{"cve": [{"lastseen": "2017-04-18T15:56:48", "bulletinFamily": "NVD", "description": "The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a \"deconfigured interpreter.\"", "modified": "2016-12-30T21:59:29", "published": "2015-06-09T14:59:03", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3330", "id": "CVE-2015-3330", "title": "CVE-2015-3330", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-05T11:51:40", "bulletinFamily": "NVD", "description": "Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.", "modified": "2018-01-04T21:30:06", "published": "2015-06-09T14:59:02", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3329", "id": "CVE-2015-3329", "title": "CVE-2015-3329", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-05T11:51:38", "bulletinFamily": "NVD", "description": "ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions.", "modified": "2018-01-04T21:30:03", "published": "2015-06-09T14:59:00", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2783", "id": "CVE-2015-2783", "title": "CVE-2015-2783", "type": "cve", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}], "f5": [{"lastseen": "2017-06-08T00:16:22", "bulletinFamily": "software", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.0| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 MobileSafe| None| 1.0.0| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 5.0.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "modified": "2016-07-05T19:54:00", "published": "2016-07-05T19:43:00", "href": "https://support.f5.com/csp/article/K35239571", "id": "F5:K35239571", "title": "PHP vulnerability CVE-2015-3329", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:23:17", "bulletinFamily": "software", "description": "Vulnerability Recommended Actions\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2016-07-05T00:00:00", "published": "2016-07-05T00:00:00", "id": "SOL35239571", "href": "http://support.f5.com/kb/en-us/solutions/public/k/35/sol35239571.html", "type": "f5", "title": "SOL35239571 - PHP vulnerability CVE-2015-3329", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:22:57", "bulletinFamily": "software", "description": "**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nRecommended Action\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2015-09-08T00:00:00", "published": "2015-09-08T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/17000/200/sol17200.html", "id": "SOL17200", "title": "SOL17200 - PHP vulnerability CVE-2015-2783", "type": "f5", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-11-19T13:03:09", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2015-06-09T00:00:00", "id": "OPENVAS:1361412562310850658", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850658", "title": "SuSE Update for php5 openSUSE-SU-2015:0855-1 (php5)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2015_0855_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for php5 openSUSE-SU-2015:0855-1 (php5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850658\");\n script_version(\"$Revision: 12381 $\");\n script_cve_id(\"CVE-2015-2783\", \"CVE-2015-3329\", \"CVE-2015-3330\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-09 10:39:01 +0200 (Tue, 09 Jun 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for php5 openSUSE-SU-2015:0855-1 (php5)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php5'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"PHP was updated to fix three security issues.\n\n The following vulnerabilities were fixed:\n\n * CVE-2015-3330: Specially crafted PHAR files could, when executed under\n Apache httpd 2.4 (apache2handler), allow arbitrary code execution\n (bnc#928506)\n\n * CVE-2015-3329: Specially crafted PHAR data could lead to disclosure of\n sensitive information due to a buffer overflow (bnc#928506)\n\n * CVE-2015-2783: Specially crafted PHAR data could lead to disclosure of\n sensitive information due to a buffer over-read (bnc#928511)\n\n On openSUSE 13.2, the following bug was fixed:\n\n * boo#927147: php5-fpm did not start correctly\");\n script_tag(name:\"affected\", value:\"php5 on openSUSE 13.1\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"openSUSE-SU\", value:\"2015:0855_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSE13.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache2-mod_php5\", rpm:\"apache2-mod_php5~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-mod_php5-debuginfo\", rpm:\"apache2-mod_php5-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5\", rpm:\"php5~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-bcmath\", rpm:\"php5-bcmath~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-bcmath-debuginfo\", rpm:\"php5-bcmath-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-bz2\", rpm:\"php5-bz2~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-bz2-debuginfo\", rpm:\"php5-bz2-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-calendar\", rpm:\"php5-calendar~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-calendar-debuginfo\", rpm:\"php5-calendar-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-ctype\", rpm:\"php5-ctype~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-ctype-debuginfo\", rpm:\"php5-ctype-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-curl\", rpm:\"php5-curl~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-curl-debuginfo\", rpm:\"php5-curl-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-dba\", rpm:\"php5-dba~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-dba-debuginfo\", rpm:\"php5-dba-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-debuginfo\", rpm:\"php5-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-debugsource\", rpm:\"php5-debugsource~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-devel\", rpm:\"php5-devel~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-dom\", rpm:\"php5-dom~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-dom-debuginfo\", rpm:\"php5-dom-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-enchant\", rpm:\"php5-enchant~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-enchant-debuginfo\", rpm:\"php5-enchant-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-exif\", rpm:\"php5-exif~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-exif-debuginfo\", rpm:\"php5-exif-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-fastcgi\", rpm:\"php5-fastcgi~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-fastcgi-debuginfo\", rpm:\"php5-fastcgi-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-fileinfo\", rpm:\"php5-fileinfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-fileinfo-debuginfo\", rpm:\"php5-fileinfo-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-firebird\", rpm:\"php5-firebird~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-firebird-debuginfo\", rpm:\"php5-firebird-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-fpm\", rpm:\"php5-fpm~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-fpm-debuginfo\", rpm:\"php5-fpm-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-ftp\", rpm:\"php5-ftp~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-ftp-debuginfo\", rpm:\"php5-ftp-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-gd\", rpm:\"php5-gd~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-gd-debuginfo\", rpm:\"php5-gd-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-gettext\", rpm:\"php5-gettext~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-gettext-debuginfo\", rpm:\"php5-gettext-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-gmp\", rpm:\"php5-gmp~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-gmp-debuginfo\", rpm:\"php5-gmp-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-iconv\", rpm:\"php5-iconv~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-iconv-debuginfo\", rpm:\"php5-iconv-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-imap\", rpm:\"php5-imap~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-imap-debuginfo\", rpm:\"php5-imap-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-intl\", rpm:\"php5-intl~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-intl-debuginfo\", rpm:\"php5-intl-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-json\", rpm:\"php5-json~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-json-debuginfo\", rpm:\"php5-json-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-ldap\", rpm:\"php5-ldap~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-ldap-debuginfo\", rpm:\"php5-ldap-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-mbstring\", rpm:\"php5-mbstring~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-mbstring-debuginfo\", rpm:\"php5-mbstring-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-mcrypt\", rpm:\"php5-mcrypt~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-mcrypt-debuginfo\", rpm:\"php5-mcrypt-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-mssql\", rpm:\"php5-mssql~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-mssql-debuginfo\", rpm:\"php5-mssql-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-mysql\", rpm:\"php5-mysql~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-mysql-debuginfo\", rpm:\"php5-mysql-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-odbc\", rpm:\"php5-odbc~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-odbc-debuginfo\", rpm:\"php5-odbc-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-openssl\", rpm:\"php5-openssl~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-openssl-debuginfo\", rpm:\"php5-openssl-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-pcntl\", rpm:\"php5-pcntl~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-pcntl-debuginfo\", rpm:\"php5-pcntl-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-pdo\", rpm:\"php5-pdo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-pdo-debuginfo\", rpm:\"php5-pdo-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-pgsql\", rpm:\"php5-pgsql~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-pgsql-debuginfo\", rpm:\"php5-pgsql-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-phar\", rpm:\"php5-phar~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-phar-debuginfo\", rpm:\"php5-phar-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-posix\", rpm:\"php5-posix~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-posix-debuginfo\", rpm:\"php5-posix-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-pspell\", rpm:\"php5-pspell~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-pspell-debuginfo\", rpm:\"php5-pspell-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-readline\", rpm:\"php5-readline~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-readline-debuginfo\", rpm:\"php5-readline-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-shmop\", rpm:\"php5-shmop~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-shmop-debuginfo\", rpm:\"php5-shmop-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-snmp\", rpm:\"php5-snmp~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-snmp-debuginfo\", rpm:\"php5-snmp-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-soap\", rpm:\"php5-soap~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-soap-debuginfo\", rpm:\"php5-soap-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-sockets\", rpm:\"php5-sockets~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-sockets-debuginfo\", rpm:\"php5-sockets-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-sqlite\", rpm:\"php5-sqlite~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-sqlite-debuginfo\", rpm:\"php5-sqlite-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-suhosin\", rpm:\"php5-suhosin~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-suhosin-debuginfo\", rpm:\"php5-suhosin-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-sysvmsg\", rpm:\"php5-sysvmsg~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-sysvmsg-debuginfo\", rpm:\"php5-sysvmsg-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-sysvsem\", rpm:\"php5-sysvsem~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-sysvsem-debuginfo\", rpm:\"php5-sysvsem-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-sysvshm\", rpm:\"php5-sysvshm~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-sysvshm-debuginfo\", rpm:\"php5-sysvshm-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-tidy\", rpm:\"php5-tidy~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-tidy-debuginfo\", rpm:\"php5-tidy-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-tokenizer\", rpm:\"php5-tokenizer~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-tokenizer-debuginfo\", rpm:\"php5-tokenizer-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-wddx\", rpm:\"php5-wddx~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-wddx-debuginfo\", rpm:\"php5-wddx-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-xmlreader\", rpm:\"php5-xmlreader~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-xmlreader-debuginfo\", rpm:\"php5-xmlreader-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-xmlrpc\", rpm:\"php5-xmlrpc~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-xmlrpc-debuginfo\", rpm:\"php5-xmlrpc-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-xmlwriter\", rpm:\"php5-xmlwriter~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-xmlwriter-debuginfo\", rpm:\"php5-xmlwriter-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-xsl\", rpm:\"php5-xsl~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-xsl-debuginfo\", rpm:\"php5-xsl-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-zip\", rpm:\"php5-zip~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-zip-debuginfo\", rpm:\"php5-zip-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-zlib\", rpm:\"php5-zlib~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-zlib-debuginfo\", rpm:\"php5-zlib-debuginfo~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php5-pear\", rpm:\"php5-pear~5.4.20~52.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-19T13:02:07", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2015-04-21T00:00:00", "id": "OPENVAS:1361412562310842171", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842171", "title": "Ubuntu Update for php5 USN-2572-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for php5 USN-2572-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842171\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-21 07:19:00 +0200 (Tue, 21 Apr 2015)\");\n script_cve_id(\"CVE-2015-3330\", \"CVE-2015-3329\", \"CVE-2015-2305\", \"CVE-2015-2348\",\n \"CVE-2015-2783\", \"CVE-2015-2787\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for php5 USN-2572-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php5'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that PHP incorrectly\nhandled cleanup when used with Apache 2.4. A remote attacker could use this\nissue to cause PHP to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. (CVE-2015-3330)\n\nIt was discovered that PHP incorrectly handled opening tar, zip or phar\narchives through the PHAR extension. A remote attacker could use this issue\nto cause PHP to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. (CVE-2015-3329)\n\nIt was discovered that PHP incorrectly handled regular expressions. A\nremote attacker could use this issue to cause PHP to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. (CVE-2015-2305)\n\nPaulos Yibelo discovered that PHP incorrectly handled moving files when a\npathname contained a null character. A remote attacker could use this issue\nto possibly bypass filename restrictions. This issue only applied to\nUbuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-2348)\n\nIt was discovered that PHP incorrectly handled unserializing PHAR files. A\nremote attacker could use this issue to cause PHP to possibly expose\nsensitive information. (CVE-2015-2783)\n\nTaoguang Chen discovered that PHP incorrectly handled unserializing certain\nobjects. A remote attacker could use this issue to cause PHP to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2015-2787)\");\n script_tag(name:\"affected\", value:\"php5 on Ubuntu 14.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2572-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2572-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS|12\\.04 LTS|10\\.04 LTS)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.5.12+dfsg-2ubuntu4.4\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.5.12+dfsg-2ubuntu4.4\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.5.12+dfsg-2ubuntu4.4\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.5.12+dfsg-2ubuntu4.4\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.5.9+dfsg-1ubuntu4.9\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.5.9+dfsg-1ubuntu4.9\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.5.9+dfsg-1ubuntu4.9\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.5.9+dfsg-1ubuntu4.9\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.10-1ubuntu3.18\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.10-1ubuntu3.18\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.10-1ubuntu3.18\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.3.10-1ubuntu3.18\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.2-1ubuntu4.30\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.2-1ubuntu4.30\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.2-1ubuntu4.30\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-02T14:30:25", "bulletinFamily": "scanner", "description": "Amazon Linux Local Security Checks", "modified": "2018-10-01T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120364", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120364", "title": "Amazon Linux Local Check: alas-2015-509", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2015-509.nasl 6575 2017-07-06 13:42:08Z cfischer$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120364\");\n script_version(\"$Revision: 11703 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:24:39 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 10:05:31 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: alas-2015-509\");\n script_tag(name:\"insight\", value:\"A buffer overflow vulnerability was found in PHP's phar (PHP Archive) implementation. See https://bugs.php.net/bug.php?id=69324 for more details. (CVE-2015-2783 )A use-after-free flaw was found in PHP's phar (PHP Archive) paths implementation. A malicious script author could possibly use this flaw to disclose certain portions of server memory. (CVE-2015-2301 )A buffer over-read flaw was found in the GD library. A specially crafted GIF file could cause an application using the gdImageCreateFromGif() function to crash. (CVE-2014-9709 )A NULL pointer dereference flaw was found in PHP's pgsql extension. A specially crafted table name passed to function as pg_insert() or pg_select() could cause a PHP application to crash. (CVE-2015-1352 )A buffer overflow flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-3329 )\");\n script_tag(name:\"solution\", value:\"Run yum update php54 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-509.html\");\n script_cve_id(\"CVE-2015-2783\", \"CVE-2015-3329\", \"CVE-2015-2301\", \"CVE-2015-1352\", \"CVE-2014-9709\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"php54-mysqlnd\", rpm:\"php54-mysqlnd~5.4.40~1.68.