php-5.4.32-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n0f2ae6105dfa0eccce1a0fd86cfc8cf1 php-5.4.32-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n77c9789aaac4ac6a31b8aa96b2f00508 php-5.4.32-x86_64-1_slack14.1.txz\n\nSlackware -current package:\nad6363263ba4f488d764ac2271a5b00f n/php-5.4.32-i486-1.txz\n\nSlackware x86_64 -current package:\n097ea5fa4e16ba7b8a301c8e0a089c16 n/php-5.4.32-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg php-5.4.32-i486-1_slack14.1.txz\n\nThen, restart Apache httpd:\n > /etc/rc.d/rc.httpd stop\n > /etc/rc.d/rc.httpd start", "modified": "2014-09-04T15:00:56", "published": "2014-09-04T15:00:56", "id": "SSA-2014-247-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.523796", "title": "php", "type": "slackware", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