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-xmlrpc\", rpm:\"php54-xmlrpc~5.4.40~1.68.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-devel\", rpm:\"php54-devel~5.4.40~1.68.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-pgsql\", rpm:\"php54-pgsql~5.4.40~1.68.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-enchant\", rpm:\"php54-enchant~5.4.40~1.68.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-cli\", rpm:\"php54-cli~5.4.40~1.68.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-soap\", rpm:\"php54-soap~5.4.40~1.68.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-dba\", rpm:\"php54-dba~5.4.40~1.68.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-mysql\", rpm:\"php54-mysql~5.4.40~1.68.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-ldap\", rpm:\"php54-ldap~5.4.40~1.68.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-pdo\", rpm:\"php54-pdo~5.4.40~1.68.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-recode\", rpm:\"php54-recode~5.4.40~1.68.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-tidy\", rpm:\"php54-tidy~5.4.40~1.68.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-common\", rpm:\"php54-common~5.4.40~1.68.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-process\", rpm:\"php54-process~5.4.40~1.68.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-intl\", rpm:\"php54-intl~5.4.40~1.68.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-fpm\", rpm:\"php54-fpm~5.4.40~1.68.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-snmp\", rpm:\"php54-snmp~5.4.40~1.68.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-debuginfo\", rpm:\"php54-debuginfo~5.4.40~1.68.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54\", rpm:\"php54~5.4.40~1.68.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-odbc\", rpm:\"php54-odbc~5.4.40~1.68.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-embedded\", rpm:\"php54-embedded~5.4.40~1.68.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-xml\", rpm:\"php54-xml~5.4.40~1.68.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-gd\", rpm:\"php54-gd~5.4.40~1.68.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-mcrypt\", rpm:\"php54-mcrypt~5.4.40~1.68.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-mssql\", rpm:\"php54-mssql~5.4.40~1.68.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-mbstring\", rpm:\"php54-mbstring~5.4.40~1.68.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-imap\", rpm:\"php54-imap~5.4.40~1.68.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-pspell\", rpm:\"php54-pspell~5.4.40~1.68.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php54-bcmath\", rpm:\"php54-bcmath~5.4.40~1.68.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:50:48", "bulletinFamily": "scanner", "description": "Check the version of php", "modified": "2017-07-10T00:00:00", "published": "2015-07-07T00:00:00", "id": "OPENVAS:1361412562310869637", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869637", "title": "Fedora Update for php FEDORA-2015-6195", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2015-6195\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869637\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-07 06:30:42 +0200 (Tue, 07 Jul 2015)\");\n script_cve_id(\"CVE-2015-1351\", \"CVE-2015-1352\", \"CVE-2015-2783\", \"CVE-2015-3329\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for php FEDORA-2015-6195\");\n script_tag(name: \"summary\", value: \"Check the version of php\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"PHP is an HTML-embedded scripting language.\nPHP attempts to make it easy for developers to write dynamically generated web\npages. PHP also offers built-in database integration for several commercial and\nnon-commercial database management systems, so writing a database-enabled webpage\nwith PHP is fairly simple. The most common use of PHP coding is probably as a\nreplacement for CGI scripts.\n\nThe php package contains the module (often referred to as mod_php) which adds\nsupport for the PHP language to Apache HTTP Server.\n\");\n script_tag(name: \"affected\", value: \"php on Fedora 22\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-6195\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155837.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.6.8~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-09T12:16:27", "bulletinFamily": "scanner", "description": "This host is installed with PHP and is prone\n to multiple vulnerabilities.", "modified": "2019-01-09T00:00:00", "published": "2015-06-17T00:00:00", "id": "OPENVAS:1361412562310805659", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805659", "title": "PHP Multiple Vulnerabilities - 04 - Jun15 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_mult_vuln04_june15_win.nasl 2015-06-17 16:00:15 Jun$\n#\n# PHP Multiple Vulnerabilities - 04 - Jun15 (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:http_server\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805659\");\n script_version(\"$Revision: 12986 $\");\n script_cve_id(\"CVE-2015-3330\");\n script_bugtraq_id(74204);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-01-09 08:58:52 +0100 (Wed, 09 Jan 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-17 16:00:15 +0530 (Wed, 17 Jun 2015)\");\n script_name(\"PHP Multiple Vulnerabilities - 04 - Jun15 (Windows)\");\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_php_detect.nasl\", \"secpod_apache_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"php/installed\", \"apache/installed\", \"Host/runs_windows\");\n\n script_xref(name:\"URL\", value:\"http://php.net/ChangeLog-5.php\");\n script_xref(name:\"URL\", value:\"https://bugs.php.net/bug.php?id=69085\");\n script_xref(name:\"URL\", value:\"http://openwall.com/lists/oss-security/2015/06/01/4\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PHP and is prone\n to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to vulnerability in\n 'php_handler' function in sapi/apache2handler/sapi_apache2.c script in PHP.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue allow\n remote attackers to cause a denial of service or possibly execute arbitrary\n code via pipelined HTTP requests.\");\n\n script_tag(name:\"affected\", value:\"PHP versions before 5.4.40, 5.5.x before\n 5.5.24, and 5.6.x before 5.6.8\");\n\n script_tag(name:\"solution\", value:\"Upgrade to PHP 5.4.40 or 5.5.24 or 5.6.8\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!port = get_app_port(cpe:CPE))\n exit(0);\n\nif(!apVer = get_app_version(cpe:CPE, port:port))\n exit(0);\n\nif(apVer =~ \"^2\\.4\\.\") {\n\n CPE = \"cpe:/a:php:php\";\n\n if(!phpVer = get_app_version(cpe:CPE, port:port))\n exit(0);\n\n if(phpVer =~ \"^5\\.5\\.\") {\n if(version_in_range(version:phpVer, test_version:\"5.5.0\", test_version2:\"5.5.23\")) {\n fix = \"5.5.24\";\n VULN = TRUE;\n }\n }\n\n if(phpVer =~ \"^5\\.6\\.\") {\n if(version_in_range(version:phpVer, test_version:\"5.6.0\", test_version2:\"5.6.7\")) {\n fix = \"5.6.8\";\n VULN = TRUE;\n }\n }\n\n if(phpVer =~ \"^5\\.4\\.\") {\n if(version_is_less(version:phpVer, test_version:\"5.4.40\")) {\n fix = \"5.4.40\";\n VULN = TRUE;\n }\n }\n\n if(VULN) {\n report = report_fixed_ver(installed_version:phpVer, fixed_version:fix);\n security_message(port:port, data:report);\n exit(0);\n }\n}\n\nexit(99);", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-09T12:18:20", "bulletinFamily": "scanner", "description": "This host is installed with PHP and is prone\n to multiple vulnerabilities.", "modified": "2019-01-09T00:00:00", "published": "2015-06-17T00:00:00", "id": "OPENVAS:1361412562310805658", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805658", "title": "PHP Multiple Vulnerabilities - 04 - Jun15 (Linux)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_mult_vuln04_june15_lin.nasl 2015-06-17 16:00:15 Jun$\n#\n# PHP Multiple Vulnerabilities - 04 - Jun15 (Linux)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:http_server\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805658\");\n script_version(\"$Revision: 12986 $\");\n script_cve_id(\"CVE-2015-3330\");\n script_bugtraq_id(74204);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-01-09 08:58:52 +0100 (Wed, 09 Jan 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-17 16:00:15 +0530 (Wed, 17 Jun 2015)\");\n script_name(\"PHP Multiple Vulnerabilities - 04 - Jun15 (Linux)\");\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_php_detect.nasl\", \"secpod_apache_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"php/installed\", \"apache/installed\", \"Host/runs_unixoide\");\n\n script_xref(name:\"URL\", value:\"http://php.net/ChangeLog-5.php\");\n script_xref(name:\"URL\", value:\"https://bugs.php.net/bug.php?id=69085\");\n script_xref(name:\"URL\", value:\"http://openwall.com/lists/oss-security/2015/06/01/4\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PHP and is prone\n to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to vulnerability in\n 'php_handler' function in sapi/apache2handler/sapi_apache2.c script in PHP.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue allow\n remote attackers to cause a denial of service or possibly execute arbitrary\n code via pipelined HTTP requests.\");\n\n script_tag(name:\"affected\", value:\"PHP versions before 5.4.40, 5.5.x before\n 5.5.24, and 5.6.x before 5.6.8\");\n\n script_tag(name:\"solution\", value:\"Upgrade to PHP 5.4.40 or 5.5.24 or 5.6.8\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!port = get_app_port(cpe:CPE))\n exit(0);\n\nif(!apVer = get_app_version(cpe:CPE, port:port))\n exit(0);\n\nif(apVer =~ \"^2\\.4\\.\") {\n\n CPE = \"cpe:/a:php:php\";\n\n if(!phpVer = get_app_version(cpe:CPE, port:port))\n exit(0);\n\n if(phpVer =~ \"^5\\.5\\.\") {\n if(version_in_range(version:phpVer, test_version:\"5.5.0\", test_version2:\"5.5.23\")) {\n fix = \"5.5.24\";\n VULN = TRUE;\n }\n }\n\n if(phpVer =~ \"^5\\.6\\.\") {\n if(version_in_range(version:phpVer, test_version:\"5.6.0\", test_version2:\"5.6.7\")) {\n fix = \"5.6.8\";\n VULN = TRUE;\n }\n }\n\n if(phpVer =~ \"^5\\.4\\.\") {\n if(version_is_less(version:phpVer, test_version:\"5.4.40\")) {\n fix = \"5.4.40\";\n VULN = TRUE;\n }\n }\n\n if(VULN) {\n report = report_fixed_ver(installed_version:phpVer, fixed_version:fix);\n security_message(port:port, data:report);\n exit(0);\n }\n}\n\nexit(99);", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:51:28", "bulletinFamily": "scanner", "description": "Check the version of php", "modified": "2017-07-10T00:00:00", "published": "2015-04-28T00:00:00", "id": "OPENVAS:1361412562310869302", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869302", "title": "Fedora Update for php FEDORA-2015-6399", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2015-6399\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869302\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-28 05:16:12 +0200 (Tue, 28 Apr 2015)\");\n script_cve_id(\"CVE-2015-1351\", \"CVE-2015-1352\", \"CVE-2014-0185\", \"CVE-2013-6420\",\n \"CVE-2015-3329\", \"CVE-2015-2783\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for php FEDORA-2015-6399\");\n script_tag(name: \"summary\", value: \"Check the version of php\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"PHP is an HTML-embedded scripting language.\nPHP attempts to make it easy for developers to write dynamically generated web\npages. PHP also offers built-in database integration for several commercial and\nnon-commercial database management systems, so writing a database-enabled webpage\nwith PHP is fairly simple. The most common use of PHP coding is probably as a\nreplacement for CGI scripts.\n\nThe php package contains the module (often referred to as mod_php) which adds\nsupport for the PHP language to Apache HTTP Server.\n\");\n script_tag(name: \"affected\", value: \"php on Fedora 20\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-6399\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-April/156128.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.5.24~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:52:19", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities have been discovered in PHP:\n\nCVE-2015-4025 /\nCVE-2015-4026 \nMultiple function didn", "modified": "2017-07-07T00:00:00", "published": "2015-06-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703280", "id": "OPENVAS:703280", "title": "Debian Security Advisory DSA 3280-1 (php5 - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3280.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3280-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703280);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-2783\", \"CVE-2015-3329\", \"CVE-2015-4021\", \"CVE-2015-4022\",\n \"CVE-2015-4024\", \"CVE-2015-4025\", \"CVE-2015-4026\");\n script_name(\"Debian Security Advisory DSA 3280-1 (php5 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-06-07 00:00:00 +0200 (Sun, 07 Jun 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3280.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"php5 on Debian Linux\");\n script_tag(name: \"insight\", value: \"This package is a metapackage that, when installed, guarantees that you\nhave at least one of the four server-side versions of the PHP5 interpreter\ninstalled. Removing this package won't remove PHP5 from your system, however\nit may remove other packages that depend on this one.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy), these problems have been fixed\nin version 5.4.41-0+deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.6.9+dfsg-0+deb8u1.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 5.6.9+dfsg-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 5.6.9+dfsg-1.\n\nWe recommend that you upgrade your php5 packages.\");\n script_tag(name: \"summary\", value: \"Multiple vulnerabilities have been discovered in PHP:\n\nCVE-2015-4025 /\nCVE-2015-4026 \nMultiple function didn't check for NULL bytes in path names.\n\nCVE-2015-4024 \nDenial of service when processing multipart/form-data requests.\n\nCVE-2015-4022 \nInteger overflow in the ftp_genlist() function may result in\ndenial of service or potentially the execution of arbitrary code.\n\nCVE-2015-4021 CVE-2015-3329 CVE-2015-2783 \nMultiple vulnerabilities in the phar extension may result in\ndenial of service or potentially the execution of arbitrary code\nwhen processing malformed archives.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libphp5-embed\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysqlnd\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libphp5-embed\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\n# On the final stretch release this package has version 1.10.1+submodules+notgz-9 which causes a false positive\n#if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n# report += res;\n#}\nif ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysqlnd\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-phpdbg\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-readline\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libphp5-embed\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysqlnd\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-phpdbg\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-readline\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:52:36", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities have been discovered in PHP:\n\nCVE-2015-4025 /\nCVE-2015-4026 \nMultiple function didn", "modified": "2018-04-06T00:00:00", "published": "2015-06-07T00:00:00", "id": "OPENVAS:1361412562310703280", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703280", "title": "Debian Security Advisory DSA 3280-1 (php5 - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3280.nasl 9355 2018-04-06 07:16:07Z cfischer $\n# Auto-generated from advisory DSA 3280-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703280\");\n script_version(\"$Revision: 9355 $\");\n script_cve_id(\"CVE-2015-2783\", \"CVE-2015-3329\", \"CVE-2015-4021\", \"CVE-2015-4022\",\n \"CVE-2015-4024\", \"CVE-2015-4025\", \"CVE-2015-4026\");\n script_name(\"Debian Security Advisory DSA 3280-1 (php5 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2018-04-06 09:16:07 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value: \"2015-06-07 00:00:00 +0200 (Sun, 07 Jun 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3280.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"php5 on Debian Linux\");\n script_tag(name: \"insight\", value: \"This package is a metapackage that, when installed, guarantees that you\nhave at least one of the four server-side versions of the PHP5 interpreter\ninstalled. Removing this package won't remove PHP5 from your system, however\nit may remove other packages that depend on this one.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy), these problems have been fixed\nin version 5.4.41-0+deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.6.9+dfsg-0+deb8u1.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 5.6.9+dfsg-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 5.6.9+dfsg-1.\n\nWe recommend that you upgrade your php5 packages.\");\n script_tag(name: \"summary\", value: \"Multiple vulnerabilities have been discovered in PHP:\n\nCVE-2015-4025 /\nCVE-2015-4026 \nMultiple function didn't check for NULL bytes in path names.\n\nCVE-2015-4024 \nDenial of service when processing multipart/form-data requests.\n\nCVE-2015-4022 \nInteger overflow in the ftp_genlist() function may result in\ndenial of service or potentially the execution of arbitrary code.\n\nCVE-2015-4021 CVE-2015-3329 CVE-2015-2783 \nMultiple vulnerabilities in the phar extension may result in\ndenial of service or potentially the execution of arbitrary code\nwhen processing malformed archives.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libphp5-embed\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysqlnd\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.4.41-0+deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libphp5-embed\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\n# On the final stretch release this package has version 1.10.1+submodules+notgz-9 which causes a false positive\n#if ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n# report += res;\n#}\nif ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysqlnd\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-phpdbg\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-readline\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.6.9+dfsg-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libphp5-embed\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysqlnd\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-phpdbg\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-readline\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.6.9+dfsg-0+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-02T14:30:41", "bulletinFamily": "scanner", "description": "Amazon Linux Local Security Checks", "modified": "2018-10-01T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120535", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120535", "title": "Amazon Linux Local Check: alas-2015-510", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2015-510.nasl 6575 2017-07-06 13:42:08Z cfischer$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120535\");\n script_version(\"$Revision: 11703 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:28:54 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 10:05:31 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: alas-2015-510\");\n script_tag(name:\"insight\", value:\"A use-after-free flaw was found in PHP's OPcache extension. This flaw could possibly lead to a disclosure of portion of server memory. (CVE-2015-1351 )A NULL pointer dereference flaw was found in PHP's pgsql extension. A specially crafted table name passed to function as pg_insert() or pg_select() could cause a PHP application to crash. (CVE-2015-1352 )A buffer overflow flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-3329 )\");\n script_tag(name:\"solution\", value:\"Run yum update php55 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-510.html\");\n script_cve_id(\"CVE-2015-3329\", \"CVE-2015-1351\", \"CVE-2015-1352\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"php55-tidy\", rpm:\"php55-tidy~5.5.24~1.100.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-process\", rpm:\"php55-process~5.5.24~1.100.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-snmp\", rpm:\"php55-snmp~5.5.24~1.100.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-enchant\", rpm:\"php55-enchant~5.5.24~1.100.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-opcache\", rpm:\"php55-opcache~5.5.24~1.100.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-mssql\", rpm:\"php55-mssql~5.5.24~1.100.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-pgsql\", rpm:\"php55-pgsql~5.5.24~1.100.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-gmp\", rpm:\"php55-gmp~5.5.24~1.100.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-xml\", rpm:\"php55-xml~5.5.24~1.100.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-ldap\", rpm:\"php55-ldap~5.5.24~1.100.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-debuginfo\", rpm:\"php55-debuginfo~5.5.24~1.100.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-mysqlnd\", rpm:\"php55-mysqlnd~5.5.24~1.100.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-dba\", rpm:\"php55-dba~5.5.24~1.100.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-odbc\", rpm:\"php55-odbc~5.5.24~1.100.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-devel\", rpm:\"php55-devel~5.5.24~1.100.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-common\", rpm:\"php55-common~5.5.24~1.100.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-imap\", rpm:\"php55-imap~5.5.24~1.100.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-recode\", rpm:\"php55-recode~5.5.24~1.100.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-mbstring\", rpm:\"php55-mbstring~5.5.24~1.100.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-pdo\", rpm:\"php55-pdo~5.5.24~1.100.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-pspell\", rpm:\"php55-pspell~5.5.24~1.100.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-gd\", rpm:\"php55-gd~5.5.24~1.100.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-bcmath\", rpm:\"php55-bcmath~5.5.24~1.100.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55\", rpm:\"php55~5.5.24~1.100.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-xmlrpc\", rpm:\"php55-xmlrpc~5.5.24~1.100.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-intl\", rpm:\"php55-intl~5.5.24~1.100.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-embedded\", rpm:\"php55-embedded~5.5.24~1.100.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-mcrypt\", rpm:\"php55-mcrypt~5.5.24~1.100.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-soap\", rpm:\"php55-soap~5.5.24~1.100.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-cli\", rpm:\"php55-cli~5.5.24~1.100.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php55-fpm\", rpm:\"php55-fpm~5.5.24~1.100.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-01-16T20:21:27", "bulletinFamily": "scanner", "description": "PHP was updated to fix three security issues.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2015-3330: Specially crafted PHAR files could, when\n executed under Apache httpd 2.4 (apache2handler), allow\n arbitrary code execution (bnc#928506)\n\n - CVE-2015-3329: Specially crafted PHAR data could lead to\n disclosure of sensitive information due to a buffer\n overflow (bnc#928506)\n\n - CVE-2015-2783: Specially crafted PHAR data could lead to\n disclosure of sensitive information due to a buffer\n over-read (bnc#928511)\n\nOn openSUSE 13.2, the following bug was fixed :\n\n - boo#927147: php5-fpm did not start correctly", "modified": "2015-10-05T00:00:00", "published": "2015-05-13T00:00:00", "id": "OPENSUSE-2015-352.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83391", "title": "openSUSE Security Update : php5 (openSUSE-2015-352)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-352.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83391);\n script_version(\"$Revision: 2.7 $\");\n script_cvs_date(\"$Date: 2015/10/05 13:44:22 $\");\n\n script_cve_id(\"CVE-2015-2783\", \"CVE-2015-3329\", \"CVE-2015-3330\");\n\n script_name(english:\"openSUSE Security Update : php5 (openSUSE-2015-352)\");\n script_summary(english:\"Check for the openSUSE-2015-352 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"PHP was updated to fix three security issues.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2015-3330: Specially crafted PHAR files could, when\n executed under Apache httpd 2.4 (apache2handler), allow\n arbitrary code execution (bnc#928506)\n\n - CVE-2015-3329: Specially crafted PHAR data could lead to\n disclosure of sensitive information due to a buffer\n overflow (bnc#928506)\n\n - CVE-2015-2783: Specially crafted PHAR data could lead to\n disclosure of sensitive information due to a buffer\n over-read (bnc#928511)\n\nOn openSUSE 13.2, the following bug was fixed :\n\n - boo#927147: php5-fpm did not start correctly\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=927147\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=928408\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=928506\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=928511\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-firebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-firebird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mssql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-opcache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"apache2-mod_php5-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"apache2-mod_php5-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-bcmath-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-bcmath-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-bz2-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-bz2-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-calendar-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-calendar-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ctype-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ctype-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-curl-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-curl-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-dba-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-dba-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-debugsource-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-devel-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-dom-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-dom-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-enchant-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-enchant-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-exif-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-exif-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fastcgi-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fastcgi-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fileinfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fileinfo-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-firebird-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-firebird-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fpm-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fpm-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ftp-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ftp-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gd-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gd-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gettext-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gettext-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gmp-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gmp-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-iconv-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-iconv-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-imap-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-imap-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-intl-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-intl-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-json-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-json-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ldap-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ldap-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mbstring-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mbstring-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mcrypt-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mcrypt-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mssql-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mssql-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mysql-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mysql-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-odbc-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-odbc-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-openssl-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-openssl-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pcntl-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pcntl-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pdo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pdo-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pear-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pgsql-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pgsql-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-phar-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-phar-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-posix-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-posix-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pspell-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pspell-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-readline-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-readline-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-shmop-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-shmop-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-snmp-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-snmp-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-soap-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-soap-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sockets-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sockets-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sqlite-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sqlite-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-suhosin-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-suhosin-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvmsg-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvmsg-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvsem-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvsem-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvshm-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvshm-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-tidy-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-tidy-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-tokenizer-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-tokenizer-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-wddx-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-wddx-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlreader-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlreader-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlrpc-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlrpc-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlwriter-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlwriter-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xsl-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xsl-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-zip-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-zip-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-zlib-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-zlib-debuginfo-5.4.20-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"apache2-mod_php5-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"apache2-mod_php5-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-bcmath-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-bcmath-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-bz2-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-bz2-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-calendar-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-calendar-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ctype-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ctype-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-curl-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-curl-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-dba-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-dba-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-debugsource-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-devel-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-dom-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-dom-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-enchant-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-enchant-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-exif-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-exif-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fastcgi-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fastcgi-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fileinfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fileinfo-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-firebird-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-firebird-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fpm-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fpm-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ftp-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ftp-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gd-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gd-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gettext-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gettext-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gmp-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gmp-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-iconv-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-iconv-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-imap-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-imap-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-intl-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-intl-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-json-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-json-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ldap-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ldap-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mbstring-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mbstring-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mcrypt-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mcrypt-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mssql-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mssql-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mysql-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mysql-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-odbc-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-odbc-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-opcache-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-opcache-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-openssl-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-openssl-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pcntl-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pcntl-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pdo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pdo-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pear-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pgsql-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pgsql-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-phar-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-phar-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-posix-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-posix-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pspell-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pspell-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-readline-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-readline-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-shmop-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-shmop-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-snmp-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-snmp-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-soap-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-soap-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sockets-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sockets-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sqlite-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sqlite-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-suhosin-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-suhosin-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvmsg-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvmsg-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvsem-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvsem-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvshm-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvshm-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-tidy-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-tidy-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-tokenizer-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-tokenizer-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-wddx-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-wddx-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlreader-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlreader-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlrpc-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlrpc-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlwriter-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlwriter-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xsl-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xsl-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-zip-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-zip-debuginfo-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-zlib-5.6.1-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-zlib-debuginfo-5.6.1-21.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_php5 / apache2-mod_php5-debuginfo / php5 / php5-bcmath / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:21:24", "bulletinFamily": "scanner", "description": "Updated php packages fix security vulnerabilities :\n\nBuffer Over-read in unserialize when parsing Phar (CVE-2015-2783).\n\nBuffer Overflow when parsing tar/zip/phar in phar_set_inode\n(CVE-2015-3329).\n\nPotential remote code execution with apache 2.4 apache2handler\n(CVE-2015-3330).\n\nPHP has been updated to version 5.5.24, which fixes these issues and\nother bugs.\n\nAdditionally the timezonedb packages has been upgraded to the latest\nversion and the PECL packages which requires so has been rebuilt for\nphp-5.5.24.", "modified": "2018-07-19T00:00:00", "published": "2015-04-28T00:00:00", "id": "MANDRIVA_MDVSA-2015-209.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83101", "title": "Mandriva Linux Security Advisory : php (MDVSA-2015:209)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:209. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83101);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2018/07/19 20:59:19\");\n\n script_cve_id(\"CVE-2015-2783\", \"CVE-2015-3329\", \"CVE-2015-3330\");\n script_xref(name:\"MDVSA\", value:\"2015:209\");\n\n script_name(english:\"Mandriva Linux Security Advisory : php (MDVSA-2015:209)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated php packages fix security vulnerabilities :\n\nBuffer Over-read in unserialize when parsing Phar (CVE-2015-2783).\n\nBuffer Overflow when parsing tar/zip/phar in phar_set_inode\n(CVE-2015-3329).\n\nPotential remote code execution with apache 2.4 apache2handler\n(CVE-2015-3330).\n\nPHP has been updated to version 5.5.24, which fixes these issues and\nother bugs.\n\nAdditionally the timezonedb packages has been upgraded to the latest\nversion and the PECL packages which requires so has been rebuilt for\nphp-5.5.24.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2015-0169.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64php5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-apc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-apc-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-hash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-interbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysqli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_dblib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_firebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sqlite3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sybase_ct\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-timezonedb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"apache-mod_php-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64php5_common5-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-apc-3.1.15-1.18.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-apc-admin-3.1.15-1.18.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-bcmath-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-bz2-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-calendar-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-cgi-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-cli-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-ctype-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-curl-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-dba-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-devel-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"php-doc-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-dom-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-enchant-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-exif-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-fileinfo-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-filter-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-fpm-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-ftp-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-gd-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-gettext-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-gmp-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-hash-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-iconv-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-imap-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-ini-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-intl-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-json-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-ldap-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-mbstring-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-mcrypt-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-mssql-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-mysql-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-mysqli-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-mysqlnd-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-odbc-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-opcache-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-openssl-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-pcntl-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-pdo-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-pdo_dblib-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-pdo_mysql-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-pdo_odbc-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-pdo_pgsql-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-pdo_sqlite-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-pgsql-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-phar-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-posix-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-readline-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-recode-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-session-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-shmop-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-snmp-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-soap-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-sockets-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-sqlite3-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-sybase_ct-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-sysvmsg-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-sysvsem-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-sysvshm-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-tidy-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-timezonedb-2015.4-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-tokenizer-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-wddx-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-xml-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-xmlreader-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-xmlrpc-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-xmlwriter-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-xsl-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-zip-5.5.24-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-zlib-5.5.24-1.mbs1\")) flag++;\n\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"apache-mod_php-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64php5_common5-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-bcmath-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-bz2-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-calendar-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-cgi-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-cli-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-ctype-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-curl-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-dba-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-devel-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", reference:\"php-doc-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-dom-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-enchant-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-exif-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-fileinfo-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-filter-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-fpm-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-ftp-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-gd-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-gettext-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-gmp-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-hash-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-iconv-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-imap-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-ini-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-interbase-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-intl-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-json-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-ldap-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-mbstring-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-mcrypt-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-mssql-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-mysql-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-mysqli-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-mysqlnd-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-odbc-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-opcache-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-openssl-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-pcntl-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-pdo-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-pdo_dblib-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-pdo_firebird-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-pdo_mysql-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-pdo_odbc-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-pdo_pgsql-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-pdo_sqlite-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-pgsql-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-phar-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-posix-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-readline-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-recode-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-session-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-shmop-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-snmp-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-soap-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-sockets-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-sqlite3-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-sybase_ct-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-sysvmsg-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-sysvsem-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-sysvshm-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-tidy-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-timezonedb-2015.4-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-tokenizer-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-wddx-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-xml-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-xmlreader-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-xmlrpc-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-xmlwriter-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-xsl-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-zip-5.5.24-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-zlib-5.5.24-1.mbs2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:21:21", "bulletinFamily": "scanner", "description": "It was discovered that PHP incorrectly handled cleanup when used with\nApache 2.4. A remote attacker could use this issue to cause PHP to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. (CVE-2015-3330)\n\nIt was discovered that PHP incorrectly handled opening tar, zip or\nphar archives through the PHAR extension. A remote attacker could use\nthis issue to cause PHP to crash, resulting in a denial of service, or\npossibly execute arbitrary code. (CVE-2015-3329)\n\nIt was discovered that PHP incorrectly handled regular expressions. A\nremote attacker could use this issue to cause PHP to crash, resulting\nin a denial of service, or possibly execute arbitrary code.\n(CVE-2015-2305)\n\nPaulos Yibelo discovered that PHP incorrectly handled moving files\nwhen a pathname contained a null character. A remote attacker could\nuse this issue to possibly bypass filename restrictions. This issue\nonly applied to Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-2348)\n\nIt was discovered that PHP incorrectly handled unserializing PHAR\nfiles. A remote attacker could use this issue to cause PHP to possibly\nexpose sensitive information. (CVE-2015-2783)\n\nTaoguang Chen discovered that PHP incorrectly handled unserializing\ncertain objects. A remote attacker could use this issue to cause PHP\nto crash, resulting in a denial of service, or possibly execute\narbitrary code. (CVE-2015-2787).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-12-01T00:00:00", "published": "2015-04-21T00:00:00", "id": "UBUNTU_USN-2572-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82911", "title": "Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : php5 vulnerabilities (USN-2572-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2572-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82911);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/12/01 15:12:39\");\n\n script_cve_id(\"CVE-2015-2305\", \"CVE-2015-2348\", \"CVE-2015-2783\", \"CVE-2015-2787\", \"CVE-2015-3329\", \"CVE-2015-3330\");\n script_bugtraq_id(72611, 73431, 73434, 74204);\n script_xref(name:\"USN\", value:\"2572-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : php5 vulnerabilities (USN-2572-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that PHP incorrectly handled cleanup when used with\nApache 2.4. A remote attacker could use this issue to cause PHP to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. (CVE-2015-3330)\n\nIt was discovered that PHP incorrectly handled opening tar, zip or\nphar archives through the PHAR extension. A remote attacker could use\nthis issue to cause PHP to crash, resulting in a denial of service, or\npossibly execute arbitrary code. (CVE-2015-3329)\n\nIt was discovered that PHP incorrectly handled regular expressions. A\nremote attacker could use this issue to cause PHP to crash, resulting\nin a denial of service, or possibly execute arbitrary code.\n(CVE-2015-2305)\n\nPaulos Yibelo discovered that PHP incorrectly handled moving files\nwhen a pathname contained a null character. A remote attacker could\nuse this issue to possibly bypass filename restrictions. This issue\nonly applied to Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-2348)\n\nIt was discovered that PHP incorrectly handled unserializing PHAR\nfiles. A remote attacker could use this issue to cause PHP to possibly\nexpose sensitive information. (CVE-2015-2783)\n\nTaoguang Chen discovered that PHP incorrectly handled unserializing\ncertain objects. A remote attacker could use this issue to cause PHP\nto crash, resulting in a denial of service, or possibly execute\narbitrary code. (CVE-2015-2787).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2572-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.04|12\\.04|14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 12.04 / 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.3.2-1ubuntu4.30\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-cgi\", pkgver:\"5.3.2-1ubuntu4.30\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"php5-cli\", pkgver:\"5.3.2-1ubuntu4.30\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.3.10-1ubuntu3.18\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"php5-cgi\", pkgver:\"5.3.10-1ubuntu3.18\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"php5-cli\", pkgver:\"5.3.10-1ubuntu3.18\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"php5-fpm\", pkgver:\"5.3.10-1ubuntu3.18\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.5.9+dfsg-1ubuntu4.9\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"php5-cgi\", pkgver:\"5.5.9+dfsg-1ubuntu4.9\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"php5-cli\", pkgver:\"5.5.9+dfsg-1ubuntu4.9\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"php5-fpm\", pkgver:\"5.5.9+dfsg-1ubuntu4.9\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.5.12+dfsg-2ubuntu4.4\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"php5-cgi\", pkgver:\"5.5.12+dfsg-2ubuntu4.4\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"php5-cli\", pkgver:\"5.5.12+dfsg-2ubuntu4.4\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"php5-fpm\", pkgver:\"5.5.12+dfsg-2ubuntu4.4\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libapache2-mod-php5 / php5-cgi / php5-cli / php5-fpm\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:39:59", "bulletinFamily": "scanner", "description": "PHP was updated to fix ten security issues.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2014-9709: A specially crafted GIF file could cause\n a buffer read overflow in php-gd (bnc#923946)\n\n - CVE-2015-2301: Memory was use after it was freed in PHAR\n (bnc#922022)\n\n - CVE-2015-2305: heap overflow vulnerability in regcomp.c\n (bnc#922452)\n\n - CVE-2014-9705: heap buffer overflow in Enchant\n (bnc#922451)\n\n - CVE-2015-2787: use-after-free vulnerability in the\n process_nested_data function (bnc#924972)\n\n - unserialize SoapClient type confusion (bnc#925109)\n\n - CVE-2015-2348: move_uploaded_file truncates a pathNAME\n upon encountering a x00 character (bnc#924970)\n\n - CVE-2015-3330: Specially crafted PHAR files could, when\n executed under Apache httpd 2.4 (apache2handler), allow\n arbitrary code execution (bnc#928506)\n\n - CVE-2015-3329: Specially crafted PHAR data could lead to\n disclosure of sensitive information due to a buffer\n overflow (bnc#928506)\n\n - CVE-2015-2783: Specially crafted PHAR data could lead to\n disclosure of sensitive information due to a buffer\n over-read (bnc#928511)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-01-02T00:00:00", "published": "2019-01-02T00:00:00", "id": "SUSE_SU-2015-0868-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=119964", "title": "SUSE SLES12 Security Update : php5 (SUSE-SU-2015:0868-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:0868-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119964);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/01/02 10:36:38\");\n\n script_cve_id(\"CVE-2014-9705\", \"CVE-2014-9709\", \"CVE-2015-2301\", \"CVE-2015-2305\", \"CVE-2015-2348\", \"CVE-2015-2783\", \"CVE-2015-2787\", \"CVE-2015-3329\", \"CVE-2015-3330\");\n script_bugtraq_id(72611, 73031, 73037, 73306, 73431, 73434, 74204, 74239, 74240);\n\n script_name(english:\"SUSE SLES12 Security Update : php5 (SUSE-SU-2015:0868-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"PHP was updated to fix ten security issues.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2014-9709: A specially crafted GIF file could cause\n a buffer read overflow in php-gd (bnc#923946)\n\n - CVE-2015-2301: Memory was use after it was freed in PHAR\n (bnc#922022)\n\n - CVE-2015-2305: heap overflow vulnerability in regcomp.c\n (bnc#922452)\n\n - CVE-2014-9705: heap buffer overflow in Enchant\n (bnc#922451)\n\n - CVE-2015-2787: use-after-free vulnerability in the\n process_nested_data function (bnc#924972)\n\n - unserialize SoapClient type confusion (bnc#925109)\n\n - CVE-2015-2348: move_uploaded_file truncates a pathNAME\n upon encountering a x00 character (bnc#924970)\n\n - CVE-2015-3330: Specially crafted PHAR files could, when\n executed under Apache httpd 2.4 (apache2handler), allow\n arbitrary code execution (bnc#928506)\n\n - CVE-2015-3329: Specially crafted PHAR data could lead to\n disclosure of sensitive information due to a buffer\n overflow (bnc#928506)\n\n - CVE-2015-2783: Specially crafted PHAR data could lead to\n disclosure of sensitive information due to a buffer\n over-read (bnc#928511)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=922022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=922451\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=922452\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=923946\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=924970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=924972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=925109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=928408\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=928506\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=928511\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9705/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9709/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-2301/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-2305/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-2348/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-2783/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-2787/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-3329/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-3330/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20150868-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?632b005e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2015-192=1\n\nSUSE Linux Enterprise Module for Web Scripting 12 :\n\nzypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2015-192=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-suhosin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! ereg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-mod_php5-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-mod_php5-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bcmath-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bcmath-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bz2-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bz2-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-calendar-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-calendar-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ctype-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ctype-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-curl-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-curl-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dba-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dba-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-debugsource-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dom-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dom-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-enchant-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-enchant-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-exif-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-exif-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fastcgi-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fastcgi-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fileinfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fileinfo-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fpm-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fpm-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ftp-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ftp-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gd-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gd-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gettext-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gettext-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gmp-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gmp-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-iconv-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-iconv-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-intl-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-intl-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-json-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-json-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ldap-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ldap-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mbstring-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mbstring-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mcrypt-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mcrypt-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mysql-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mysql-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-odbc-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-odbc-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-openssl-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-openssl-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pcntl-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pcntl-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pdo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pdo-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pgsql-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pgsql-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pspell-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pspell-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-shmop-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-shmop-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-snmp-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-snmp-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-soap-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-soap-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sockets-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sockets-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sqlite-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sqlite-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-suhosin-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-suhosin-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvmsg-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvmsg-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvsem-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvsem-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvshm-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvshm-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-tokenizer-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-tokenizer-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-wddx-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-wddx-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlreader-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlreader-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlrpc-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlrpc-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlwriter-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlwriter-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xsl-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xsl-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zip-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zip-debuginfo-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zlib-5.5.14-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zlib-debuginfo-5.5.14-22.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php5\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:21:25", "bulletinFamily": "scanner", "description": "CVE-2014-9705 Heap-based buffer overflow in the\nenchant_broker_request_dict function in ext/enchant/enchant.c in PHP\nbefore 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows\nremote attackers to execute arbitrary code via vectors that trigger\ncreation of multiple dictionaries.\n\nCVE-2015-0232 The exif_process_unicode function in ext/exif/exif.c in\nPHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows\nremote attackers to execute arbitrary code or cause a denial of\nservice (uninitialized pointer free and application crash) via crafted\nEXIF data in a JPEG image.\n\nCVE-2015-2301 Use-after-free vulnerability in the phar_rename_archive\nfunction in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6\nallows remote attackers to cause a denial of service or possibly have\nunspecified other impact via vectors that trigger an attempted\nrenaming of a Phar archive to the name of an existing file.\n\nCVE-2015-2331 Integer overflow in the _zip_cdir_new function in\nzip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP\nextension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before\n5.6.7 and other products, allows remote attackers to cause a denial of\nservice (application crash) or possibly execute arbitrary code via a\nZIP archive that contains many entries, leading to a heap-based buffer\noverflow.\n\nCVE-2015-2783 Buffer Over-read in unserialize when parsing Phar\n\nCVE-2015-2787 Use-after-free vulnerability in the process_nested_data\nfunction in ext/standard/var_unserializer.re in PHP before 5.4.39,\n5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to\nexecute arbitrary code via a crafted unserialize call that leverages\nuse of the unset function within an __wakeup function, a related issue\nto CVE-2015-0231.\n\nCVE-2015-3329 Buffer Overflow when parsing tar/zip/phar in\nphar_set_inode)\n\nCVE-2015-3330 PHP potential remote code execution with apache 2.4\napache2handler\n\nCVE-2015-temp-68819 denial of service when processing a crafted file\nwith Fileinfo\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "modified": "2018-07-06T00:00:00", "published": "2015-04-30T00:00:00", "id": "DEBIAN_DLA-212.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83144", "title": "Debian DLA-212-1 : php5 security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-212-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83144);\n script_version(\"2.11\");\n script_cvs_date(\"Date: 2018/07/06 11:26:06\");\n\n script_cve_id(\"CVE-2014-9705\", \"CVE-2015-0232\", \"CVE-2015-2301\", \"CVE-2015-2331\", \"CVE-2015-2783\", \"CVE-2015-2787\", \"CVE-2015-3329\", \"CVE-2015-3330\");\n script_bugtraq_id(72541, 73031, 73037, 73182, 73431, 74204, 74239, 74240);\n\n script_name(english:\"Debian DLA-212-1 : php5 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2014-9705 Heap-based buffer overflow in the\nenchant_broker_request_dict function in ext/enchant/enchant.c in PHP\nbefore 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows\nremote attackers to execute arbitrary code via vectors that trigger\ncreation of multiple dictionaries.\n\nCVE-2015-0232 The exif_process_unicode function in ext/exif/exif.c in\nPHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows\nremote attackers to execute arbitrary code or cause a denial of\nservice (uninitialized pointer free and application crash) via crafted\nEXIF data in a JPEG image.\n\nCVE-2015-2301 Use-after-free vulnerability in the phar_rename_archive\nfunction in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6\nallows remote attackers to cause a denial of service or possibly have\nunspecified other impact via vectors that trigger an attempted\nrenaming of a Phar archive to the name of an existing file.\n\nCVE-2015-2331 Integer overflow in the _zip_cdir_new function in\nzip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP\nextension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before\n5.6.7 and other products, allows remote attackers to cause a denial of\nservice (application crash) or possibly execute arbitrary code via a\nZIP archive that contains many entries, leading to a heap-based buffer\noverflow.\n\nCVE-2015-2783 Buffer Over-read in unserialize when parsing Phar\n\nCVE-2015-2787 Use-after-free vulnerability in the process_nested_data\nfunction in ext/standard/var_unserializer.re in PHP before 5.4.39,\n5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to\nexecute arbitrary code via a crafted unserialize call that leverages\nuse of the unset function within an __wakeup function, a related issue\nto CVE-2015-0231.\n\nCVE-2015-3329 Buffer Overflow when parsing tar/zip/phar in\nphar_set_inode)\n\nCVE-2015-3330 PHP potential remote code execution with apache 2.4\napache2handler\n\nCVE-2015-temp-68819 denial of service when processing a crafted file\nwith Fileinfo\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/04/msg00025.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/php5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libapache2-mod-php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libapache2-mod-php5filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-interbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libapache2-mod-php5\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libapache2-mod-php5filter\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php-pear\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-cgi\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-cli\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-common\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-curl\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-dbg\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-dev\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-enchant\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-gd\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-gmp\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-imap\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-interbase\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-intl\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-ldap\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-mcrypt\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-mysql\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-odbc\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-pgsql\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-pspell\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-recode\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-snmp\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-sqlite\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-sybase\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-tidy\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-xmlrpc\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-xsl\", reference:\"5.3.3.1-7+squeeze26\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:21:24", "bulletinFamily": "scanner", "description": "16 Apr 2015, **PHP 5.5.24**\n\nApache2handler :\n\n - Fixed bug #69218 (potential remote code execution with\n apache 2.4 apache2handler). (Gerrit Venema)\n\nCore :\n\n - Fixed bug #66609 (php crashes with __get() and ++\n operator in some cases). (Dmitry, Laruence)\n\n - Fixed bug #67626 (User exceptions not properly handled\n in streams). (Julian)\n\n - Fixed bug #68021 (get_browser() browser_name_regex\n returns non-utf-8 characters). (Tjerk)\n\n - Fixed bug #68917 (parse_url fails on some partial\n urls). (Wei Dai)\n\n - Fixed bug #69134 (Per Directory Values overrides\n PHP_INI_SYSTEM configuration options). (Anatol Belski)\n\n - Additional fix for bug #69152 (Type confusion\n vulnerability in exception::getTraceAsString). (Stas)\n\n - Fixed bug #69212 (Leaking VIA_HANDLER func when\n exception thrown in __call/... arg passing). (Nikita)\n\n - Fixed bug #69221 (Segmentation fault when using a\n generator in combination with an Iterator). (Nikita)\n\n - Fixed bug #69337 (php_stream_url_wrap_http_ex()\n type-confusion vulnerability). (Stas)\n\n - Fixed bug #69353 (Missing null byte checks for paths\n in various PHP extensions). (Stas)\n\nCurl :\n\n - Implemented FR#69278 (HTTP2 support). (Masaki Kagaya)\n\n - Fixed bug #69316 (Use-after-free in php_curl related\n to CURLOPT_FILE/_INFILE/_WRITEHEADER). (Laruence)\n\nDate :\n\n - Export date_get_immutable_ce so that it can be used by\n extensions. (Derick Rethans)\n\n - Fixed bug #69336 (Issues with 'last day of\n <monthname>'). (Derick Rethans)\n\nEnchant :\n\n - Fixed bug #65406 (Enchant broker plugins are in the\n wrong place in windows builds). (Anatol)\n\nFileinfo :\n\n - Fixed bug #68819 (Fileinfo on specific file causes\n spurious OOM and/or segfault). (Anatol Belski)\n\nFilter :\n\n - Fixed bug #69202 (FILTER_FLAG_STRIP_BACKTICK ignored\n unless other flags are used). (Jeff Welch)\n\n - Fixed bug #69203 (FILTER_FLAG_STRIP_HIGH doesn't strip\n ASCII 127). (Jeff Welch)\n\nMbstring :\n\n - Fixed bug #68846 (False detection of CJK Unified\n Ideographs Extension E). (Masaki Kagaya)\n\nOPCache\n\n - Fixed bug #68677 (Use After Free). (CVE-2015-1351)\n (Laruence)\n\n - Fixed bug #69281 (opcache_is_script_cached no longer\n works). (danack)\n\nOpenSSL :\n\n - Fixed bug #67403 (Add signatureType to\n openssl_x509_parse).\n\n - Add a check for RAND_egd to allow compiling against\n LibreSSL (Leigh)\n\nPhar :\n\n - Fixed bug #64343 (PharData::extractTo fails for tarball\n created by BSD tar). (Mike)\n\n - Fixed bug #64931 (phar_add_file is too restrictive on\n filename). (Mike)\n\n - Fixed bug #65467 (Call to undefined method\n cli_arg_typ_string). (Mike)\n\n - Fixed bug #67761 (Phar::mapPhar fails for Phars inside\n a path containing '.tar'). (Mike)\n\n - Fixed bug #69324 (Buffer Over-read in unserialize when\n parsing Phar). (Stas)\n\n - Fixed bug #69441 (Buffer Overflow when parsing\n tar/zip/phar in phar_set_inode). (Stas)\n\nPostgres :\n\n - Fixed bug #68741 (NULL pointer dereference).\n (CVE-2015-1352) (Laruence)\n\nSPL :\n\n - Fixed bug #69227 (Use after free in zval_scan caused by\n spl_object_storage_get_gc). (adam dot scarr at 99designs\n dot com)\n\nSOAP :\n\n - Fixed bug #69293 (NEW segfault when using\n SoapClient::__setSoapHeader (bisected, regression)).\n (thomas at shadowweb dot org, Laruence)\n\nSQLITE :\n\n - Fixed bug #68760 (SQLITE segfaults if custom collator\n throws an exception). (Dan Ackroyd)\n\n - Fixed bug #69287 (Upgrade bundled sqlite to 3.8.8.3).\n (Anatol)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2015-10-19T00:00:00", "published": "2015-04-28T00:00:00", "id": "FEDORA_2015-6399.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83093", "title": "Fedora 20 : php-5.5.24-1.fc20 (2015-6399)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-6399.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83093);\n script_version(\"$Revision: 2.7 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:14:52 $\");\n\n script_cve_id(\"CVE-2015-1351\", \"CVE-2015-1352\", \"CVE-2015-2783\", \"CVE-2015-3329\");\n script_xref(name:\"FEDORA\", value:\"2015-6399\");\n\n script_name(english:\"Fedora 20 : php-5.5.24-1.fc20 (2015-6399)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"16 Apr 2015, **PHP 5.5.24**\n\nApache2handler :\n\n - Fixed bug #69218 (potential remote code execution with\n apache 2.4 apache2handler). (Gerrit Venema)\n\nCore :\n\n - Fixed bug #66609 (php crashes with __get() and ++\n operator in some cases). (Dmitry, Laruence)\n\n - Fixed bug #67626 (User exceptions not properly handled\n in streams). (Julian)\n\n - Fixed bug #68021 (get_browser() browser_name_regex\n returns non-utf-8 characters). (Tjerk)\n\n - Fixed bug #68917 (parse_url fails on some partial\n urls). (Wei Dai)\n\n - Fixed bug #69134 (Per Directory Values overrides\n PHP_INI_SYSTEM configuration options). (Anatol Belski)\n\n - Additional fix for bug #69152 (Type confusion\n vulnerability in exception::getTraceAsString). (Stas)\n\n - Fixed bug #69212 (Leaking VIA_HANDLER func when\n exception thrown in __call/... arg passing). (Nikita)\n\n - Fixed bug #69221 (Segmentation fault when using a\n generator in combination with an Iterator). (Nikita)\n\n - Fixed bug #69337 (php_stream_url_wrap_http_ex()\n type-confusion vulnerability). (Stas)\n\n - Fixed bug #69353 (Missing null byte checks for paths\n in various PHP extensions). (Stas)\n\nCurl :\n\n - Implemented FR#69278 (HTTP2 support). (Masaki Kagaya)\n\n - Fixed bug #69316 (Use-after-free in php_curl related\n to CURLOPT_FILE/_INFILE/_WRITEHEADER). (Laruence)\n\nDate :\n\n - Export date_get_immutable_ce so that it can be used by\n extensions. (Derick Rethans)\n\n - Fixed bug #69336 (Issues with 'last day of\n <monthname>'). (Derick Rethans)\n\nEnchant :\n\n - Fixed bug #65406 (Enchant broker plugins are in the\n wrong place in windows builds). (Anatol)\n\nFileinfo :\n\n - Fixed bug #68819 (Fileinfo on specific file causes\n spurious OOM and/or segfault). (Anatol Belski)\n\nFilter :\n\n - Fixed bug #69202 (FILTER_FLAG_STRIP_BACKTICK ignored\n unless other flags are used). (Jeff Welch)\n\n - Fixed bug #69203 (FILTER_FLAG_STRIP_HIGH doesn't strip\n ASCII 127). (Jeff Welch)\n\nMbstring :\n\n - Fixed bug #68846 (False detection of CJK Unified\n Ideographs Extension E). (Masaki Kagaya)\n\nOPCache\n\n - Fixed bug #68677 (Use After Free). (CVE-2015-1351)\n (Laruence)\n\n - Fixed bug #69281 (opcache_is_script_cached no longer\n works). (danack)\n\nOpenSSL :\n\n - Fixed bug #67403 (Add signatureType to\n openssl_x509_parse).\n\n - Add a check for RAND_egd to allow compiling against\n LibreSSL (Leigh)\n\nPhar :\n\n - Fixed bug #64343 (PharData::extractTo fails for tarball\n created by BSD tar). (Mike)\n\n - Fixed bug #64931 (phar_add_file is too restrictive on\n filename). (Mike)\n\n - Fixed bug #65467 (Call to undefined method\n cli_arg_typ_string). (Mike)\n\n - Fixed bug #67761 (Phar::mapPhar fails for Phars inside\n a path containing '.tar'). (Mike)\n\n - Fixed bug #69324 (Buffer Over-read in unserialize when\n parsing Phar). (Stas)\n\n - Fixed bug #69441 (Buffer Overflow when parsing\n tar/zip/phar in phar_set_inode). (Stas)\n\nPostgres :\n\n - Fixed bug #68741 (NULL pointer dereference).\n (CVE-2015-1352) (Laruence)\n\nSPL :\n\n - Fixed bug #69227 (Use after free in zval_scan caused by\n spl_object_storage_get_gc). (adam dot scarr at 99designs\n dot com)\n\nSOAP :\n\n - Fixed bug #69293 (NEW segfault when using\n SoapClient::__setSoapHeader (bisected, regression)).\n (thomas at shadowweb dot org, Laruence)\n\nSQLITE :\n\n - Fixed bug #68760 (SQLITE segfaults if custom collator\n throws an exception). (Dan Ackroyd)\n\n - Fixed bug #69287 (Upgrade bundled sqlite to 3.8.8.3).\n (Anatol)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1185900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1185904\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1213407\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1213411\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1213416\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1213442\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1213446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1213449\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-April/156128.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?65e8f9a1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"php-5.5.24-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:21:22", "bulletinFamily": "scanner", "description": "16 Apr 2015, **PHP 5.6.8**\n\nCore :\n\n - Fixed bug #66609 (php crashes with __get() and ++\n operator in some cases). (Dmitry, Laruence)\n\n - Fixed bug #68021 (get_browser() browser_name_regex\n returns non-utf-8 characters). (Tjerk)\n\n - Fixed bug #68917 (parse_url fails on some partial\n urls). (Wei Dai)\n\n - Fixed bug #69134 (Per Directory Values overrides\n PHP_INI_SYSTEM configuration options). (Anatol Belski)\n\n - Additional fix for bug #69152 (Type confusion\n vulnerability in exception::getTraceAsString). (Stas)\n\n - Fixed bug #69210 (serialize function return corrupted\n data when sleep has non-string values). (Juan Basso)\n\n - Fixed bug #69212 (Leaking VIA_HANDLER func when\n exception thrown in __call/... arg passing). (Nikita)\n\n - Fixed bug #69221 (Segmentation fault when using a\n generator in combination with an Iterator). (Nikita)\n\n - Fixed bug #69337 (php_stream_url_wrap_http_ex()\n type-confusion vulnerability). (Stas)\n\n - Fixed bug #69353 (Missing null byte checks for paths\n in various PHP extensions). (Stas)\n\nApache2handler :\n\n - Fixed bug #69218 (potential remote code execution with\n apache 2.4 apache2handler). (Gerrit Venema)\n\ncURL :\n\n - Implemented FR#69278 (HTTP2 support). (Masaki Kagaya)\n\n - Fixed bug #68739 (Missing break / control flow).\n (Laruence)\n\n - Fixed bug #69316 (Use-after-free in php_curl related\n to CURLOPT_FILE/_INFILE/_WRITEHEADER). (Laruence)\n\nDate :\n\n - Fixed bug #69336 (Issues with 'last day of\n <monthname>'). (Derick Rethans)\n\nEnchant :\n\n - Fixed bug #65406 (Enchant broker plugins are in the\n wrong place in windows builds). (Anatol)\n\nEreg :\n\n - Fixed bug #68740 (NULL pointer Dereference). (Laruence)\n\nFileinfo :\n\n - Fixed bug #68819 (Fileinfo on specific file causes\n spurious OOM and/or segfault). (Anatol Belski)\n\nFilter :\n\n - Fixed bug #69202: (FILTER_FLAG_STRIP_BACKTICK ignored\n unless other flags are used). (Jeff Welch)\n\n - Fixed bug #69203 (FILTER_FLAG_STRIP_HIGH doesn't strip\n ASCII 127). (Jeff Welch)\n\nOPCache :\n\n - Fixed bug #69297 (function_exists strange behavior with\n OPCache on disabled function). (Laruence)\n\n - Fixed bug #69281 (opcache_is_script_cached no longer\n works). (danack)\n\n - Fixed bug #68677 (Use After Free). (CVE-2015-1351)\n (Laruence)\n\nOpenSSL\n\n - Fixed bugs #68853, #65137 (Buffered crypto stream data\n breaks IO polling in stream_select() contexts) (Chris\n Wright)\n\n - Fixed bug #69197 (openssl_pkcs7_sign handles default\n value incorrectly) (Daniel Lowrey)\n\n - Fixed bug #69215 (Crypto servers should send client CA\n list) (Daniel Lowrey)\n\n - Add a check for RAND_egd to allow compiling against\n LibreSSL (Leigh)\n\nPhar :\n\n - Fixed bug #64343 (PharData::extractTo fails for tarball\n created by BSD tar). (Mike)\n\n - Fixed bug #64931 (phar_add_file is too restrictive on\n filename). (Mike)\n\n - Fixed bug #65467 (Call to undefined method\n cli_arg_typ_string). (Mike)\n\n - Fixed bug #67761 (Phar::mapPhar fails for Phars inside\n a path containing '.tar'). (Mike)\n\n - Fixed bug #69324 (Buffer Over-read in unserialize when\n parsing Phar). (Stas)\n\n - Fixed bug #69441 (Buffer Overflow when parsing\n tar/zip/phar in phar_set_inode). (Stas)\n\nPostgres :\n\n - Fixed bug #68741 (NULL pointer dereference).\n (CVE-2015-1352) (Laruence)\n\nSPL :\n\n - Fixed bug #69227 (Use after free in zval_scan caused by\n spl_object_storage_get_gc). (adam dot scarr at 99designs\n dot com)\n\nSOAP :\n\n - Fixed bug #69293 (NEW segfault when using\n SoapClient::__setSoapHeader (bisected, regression)).\n (Laruence)\n\nSqlite3 :\n\n - Fixed bug #68760 (SQLITE segfaults if custom collator\n throws an exception). (Dan Ackroyd)\n\n - Fixed bug #69287 (Upgrade bundled libsqlite to\n 3.8.8.3). (Anatol)\n\n - Fixed bug #66550 (SQLite prepared statement\n use-after-free). (Sean Heelan)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2015-10-19T00:00:00", "published": "2015-04-23T00:00:00", "id": "FEDORA_2015-6195.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83018", "title": "Fedora 22 : php-5.6.8-1.fc22 (2015-6195)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-6195.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83018);\n script_version(\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:14:52 $\");\n\n script_cve_id(\"CVE-2015-1351\", \"CVE-2015-1352\", \"CVE-2015-2783\", \"CVE-2015-3329\");\n script_bugtraq_id(71929, 71932, 74239, 74240);\n script_xref(name:\"FEDORA\", value:\"2015-6195\");\n\n script_name(english:\"Fedora 22 : php-5.6.8-1.fc22 (2015-6195)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"16 Apr 2015, **PHP 5.6.8**\n\nCore :\n\n - Fixed bug #66609 (php crashes with __get() and ++\n operator in some cases). (Dmitry, Laruence)\n\n - Fixed bug #68021 (get_browser() browser_name_regex\n returns non-utf-8 characters). (Tjerk)\n\n - Fixed bug #68917 (parse_url fails on some partial\n urls). (Wei Dai)\n\n - Fixed bug #69134 (Per Directory Values overrides\n PHP_INI_SYSTEM configuration options). (Anatol Belski)\n\n - Additional fix for bug #69152 (Type confusion\n vulnerability in exception::getTraceAsString). (Stas)\n\n - Fixed bug #69210 (serialize function return corrupted\n data when sleep has non-string values). (Juan Basso)\n\n - Fixed bug #69212 (Leaking VIA_HANDLER func when\n exception thrown in __call/... arg passing). (Nikita)\n\n - Fixed bug #69221 (Segmentation fault when using a\n generator in combination with an Iterator). (Nikita)\n\n - Fixed bug #69337 (php_stream_url_wrap_http_ex()\n type-confusion vulnerability). (Stas)\n\n - Fixed bug #69353 (Missing null byte checks for paths\n in various PHP extensions). (Stas)\n\nApache2handler :\n\n - Fixed bug #69218 (potential remote code execution with\n apache 2.4 apache2handler). (Gerrit Venema)\n\ncURL :\n\n - Implemented FR#69278 (HTTP2 support). (Masaki Kagaya)\n\n - Fixed bug #68739 (Missing break / control flow).\n (Laruence)\n\n - Fixed bug #69316 (Use-after-free in php_curl related\n to CURLOPT_FILE/_INFILE/_WRITEHEADER). (Laruence)\n\nDate :\n\n - Fixed bug #69336 (Issues with 'last day of\n <monthname>'). (Derick Rethans)\n\nEnchant :\n\n - Fixed bug #65406 (Enchant broker plugins are in the\n wrong place in windows builds). (Anatol)\n\nEreg :\n\n - Fixed bug #68740 (NULL pointer Dereference). (Laruence)\n\nFileinfo :\n\n - Fixed bug #68819 (Fileinfo on specific file causes\n spurious OOM and/or segfault). (Anatol Belski)\n\nFilter :\n\n - Fixed bug #69202: (FILTER_FLAG_STRIP_BACKTICK ignored\n unless other flags are used). (Jeff Welch)\n\n - Fixed bug #69203 (FILTER_FLAG_STRIP_HIGH doesn't strip\n ASCII 127). (Jeff Welch)\n\nOPCache :\n\n - Fixed bug #69297 (function_exists strange behavior with\n OPCache on disabled function). (Laruence)\n\n - Fixed bug #69281 (opcache_is_script_cached no longer\n works). (danack)\n\n - Fixed bug #68677 (Use After Free). (CVE-2015-1351)\n (Laruence)\n\nOpenSSL\n\n - Fixed bugs #68853, #65137 (Buffered crypto stream data\n breaks IO polling in stream_select() contexts) (Chris\n Wright)\n\n - Fixed bug #69197 (openssl_pkcs7_sign handles default\n value incorrectly) (Daniel Lowrey)\n\n - Fixed bug #69215 (Crypto servers should send client CA\n list) (Daniel Lowrey)\n\n - Add a check for RAND_egd to allow compiling against\n LibreSSL (Leigh)\n\nPhar :\n\n - Fixed bug #64343 (PharData::extractTo fails for tarball\n created by BSD tar). (Mike)\n\n - Fixed bug #64931 (phar_add_file is too restrictive on\n filename). (Mike)\n\n - Fixed bug #65467 (Call to undefined method\n cli_arg_typ_string). (Mike)\n\n - Fixed bug #67761 (Phar::mapPhar fails for Phars inside\n a path containing '.tar'). (Mike)\n\n - Fixed bug #69324 (Buffer Over-read in unserialize when\n parsing Phar). (Stas)\n\n - Fixed bug #69441 (Buffer Overflow when parsing\n tar/zip/phar in phar_set_inode). (Stas)\n\nPostgres :\n\n - Fixed bug #68741 (NULL pointer dereference).\n (CVE-2015-1352) (Laruence)\n\nSPL :\n\n - Fixed bug #69227 (Use after free in zval_scan caused by\n spl_object_storage_get_gc). (adam dot scarr at 99designs\n dot com)\n\nSOAP :\n\n - Fixed bug #69293 (NEW segfault when using\n SoapClient::__setSoapHeader (bisected, regression)).\n (Laruence)\n\nSqlite3 :\n\n - Fixed bug #68760 (SQLITE segfaults if custom collator\n throws an exception). (Dan Ackroyd)\n\n - Fixed bug #69287 (Upgrade bundled libsqlite to\n 3.8.8.3). (Anatol)\n\n - Fixed bug #66550 (SQLite prepared statement\n use-after-free). (Sean Heelan)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1185900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1185904\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1213407\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1213411\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1213416\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1213442\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1213446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1213449\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155837.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4fa550d3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"php-5.6.8-1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:21:20", "bulletinFamily": "scanner", "description": "A buffer overflow vulnerability was found in PHP's phar (PHP Archive)\nimplementation. See https://bugs.php.net/bug.php?id=69324 for more\ndetails. (CVE-2015-2783)\n\nA use-after-free flaw was found in PHP's phar (PHP Archive) paths\nimplementation. A malicious script author could possibly use this flaw\nto disclose certain portions of server memory. (CVE-2015-2301)\n\nA buffer over-read flaw was found in the GD library. A specially\ncrafted GIF file could cause an application using the\ngdImageCreateFromGif() function to crash. (CVE-2014-9709)\n\nA NULL pointer dereference flaw was found in PHP's pgsql extension. A\nspecially crafted table name passed to function as pg_insert() or\npg_select() could cause a PHP application to crash. (CVE-2015-1352)\n\nA buffer overflow flaw was found in the way PHP's Phar extension\nparsed Phar archives. A specially crafted archive could cause PHP to\ncrash or, possibly, execute arbitrary code when opened.\n(CVE-2015-3329)", "modified": "2018-04-18T00:00:00", "published": "2015-04-20T00:00:00", "id": "ALA_ALAS-2015-509.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82856", "title": "Amazon Linux AMI : php54 (ALAS-2015-509)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-509.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82856);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-9709\", \"CVE-2015-1352\", \"CVE-2015-2301\", \"CVE-2015-2783\", \"CVE-2015-3329\");\n script_xref(name:\"ALAS\", value:\"2015-509\");\n\n script_name(english:\"Amazon Linux AMI : php54 (ALAS-2015-509)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow vulnerability was found in PHP's phar (PHP Archive)\nimplementation. See https://bugs.php.net/bug.php?id=69324 for more\ndetails. (CVE-2015-2783)\n\nA use-after-free flaw was found in PHP's phar (PHP Archive) paths\nimplementation. A malicious script author could possibly use this flaw\nto disclose certain portions of server memory. (CVE-2015-2301)\n\nA buffer over-read flaw was found in the GD library. A specially\ncrafted GIF file could cause an application using the\ngdImageCreateFromGif() function to crash. (CVE-2014-9709)\n\nA NULL pointer dereference flaw was found in PHP's pgsql extension. A\nspecially crafted table name passed to function as pg_insert() or\npg_select() could cause a PHP application to crash. (CVE-2015-1352)\n\nA buffer overflow flaw was found in the way PHP's Phar extension\nparsed Phar archives. A specially crafted archive could cause PHP to\ncrash or, possibly, execute arbitrary code when opened.\n(CVE-2015-3329)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.php.net/bug.php?id=69324\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-509.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update php54' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"php54-5.4.40-1.68.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-bcmath-5.4.40-1.68.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-cli-5.4.40-1.68.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-common-5.4.40-1.68.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-dba-5.4.40-1.68.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-debuginfo-5.4.40-1.68.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-devel-5.4.40-1.68.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-embedded-5.4.40-1.68.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-enchant-5.4.40-1.68.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-fpm-5.4.40-1.68.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-gd-5.4.40-1.68.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-imap-5.4.40-1.68.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-intl-5.4.40-1.68.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-ldap-5.4.40-1.68.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-mbstring-5.4.40-1.68.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-mcrypt-5.4.40-1.68.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-mssql-5.4.40-1.68.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-mysql-5.4.40-1.68.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-mysqlnd-5.4.40-1.68.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-odbc-5.4.40-1.68.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-pdo-5.4.40-1.68.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-pgsql-5.4.40-1.68.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-process-5.4.40-1.68.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-pspell-5.4.40-1.68.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-recode-5.4.40-1.68.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-snmp-5.4.40-1.68.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-soap-5.4.40-1.68.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-tidy-5.4.40-1.68.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-xml-5.4.40-1.68.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-xmlrpc-5.4.40-1.68.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php54 / php54-bcmath / php54-cli / php54-common / php54-dba / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:21:21", "bulletinFamily": "scanner", "description": "New php packages are available for Slackware 14.0, 14.1, and -current\nto fix security issues.", "modified": "2016-05-19T00:00:00", "published": "2015-04-22T00:00:00", "id": "SLACKWARE_SSA_2015-111-10.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82923", "title": "Slackware 14.0 / 14.1 / current : php (SSA:2015-111-10)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2015-111-10. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82923);\n script_version(\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2016/05/19 18:02:18 $\");\n\n script_cve_id(\"CVE-2014-9709\", \"CVE-2015-0231\", \"CVE-2015-1351\", \"CVE-2015-1352\", \"CVE-2015-2301\", \"CVE-2015-2305\", \"CVE-2015-2331\", \"CVE-2015-2783\", \"CVE-2015-3330\");\n script_bugtraq_id(71929, 71932, 72539, 72611, 73037, 73182, 73306, 74204, 74239);\n script_xref(name:\"SSA\", value:\"2015-111-10\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / current : php (SSA:2015-111-10)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New php packages are available for Slackware 14.0, 14.1, and -current\nto fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.429606\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cd0c572c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"php\", pkgver:\"5.4.40\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.4.40\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"php\", pkgver:\"5.4.40\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.4.40\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"php\", pkgver:\"5.6.8\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.6.8\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:21:40", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities have been discovered in PHP :\n\n - CVE-2015-4025 / CVE-2015-4026\n Multiple function didn't check for NULL bytes in path\n names.\n\n - CVE-2015-4024\n Denial of service when processing multipart/form-data\n requests.\n\n - CVE-2015-4022\n Integer overflow in the ftp_genlist() function may\n result in denial of service or potentially the execution\n of arbitrary code.\n\n - CVE-2015-4021 CVE-2015-3329 CVE-2015-2783\n Multiple vulnerabilities in the phar extension may\n result in denial of service or potentially the execution\n of arbitrary code when processing malformed archives.", "modified": "2018-11-10T00:00:00", "published": "2015-06-09T00:00:00", "id": "DEBIAN_DSA-3280.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84025", "title": "Debian DSA-3280-1 : php5 - security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3280. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84025);\n script_version(\"2.9\");\n script_cvs_date(\"Date: 2018/11/10 11:49:37\");\n\n script_cve_id(\"CVE-2015-2783\", \"CVE-2015-3329\", \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4025\", \"CVE-2015-4026\");\n script_bugtraq_id(74239, 74240, 74700, 74902, 74903, 74904);\n script_xref(name:\"DSA\", value:\"3280\");\n\n script_name(english:\"Debian DSA-3280-1 : php5 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been discovered in PHP :\n\n - CVE-2015-4025 / CVE-2015-4026\n Multiple function didn't check for NULL bytes in path\n names.\n\n - CVE-2015-4024\n Denial of service when processing multipart/form-data\n requests.\n\n - CVE-2015-4022\n Integer overflow in the ftp_genlist() function may\n result in denial of service or potentially the execution\n of arbitrary code.\n\n - CVE-2015-4021 CVE-2015-3329 CVE-2015-2783\n Multiple vulnerabilities in the phar extension may\n result in denial of service or potentially the execution\n of arbitrary code when processing malformed archives.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-4025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-4026\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-4024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-4022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-4021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-3329\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-2783\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/php5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/php5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3280\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the php5 packages.\n\nFor the oldstable distribution (wheezy), these problems have been\nfixed in version 5.4.41-0+deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 5.6.9+dfsg-0+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libapache2-mod-php5\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libapache2-mod-php5filter\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libphp5-embed\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php-pear\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-cgi\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-cli\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-common\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-curl\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-dbg\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-dev\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-enchant\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-fpm\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-gd\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-gmp\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-imap\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-interbase\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-intl\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-ldap\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-mcrypt\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-mysql\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-mysqlnd\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-odbc\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-pgsql\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-pspell\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-recode\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-snmp\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-sqlite\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-sybase\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-tidy\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-xmlrpc\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-xsl\", reference:\"5.4.41-0+deb7u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libapache2-mod-php5\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libapache2-mod-php5filter\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libphp5-embed\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php-pear\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-cgi\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-cli\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-common\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-curl\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-dbg\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-dev\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-enchant\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-fpm\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-gd\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-gmp\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-imap\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-interbase\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-intl\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-ldap\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-mcrypt\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-mysql\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-mysqlnd\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-odbc\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-pgsql\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-phpdbg\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-pspell\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-readline\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-recode\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-snmp\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-sqlite\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-sybase\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-tidy\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-xmlrpc\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-xsl\", reference:\"5.6.9+dfsg-0+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:58", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2015:209\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : php\r\n Date : April 27, 2015\r\n Affected: Business Server 1.0, Business Server 2.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Updated php packages fix security vulnerabilities:\r\n \r\n Buffer Over-read in unserialize when parsing Phar (CVE-2015-2783).\r\n \r\n Buffer Overflow when parsing tar/zip/phar in phar_set_inode\r\n (CVE-2015-3329).\r\n \r\n Potential remote code execution with apache 2.4 apache2handler\r\n (CVE-2015-3330).\r\n \r\n PHP has been updated to version 5.5.24, which fixes these issues and\r\n other bugs.\r\n \r\n Additionally the timezonedb packages has been upgraded to the latest\r\n version and the PECL packages which requires so has been rebuilt\r\n for php-5.5.24.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2783\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3329\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3330\r\n http://advisories.mageia.org/MGASA-2015-0169.html\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 1/X86_64:\r\n fb5b4628263a821fb3e4075a5fb4e5b4 mbs1/x86_64/apache-mod_php-5.5.24-1.mbs1.x86_64.rpm\r\n 3c7f76ada5ccad65c212ee350fdffe87 mbs1/x86_64/lib64php5_common5-5.5.24-1.mbs1.x86_64.rpm\r\n 5400e21c3eaecc346e1eb8c712e9478f mbs1/x86_64/php-apc-3.1.15-1.18.mbs1.x86_64.rpm\r\n 90ae23234441a8de169207ff7f045684 mbs1/x86_64/php-apc-admin-3.1.15-1.18.mbs1.x86_64.rpm\r\n a39b53bcacc941035d830ce1052540b3 mbs1/x86_64/php-bcmath-5.5.24-1.mbs1.x86_64.rpm\r\n ada97c19882cf313e4d7ebba0909f6d8 mbs1/x86_64/php-bz2-5.5.24-1.mbs1.x86_64.rpm\r\n c6e5c880827c6bc76dfb1c15460637b4 mbs1/x86_64/php-calendar-5.5.24-1.mbs1.x86_64.rpm\r\n 6535a7223184cec5ac17edb9e1d31388 mbs1/x86_64/php-cgi-5.5.24-1.mbs1.x86_64.rpm\r\n 16aa52d7dd47cc27cb5d7aec420944eb mbs1/x86_64/php-cli-5.5.24-1.mbs1.x86_64.rpm\r\n 7983f9d1bf3039b5efdb0ed70329cccd mbs1/x86_64/php-ctype-5.5.24-1.mbs1.x86_64.rpm\r\n 3cbc805a1610b54d191e2e3ca99c3ae4 mbs1/x86_64/php-curl-5.5.24-1.mbs1.x86_64.rpm\r\n f53dd6f08013c00ae1c95df14671624e mbs1/x86_64/php-dba-5.5.24-1.mbs1.x86_64.rpm\r\n e2a5d632a8581e27a366191c9fd86424 mbs1/x86_64/php-devel-5.5.24-1.mbs1.x86_64.rpm\r\n 37bb13541a04b935c93600dc63e98047 mbs1/x86_64/php-doc-5.5.24-1.mbs1.noarch.rpm\r\n fad46645f9afb86eedf094cbe82eaebe mbs1/x86_64/php-dom-5.5.24-1.mbs1.x86_64.rpm\r\n 22141396e7bccb2aac8a2e7c0d0f02aa mbs1/x86_64/php-enchant-5.5.24-1.mbs1.x86_64.rpm\r\n e3f7bc72aad9e3fb7b9f25f64d9ca95c mbs1/x86_64/php-exif-5.5.24-1.mbs1.x86_64.rpm\r\n 53a76b203f90a9008eb35cdf93aac246 mbs1/x86_64/php-fileinfo-5.5.24-1.mbs1.x86_64.rpm\r\n 7cb8c9592f48413f3783f49947563a8f mbs1/x86_64/php-filter-5.5.24-1.mbs1.x86_64.rpm\r\n 3d34478d09bbf6848c8c2eaea0156feb mbs1/x86_64/php-fpm-5.5.24-1.mbs1.x86_64.rpm\r\n fc47e9e9b740e94e5210854b7872af8f mbs1/x86_64/php-ftp-5.5.24-1.mbs1.x86_64.rpm\r\n e22e5cf59f7d0c361b41e220fd0ebbde mbs1/x86_64/php-gd-5.5.24-1.mbs1.x86_64.rpm\r\n cd5fef5777b58e0562ddeb3ca4b4e1dd mbs1/x86_64/php-gettext-5.5.24-1.mbs1.x86_64.rpm\r\n aba136588f2c77f2cca4bcc300e7f0b5 mbs1/x86_64/php-gmp-5.5.24-1.mbs1.x86_64.rpm\r\n 8752b1e4f863b2cdadf08cfdcaf462f7 mbs1/x86_64/php-hash-5.5.24-1.mbs1.x86_64.rpm\r\n 36bef8c7e03cdffd66a4553266e1a13d mbs1/x86_64/php-iconv-5.5.24-1.mbs1.x86_64.rpm\r\n 0b405f5f49d174745a4135e033fbe234 mbs1/x86_64/php-imap-5.5.24-1.mbs1.x86_64.rpm\r\n fc25a10fb623016b5e95595aa114274a mbs1/x86_64/php-ini-5.5.24-1.mbs1.x86_64.rpm\r\n c4435a44b199cd4fadca0cac247aca06 mbs1/x86_64/php-intl-5.5.24-1.mbs1.x86_64.rpm\r\n ec611fd14d6b502990fe0a3ab243211a mbs1/x86_64/php-json-5.5.24-1.mbs1.x86_64.rpm\r\n 519c8ae2df9aeca23d15953470c3a485 mbs1/x86_64/php-ldap-5.5.24-1.mbs1.x86_64.rpm\r\n f52168266f3d1df5a333f2acb83c7739 mbs1/x86_64/php-mbstring-5.5.24-1.mbs1.x86_64.rpm\r\n 8fed199f0b2be5b2d1780bed11c5c5d6 mbs1/x86_64/php-mcrypt-5.5.24-1.mbs1.x86_64.rpm\r\n e5d5276bcfaa7d951b4b543e76949a2f mbs1/x86_64/php-mssql-5.5.24-1.mbs1.x86_64.rpm\r\n 0a34a8334cd8a3e4d7867a962df62f15 mbs1/x86_64/php-mysql-5.5.24-1.mbs1.x86_64.rpm\r\n 3fd0dcc4cb8c4ef136c68e243788aa85 mbs1/x86_64/php-mysqli-5.5.24-1.mbs1.x86_64.rpm\r\n d9db3dd5963888f69b11cdaa1d1c97e4 mbs1/x86_64/php-mysqlnd-5.5.24-1.mbs1.x86_64.rpm\r\n f27cbd0c9f968bfa7d6f10d8040a1f4f mbs1/x86_64/php-odbc-5.5.24-1.mbs1.x86_64.rpm\r\n db18ba83bd3e8f82f189c4e93799de9a mbs1/x86_64/php-opcache-5.5.24-1.mbs1.x86_64.rpm\r\n 7e02eaad2751f993fcd7af5a649b4707 mbs1/x86_64/php-openssl-5.5.24-1.mbs1.x86_64.rpm\r\n be43bdb8b4c0ea65901bb7ab4a12e1be mbs1/x86_64/php-pcntl-5.5.24-1.mbs1.x86_64.rpm\r\n 57ba222e0921de0efcad052a1ed359cc mbs1/x86_64/php-pdo-5.5.24-1.mbs1.x86_64.rpm\r\n 3ba50d22dead03f756136363e1e2ce27 mbs1/x86_64/php-pdo_dblib-5.5.24-1.mbs1.x86_64.rpm\r\n fe6858486fc7a42f7099f103fec8e0c9 mbs1/x86_64/php-pdo_mysql-5.5.24-1.mbs1.x86_64.rpm\r\n 407570e83b281be3515970aa6e24a773 mbs1/x86_64/php-pdo_odbc-5.5.24-1.mbs1.x86_64.rpm\r\n e5c66883133694a146b0f4840749a7d7 mbs1/x86_64/php-pdo_pgsql-5.5.24-1.mbs1.x86_64.rpm\r\n d41508abccb63d3b0c0d44a82596f1d6 mbs1/x86_64/php-pdo_sqlite-5.5.24-1.mbs1.x86_64.rpm\r\n 3f7dd514cca5b5259854043194099c4c mbs1/x86_64/php-pgsql-5.5.24-1.mbs1.x86_64.rpm\r\n 1b6b8a0d2e033b35697757a49329d51e mbs1/x86_64/php-phar-5.5.24-1.mbs1.x86_64.rpm\r\n 30e86f3079cd49241d680f46542b16b8 mbs1/x86_64/php-posix-5.5.24-1.mbs1.x86_64.rpm\r\n b065951f2e32008908857708ae2f1539 mbs1/x86_64/php-readline-5.5.24-1.mbs1.x86_64.rpm\r\n 13886e31952529313c505acbc7ebbbc6 mbs1/x86_64/php-recode-5.5.24-1.mbs1.x86_64.rpm\r\n 95ca2a29237d6f3e6f852431626be072 mbs1/x86_64/php-session-5.5.24-1.mbs1.x86_64.rpm\r\n f5f33541bc2a3b3f0b456989e20aa45c mbs1/x86_64/php-shmop-5.5.24-1.mbs1.x86_64.rpm\r\n c5414a148aa0e25b03b9faf79c50693a mbs1/x86_64/php-snmp-5.5.24-1.mbs1.x86_64.rpm\r\n d02afd660db7544b09328445c2f99ec6 mbs1/x86_64/php-soap-5.5.24-1.mbs1.x86_64.rpm\r\n 239a1c675cf3a4f853cc94cfc188e60e mbs1/x86_64/php-sockets-5.5.24-1.mbs1.x86_64.rpm\r\n 04e689ed1f9163a149f3448cfe4bd218 mbs1/x86_64/php-sqlite3-5.5.24-1.mbs1.x86_64.rpm\r\n a39905d2eae282b1d06db94afbf51255 mbs1/x86_64/php-sybase_ct-5.5.24-1.mbs1.x86_64.rpm\r\n a7fd332d4fea37c9f3335a0d8921f228 mbs1/x86_64/php-sysvmsg-5.5.24-1.mbs1.x86_64.rpm\r\n b9fdd882caee7f469d3c285082e8f717 mbs1/x86_64/php-sysvsem-5.5.24-1.mbs1.x86_64.rpm\r\n 79ede61a89fae9e6fab33f1a99b3ded7 mbs1/x86_64/php-sysvshm-5.5.24-1.mbs1.x86_64.rpm\r\n 5f0b1072e400ccc886979e7647c160f2 mbs1/x86_64/php-tidy-5.5.24-1.mbs1.x86_64.rpm\r\n 1df6d933d3f5c14bb334b8e49df50901 mbs1/x86_64/php-timezonedb-2015.4-1.mbs1.x86_64.rpm\r\n e03d364e8d94dc5e509f89ad06b1ceec mbs1/x86_64/php-tokenizer-5.5.24-1.mbs1.x86_64.rpm\r\n 4eb33980b578bc3f7c8436993e401a6b mbs1/x86_64/php-wddx-5.5.24-1.mbs1.x86_64.rpm\r\n cfb0b798a98736cebe6d2854610e5c88 mbs1/x86_64/php-xml-5.5.24-1.mbs1.x86_64.rpm\r\n 2d05b6ecae1866827a732b19bdea2682 mbs1/x86_64/php-xmlreader-5.5.24-1.mbs1.x86_64.rpm\r\n bab20d281d211f8202d881723f0091f1 mbs1/x86_64/php-xmlrpc-5.5.24-1.mbs1.x86_64.rpm\r\n d213f4b86b0532049556a37958d12570 mbs1/x86_64/php-xmlwriter-5.5.24-1.mbs1.x86_64.rpm\r\n a43e88b8cb0cf9a46d63f318d63853c7 mbs1/x86_64/php-xsl-5.5.24-1.mbs1.x86_64.rpm\r\n 3150b97e91d4363c5b79b6e67cf4febe mbs1/x86_64/php-zip-5.5.24-1.mbs1.x86_64.rpm\r\n 962d3621008091b8186481e521296d29 mbs1/x86_64/php-zlib-5.5.24-1.mbs1.x86_64.rpm \r\n 52139e1dbd986bf5b685ee0f92e67da2 mbs1/SRPMS/php-5.5.24-1.mbs1.src.rpm\r\n 854f5600d70006910d80643b638289d4 mbs1/SRPMS/php-apc-3.1.15-1.18.mbs1.src.rpm\r\n 77e0fad280231397615e51f099b33f1c mbs1/SRPMS/php-timezonedb-2015.4-1.mbs1.src.rpm\r\n\r\n Mandriva Business Server 2/X86_64:\r\n 2a2dcd3f73583e81c1d4ca142814ed6a mbs2/x86_64/apache-mod_php-5.5.24-1.mbs2.x86_64.rpm\r\n a7964f16c85b0772835366fa821f7dd1 mbs2/x86_64/lib64php5_common5-5.5.24-1.mbs2.x86_64.rpm\r\n 624d6512573e4ccc202f9ea08433727e mbs2/x86_64/php-bcmath-5.5.24-1.mbs2.x86_64.rpm\r\n dd817015c54820a9fc967da7db4b1461 mbs2/x86_64/php-bz2-5.5.24-1.mbs2.x86_64.rpm\r\n 1c022b50d3f12d3e8e358fca3afe6f0f mbs2/x86_64/php-calendar-5.5.24-1.mbs2.x86_64.rpm\r\n 52159b3e747e424b1fe40944f404b45d mbs2/x86_64/php-cgi-5.5.24-1.mbs2.x86_64.rpm\r\n 5ac82cf4acc95e8d8a80537173a1dc98 mbs2/x86_64/php-cli-5.5.24-1.mbs2.x86_64.rpm\r\n e7271551aa14e6931b0ba22ee33d3712 mbs2/x86_64/php-ctype-5.5.24-1.mbs2.x86_64.rpm\r\n 7293fa4917183914c356cc2376a5e1ab mbs2/x86_64/php-curl-5.5.24-1.mbs2.x86_64.rpm\r\n 258058f8e1cda5be8a9444964a553691 mbs2/x86_64/php-dba-5.5.24-1.mbs2.x86_64.rpm\r\n c0a6fa757e9ffda700f65a93442564d4 mbs2/x86_64/php-devel-5.5.24-1.mbs2.x86_64.rpm\r\n c06bc210915a004b2b9fcd084f853e20 mbs2/x86_64/php-doc-5.5.24-1.mbs2.noarch.rpm\r\n 049a5952ec9f5af423d4ecc78ff80f60 mbs2/x86_64/php-dom-5.5.24-1.mbs2.x86_64.rpm\r\n c09f88b638281bb87aea12ef38455f36 mbs2/x86_64/php-enchant-5.5.24-1.mbs2.x86_64.rpm\r\n 54d1dc9b189dfb87de442ba2c765deef mbs2/x86_64/php-exif-5.5.24-1.mbs2.x86_64.rpm\r\n ee6d0aa018912da413a14365a41cc1a2 mbs2/x86_64/php-fileinfo-5.5.24-1.mbs2.x86_64.rpm\r\n 0f216dc10bb650bdf29c01d9905ca4f2 mbs2/x86_64/php-filter-5.5.24-1.mbs2.x86_64.rpm\r\n 4bf7b3c69724d769e10f8341c95d6004 mbs2/x86_64/php-fpm-5.5.24-1.mbs2.x86_64.rpm\r\n aeb60443860bbb7e88a0288fb3e2f6cd mbs2/x86_64/php-ftp-5.5.24-1.mbs2.x86_64.rpm\r\n 226a551699749179b94570dfa3c50986 mbs2/x86_64/php-gd-5.5.24-1.mbs2.x86_64.rpm\r\n 5e29df38df1b862e4ba3b5486cdbcc47 mbs2/x86_64/php-gettext-5.5.24-1.mbs2.x86_64.rpm\r\n ead9effbca236c6c2902955935c28225 mbs2/x86_64/php-gmp-5.5.24-1.mbs2.x86_64.rpm\r\n c8f01d16bb8cbbd1d891c68c54d2dd16 mbs2/x86_64/php-hash-5.5.24-1.mbs2.x86_64.rpm\r\n c1c7332cf8dc2c0d21cb57bf4d7f81dd mbs2/x86_64/php-iconv-5.5.24-1.mbs2.x86_64.rpm\r\n 7f86a963f8cf5e6351acd1fdf995b7a1 mbs2/x86_64/php-imap-5.5.24-1.mbs2.x86_64.rpm\r\n 215c060793b574a36c28131dca9bf9c7 mbs2/x86_64/php-ini-5.5.24-1.mbs2.x86_64.rpm\r\n 7f07f161b4e1885aa807d3753d948e10 mbs2/x86_64/php-interbase-5.5.24-1.mbs2.x86_64.rpm\r\n 8171c9830749db254898f80f8ecbdd04 mbs2/x86_64/php-intl-5.5.24-1.mbs2.x86_64.rpm\r\n 1fa26b49fa8e0b776d484b4fcc0d4bf3 mbs2/x86_64/php-json-5.5.24-1.mbs2.x86_64.rpm\r\n 29051ac44b6e2068a71c026e9d458536 mbs2/x86_64/php-ldap-5.5.24-1.mbs2.x86_64.rpm\r\n 3d97347fe4b9589ae80b7fd16c281dcd mbs2/x86_64/php-mbstring-5.5.24-1.mbs2.x86_64.rpm\r\n 1a5a41400380b4bcde25d2b693e1dab0 mbs2/x86_64/php-mcrypt-5.5.24-1.mbs2.x86_64.rpm\r\n a79635ca99cd7ae80d1661373161da1f mbs2/x86_64/php-mssql-5.5.24-1.mbs2.x86_64.rpm\r\n cdc3bde549c9ae73915db8a0e0919ce5 mbs2/x86_64/php-mysql-5.5.24-1.mbs2.x86_64.rpm\r\n 7a72c1ab11020a2c52aa3a74636d5342 mbs2/x86_64/php-mysqli-5.5.24-1.mbs2.x86_64.rpm\r\n 93fb357f9dbf32887a98a5409b3b8a16 mbs2/x86_64/php-mysqlnd-5.5.24-1.mbs2.x86_64.rpm\r\n caf79717e1ca56ec3e53fdaa25e734aa mbs2/x86_64/php-odbc-5.5.24-1.mbs2.x86_64.rpm\r\n eb293f64d2bd635c70d36274275e60bb mbs2/x86_64/php-opcache-5.5.24-1.mbs2.x86_64.rpm\r\n 91847d268cb8a62eb0e89fc95a9c51e6 mbs2/x86_64/php-openssl-5.5.24-1.mbs2.x86_64.rpm\r\n 35e065d8684684e3e304bafbb309c895 mbs2/x86_64/php-pcntl-5.5.24-1.mbs2.x86_64.rpm\r\n d65e05e7edf7480ed362783dc75609be mbs2/x86_64/php-pdo-5.5.24-1.mbs2.x86_64.rpm\r\n 8657b2e1171497ff9ae5864ecccfeb23 mbs2/x86_64/php-pdo_dblib-5.5.24-1.mbs2.x86_64.rpm\r\n 19c9414ced1e0806b77347f9427d6653 mbs2/x86_64/php-pdo_firebird-5.5.24-1.mbs2.x86_64.rpm\r\n 28b09335667ac3993f1aca5da234df8a mbs2/x86_64/php-pdo_mysql-5.5.24-1.mbs2.x86_64.rpm\r\n b928f58777cfbd848985606bd680bf8f mbs2/x86_64/php-pdo_odbc-5.5.24-1.mbs2.x86_64.rpm\r\n ba6bf3afe9d497b9f1d99cb467b13ca5 mbs2/x86_64/php-pdo_pgsql-5.5.24-1.mbs2.x86_64.rpm\r\n 21823497094c28ce7bf74f052122fe99 mbs2/x86_64/php-pdo_sqlite-5.5.24-1.mbs2.x86_64.rpm\r\n 4a6a259c16ca5bad2b466f29acad4985 mbs2/x86_64/php-pgsql-5.5.24-1.mbs2.x86_64.rpm\r\n 7c9c9f9555a74f3257c6e8f16222d21f mbs2/x86_64/php-phar-5.5.24-1.mbs2.x86_64.rpm\r\n db4254db501a4fca54fa367b20f068f4 mbs2/x86_64/php-posix-5.5.24-1.mbs2.x86_64.rpm\r\n 10fb26df5f5a5d3b1988c40678b56fb6 mbs2/x86_64/php-readline-5.5.24-1.mbs2.x86_64.rpm\r\n c20ddec24b84440146734feb639b0f00 mbs2/x86_64/php-recode-5.5.24-1.mbs2.x86_64.rpm\r\n 68a49598e99391f37342a3d23a1414e7 mbs2/x86_64/php-session-5.5.24-1.mbs2.x86_64.rpm\r\n a26563d738120cba5f81ddda143ca55f mbs2/x86_64/php-shmop-5.5.24-1.mbs2.x86_64.rpm\r\n d69120a1ed4aeb3fe229cc83120d8c78 mbs2/x86_64/php-snmp-5.5.24-1.mbs2.x86_64.rpm\r\n 4596e3f325f70a29bf12d76793984b20 mbs2/x86_64/php-soap-5.5.24-1.mbs2.x86_64.rpm\r\n 7deda5cc9443b117fad82352943353ff mbs2/x86_64/php-sockets-5.5.24-1.mbs2.x86_64.rpm\r\n bc3f0ad45bb5bf488c73a5933a70d2c0 mbs2/x86_64/php-sqlite3-5.5.24-1.mbs2.x86_64.rpm\r\n 295fa388d26e62dcb0faf23c6e690ffa mbs2/x86_64/php-sybase_ct-5.5.24-1.mbs2.x86_64.rpm\r\n 88367608d60aac24ca0b0d0d92187b0e mbs2/x86_64/php-sysvmsg-5.5.24-1.mbs2.x86_64.rpm\r\n 36eac7d0e9a1f148e8954912db56dc13 mbs2/x86_64/php-sysvsem-5.5.24-1.mbs2.x86_64.rpm\r\n 74e6909f0c7a516bd99625c649bed33c mbs2/x86_64/php-sysvshm-5.5.24-1.mbs2.x86_64.rpm\r\n 9142ae8fb4665580503bc0520d3aaf89 mbs2/x86_64/php-tidy-5.5.24-1.mbs2.x86_64.rpm\r\n 4ee29061197f48af9c987d31abdec823 mbs2/x86_64/php-timezonedb-2015.4-1.mbs2.x86_64.rpm\r\n eafea4beda5144dd3adac0afce3f2258 mbs2/x86_64/php-tokenizer-5.5.24-1.mbs2.x86_64.rpm\r\n 505c78284f22f95d8a574c13ea043bc4 mbs2/x86_64/php-wddx-5.5.24-1.mbs2.x86_64.rpm\r\n e7e4fe996d11553ebd80ad4392caae2e mbs2/x86_64/php-xml-5.5.24-1.mbs2.x86_64.rpm\r\n 7a1c383a450c6a80f95255434e5390fd mbs2/x86_64/php-xmlreader-5.5.24-1.mbs2.x86_64.rpm\r\n 2af0b36e46ba236da59a98631c664bd9 mbs2/x86_64/php-xmlrpc-5.5.24-1.mbs2.x86_64.rpm\r\n a3f77553286094ecd60e174cfdb0e6dc mbs2/x86_64/php-xmlwriter-5.5.24-1.mbs2.x86_64.rpm\r\n b3bb2d250c73f7c355394353b4c0599d mbs2/x86_64/php-xsl-5.5.24-1.mbs2.x86_64.rpm\r\n a8f9476cba7a6aaab6eee8da66fd8fea mbs2/x86_64/php-zip-5.5.24-1.mbs2.x86_64.rpm\r\n 43d4282dddd18c07b87774cf704ce5be mbs2/x86_64/php-zlib-5.5.24-1.mbs2.x86_64.rpm \r\n 8cdfdd3582b44c38d735c58aea9e45f7 mbs2/SRPMS/php-5.5.24-1.mbs2.src.rpm\r\n 09afb4a05a8a1add563f2cb348fb2b0d mbs2/SRPMS/php-timezonedb-2015.4-1.mbs2.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niD8DBQFVPf25mqjQ0CJFipgRAr9DAJwLXVXZqUb2kRGPCR9arVb7TKkfOQCgmCY7\r\ncUUPvfG5XP6mbL/c94A8wq0=\r\n=BCBr\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2015-05-05T00:00:00", "published": "2015-05-05T00:00:00", "id": "SECURITYVULNS:DOC:31997", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31997", "title": "[ MDVSA-2015:209 ] php", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:59", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-3280-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nJune 07, 2015 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : php5\r\nCVE ID : CVE-2015-2783 CVE-2015-3329 CVE-2015-4021 CVE-2015-4022 \r\n CVE-2015-4024 CVE-2015-4025 CVE-2015-4026\r\n\r\nMultiple vulnerabilities have been discovered in PHP:\r\n\r\nCVE-2015-4025 / CVE-2015-4026\r\n\r\n Multiple function didn't check for NULL bytes in path names.\r\n\r\nCVE-2015-4024\r\n\r\n Denial of service when processing multipart/form-data requests.\r\n\r\nCVE-2015-4022\r\n\r\n Integer overflow in the ftp_genlist() function may result in\r\n denial of service or potentially the execution of arbitrary code.\r\n\r\nCVE-2015-4021 CVE-2015-3329 CVE-2015-2783\r\n\r\n Multiple vulnerabilities in the phar extension may result in\r\n denial of service or potentially the execution of arbitrary code\r\n when processing malformed archives.\r\n\r\nFor the oldstable distribution (wheezy), these problems have been fixed\r\nin version 5.4.41-0+deb7u1.\r\n\r\nFor the stable distribution (jessie), these problems have been fixed in\r\nversion 5.6.9+dfsg-0+deb8u1.\r\n\r\nFor the testing distribution (stretch), these problems have been fixed\r\nin version 5.6.9+dfsg-1.\r\n\r\nFor the unstable distribution (sid), these problems have been fixed in\r\nversion 5.6.9+dfsg-1.\r\n\r\nWe recommend that you upgrade your php5 packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: https://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQIcBAEBAgAGBQJVdHnyAAoJEBDCk7bDfE42+jAP/0nZWh6HnJpBhxbSgP9fHmtJ\r\nNOp7GthaatDYuqZ2VOmQ16nh55p90fcbOkiUMtLvK6PF/D+JI0XpAnAKrHTWH491\r\n0Iz5Gh3sCKccQYweRAojgNOIm2zBKLFfzK778h6lQIcM3UY1w16RGWqSPEQ/L0pW\r\nCfxoGpom2SlhGE4wVxX1bmSGeM1k79hoZrzcBV7EfrqBU3zP/tSfRCTjjEIkYIov\r\nalmbQRAfdNnvOpJtBS+1NE/As4OX7JkJCCx45Bjfeond9oA22CsR62tan2+Y2wrk\r\nBd1UU8nNGnBfcv8ramWXzwZbUQDGfbsMJ4Dj/RpmID0e3HCAkRcSLEuSCWqCCE0o\r\nc6eL6gOWCp7l9uvsJZ3CG67zRkqdU1pj1dHy6p7j0E+o4iNSVwRYxqAO/luF/baB\r\nkOH5UV62On2UoSDGS4Ix+hHavC8dfX1L6NvH7YigXZYxNAsMLEo3x5M+tz5bJk7E\r\nI2RwRJ8rrDN8jC8f4sag+IThCezDHz3SPFE+IFyD3UredQwePfaY7IYn4Cl+nezY\r\n7yrcdyi1KJSQyDM9upE+L6Ytcv/5tZiOdOUxq31NKb7O3rLvTKZtreUAxvFiTepT\r\nMGPsLGF3LRsQoty3S8g1tkl2DHt6IZgIELT5x6xDCs7jBvC5R45UfhvFNm6fhM7F\r\nwjZ8f1+8OlapWivt9p0R\r\n=80kf\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2015-06-08T00:00:00", "published": "2015-06-08T00:00:00", "id": "SECURITYVULNS:DOC:32196", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32196", "title": "[SECURITY] [DSA 3280-1] php5 security update", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:11:01", "bulletinFamily": "software", "description": "\r\n\r\nAPPLE-SA-2015-09-30-3 OS X El Capitan 10.11\r\n\r\nOS X El Capitan 10.11 is now available and addresses the following:\r\n\r\nAddress Book\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local attacker may be able to inject arbitrary code to\r\nprocesses loading the Address Book framework\r\nDescription: An issue existed in Address Book framework's handling\r\nof an environment variable. This issue was addressed through improved\r\nenvironment variable handling.\r\nCVE-ID\r\nCVE-2015-5897 : Dan Bastone of Gotham Digital Science\r\n\r\nAirScan\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: An attacker with a privileged network position may be able\r\nto extract payload from eSCL packets sent over a secure connection\r\nDescription: An issue existed in the processing of eSCL packets.\r\nThis issue was addressed through improved validation checks.\r\nCVE-ID\r\nCVE-2015-5853 : an anonymous researcher\r\n\r\napache_mod_php\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: Multiple vulnerabilities in PHP\r\nDescription: Multiple vulnerabilities existed in PHP versions prior\r\nto 5.5.27, including one which may have led to remote code execution.\r\nThis issue was addressed by updating PHP to version 5.5.27.\r\nCVE-ID\r\nCVE-2014-9425\r\nCVE-2014-9427\r\nCVE-2014-9652\r\nCVE-2014-9705\r\nCVE-2014-9709\r\nCVE-2015-0231\r\nCVE-2015-0232\r\nCVE-2015-0235\r\nCVE-2015-0273\r\nCVE-2015-1351\r\nCVE-2015-1352\r\nCVE-2015-2301\r\nCVE-2015-2305\r\nCVE-2015-2331\r\nCVE-2015-2348\r\nCVE-2015-2783\r\nCVE-2015-2787\r\nCVE-2015-3329\r\nCVE-2015-3330\r\n\r\nApple Online Store Kit\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A malicious application may gain access to a user's keychain\r\nitems\r\nDescription: An issue existed in validation of access control lists\r\nfor iCloud keychain items. This issue was addressed through improved\r\naccess control list checks.\r\nCVE-ID\r\nCVE-2015-5836 : XiaoFeng Wang of Indiana University, Luyi Xing of\r\nIndiana University, Tongxin Li of Peking University, Tongxin Li of\r\nPeking University, Xiaolong Bai of Tsinghua University\r\n\r\nAppleEvents\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A user connected through screen sharing can send Apple\r\nEvents to a local user's session\r\nDescription: An issue existed with Apple Event filtering that\r\nallowed some users to send events to other users. This was addressed\r\nby improved Apple Event handling.\r\nCVE-ID\r\nCVE-2015-5849 : Jack Lawrence (@_jackhl)\r\n\r\nAudio\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: Playing a malicious audio file may lead to an unexpected\r\napplication termination\r\nDescription: A memory corruption issue existed in the handling of\r\naudio files. This issue issue was addressed through improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-5862 : YoungJin Yoon of Information Security Lab. (Adv.:\r\nProf. Taekyoung Kwon), Yonsei University, Seoul, Korea\r\n\r\nbash\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: Multiple vulnerabilities in bash\r\nDescription: Multiple vulnerabilities existed in bash versions prior\r\nto 3.2 patch level 57. These issues were addressed by updating bash\r\nversion 3.2 to patch level 57.\r\nCVE-ID\r\nCVE-2014-6277\r\nCVE-2014-7186\r\nCVE-2014-7187\r\n\r\nCertificate Trust Policy\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: Update to the certificate trust policy\r\nDescription: The certificate trust policy was updated. The complete\r\nlist of certificates may be viewed at https://support.apple.com/en-\r\nus/HT202858.\r\n\r\nCFNetwork Cookies\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: An attacker in a privileged network position can track a\r\nuser's activity\r\nDescription: A cross-domain cookie issue existed in the handling of\r\ntop level domains. The issue was address through improved\r\nrestrictions of cookie creation.\r\nCVE-ID\r\nCVE-2015-5885 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua\r\nUniversity\r\n\r\nCFNetwork FTPProtocol\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: Malicious FTP servers may be able to cause the client to\r\nperform reconnaissance on other hosts\r\nDescription: An issue existed in the handling of FTP packets when\r\nusing the PASV command. This issue was resolved through improved\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5912 : Amit Klein\r\n\r\nCFNetwork HTTPProtocol\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A maliciously crafted URL may be able to bypass HSTS and\r\nleak sensitive data\r\nDescription: A URL parsing vulnerability existed in HSTS handling.\r\nThis issue was addressed through improved URL parsing.\r\nCVE-ID\r\nCVE-2015-5858 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua\r\nUniversity\r\n\r\nCFNetwork HTTPProtocol\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A malicious website may be able to track users in Safari\r\nprivate browsing mode\r\nDescription: An issue existed in the handling of HSTS state in\r\nSafari private browsing mode. This issue was addressed through\r\nimproved state handling.\r\nCVE-ID\r\nCVE-2015-5860 : Sam Greenhalgh of RadicalResearch Ltd\r\n\r\nCFNetwork Proxies\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: Connecting to a malicious web proxy may set malicious\r\ncookies for a website\r\nDescription: An issue existed in the handling of proxy connect\r\nresponses. This issue was addressed by removing the set-cookie header\r\nwhile parsing the connect response.\r\nCVE-ID\r\nCVE-2015-5841 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua\r\nUniversity\r\n\r\nCFNetwork SSL\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: An attacker with a privileged network position may intercept\r\nSSL/TLS connections\r\nDescription: A certificate validation issue existed in NSURL when a\r\ncertificate changed. This issue was addressed through improved\r\ncertificate validation.\r\nCVE-ID\r\nCVE-2015-5824 : Timothy J. Wood of The Omni Group\r\n\r\nCFNetwork SSL\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: An attacker may be able to decrypt data protected by SSL\r\nDescription: There are known attacks on the confidentiality of RC4.\r\nAn attacker could force the use of RC4, even if the server preferred\r\nbetter ciphers, by blocking TLS 1.0 and higher connections until\r\nCFNetwork tried SSL 3.0, which only allows RC4. This issue was\r\naddressed by removing the fallback to SSL 3.0.\r\n\r\nCoreCrypto\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: An attacker may be able to determine a private key\r\nDescription: By observing many signing or decryption attempts, an\r\nattacker may have been able to determine the RSA private key. This\r\nissue was addressed using improved encryption algorithms.\r\n\r\nCoreText\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: Processing a maliciously crafted font file may lead to\r\narbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\nDev Tools\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in dyld. This was\r\naddressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5876 : beist of grayhash\r\n\r\nDev Tools\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: An application may be able to bypass code signing\r\nDescription: An issue existed with validation of the code signature\r\nof executables. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2015-5839 : @PanguTeam\r\n\r\nDisk Images\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in DiskImages. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5847 : Filippo Bigarella, Luca Todesco\r\n\r\ndyld\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: An application may be able to bypass code signing\r\nDescription: An issue existed with validation of the code signature\r\nof executables. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2015-5839 : TaiG Jailbreak Team\r\n\r\nEFI\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A malicious application can prevent some systems from\r\nbooting\r\nDescription: An issue existed with the addresses covered by the\r\nprotected range register. This issue was fixed by changing the\r\nprotected range.\r\nCVE-ID\r\nCVE-2015-5900 : Xeno Kovah & Corey Kallenberg from LegbaCore\r\n\r\nEFI\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A malicious Apple Ethernet Thunderbolt adapter may be able\r\nto affect firmware flashing\r\nDescription: Apple Ethernet Thunderbolt adapters could modify the\r\nhost firmware if connected during an EFI update. This issue was\r\naddressed by not loading option ROMs during updates.\r\nCVE-ID\r\nCVE-2015-5914 : Trammell Hudson of Two Sigma Investments and snare\r\n\r\nFinder\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: The "Secure Empty Trash" feature may not securely delete\r\nfiles placed in the Trash\r\nDescription: An issue existed in guaranteeing secure deletion of\r\nTrash files on some systems, such as those with flash storage. This\r\nissue was addressed by removing the "Secure Empty Trash" option.\r\nCVE-ID\r\nCVE-2015-5901 : Apple\r\n\r\nGame Center\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A malicious Game Center application may be able to access a\r\nplayer's email address\r\nDescription: An issue existed in Game Center in the handling of a\r\nplayer's email. This issue was addressed through improved access\r\nrestrictions.\r\nCVE-ID\r\nCVE-2015-5855 : Nasser Alnasser\r\n\r\nHeimdal\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: An attacker may be able to replay Kerberos credentials to\r\nthe SMB server\r\nDescription: An authentication issue existed in Kerberos\r\ncredentials. This issue was addressed through additional validation\r\nof credentials using a list of recently seen credentials.\r\nCVE-ID\r\nCVE-2015-5913 : Tarun Chopra of Microsoft Corporation, U.S. and Yu\r\nFan of Microsoft Corporation, China\r\n\r\nICU\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: Multiple vulnerabilities in ICU\r\nDescription: Multiple vulnerabilities existed in ICU versions prior\r\nto 53.1.0. These issues were addressed by updating ICU to version\r\n55.1.\r\nCVE-ID\r\nCVE-2014-8146\r\nCVE-2014-8147\r\nCVE-2015-5922\r\n\r\nInstall Framework Legacy\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local user may be able to gain root privileges\r\nDescription: A restriction issue existed in the Install private\r\nframework containing a privileged executable. This issue was\r\naddressed by removing the executable.\r\nCVE-ID\r\nCVE-2015-5888 : Apple\r\n\r\nIntel Graphics Driver\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: Multiple memory corruption issues existed in the Intel\r\nGraphics Driver. These issues were addressed through improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-5830 : Yuki MIZUNO (@mzyy94)\r\nCVE-2015-5877 : Camillus Gerard Cai\r\n\r\nIOAudioFamily\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local user may be able to determine kernel memory layout\r\nDescription: An issue existed in IOAudioFamily that led to the\r\ndisclosure of kernel memory content. This issue was addressed by\r\npermuting kernel pointers.\r\nCVE-ID\r\nCVE-2015-5864 : Luca Todesco\r\n\r\nIOGraphics\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local user may be able to execute arbitrary code with\r\nkernel privileges\r\nDescription: Multiple memory corruption issues existed in the\r\nkernel. These issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5871 : Ilja van Sprundel of IOActive\r\nCVE-2015-5872 : Ilja van Sprundel of IOActive\r\nCVE-2015-5873 : Ilja van Sprundel of IOActive\r\nCVE-2015-5890 : Ilja van Sprundel of IOActive\r\n\r\nIOGraphics\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: An issue existed in IOGraphics which could have led to\r\nthe disclosure of kernel memory layout. This issue was addressed\r\nthrough improved memory management.\r\nCVE-ID\r\nCVE-2015-5865 : Luca Todesco\r\n\r\nIOHIDFamily\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: Multiple memory corruption issues existed in\r\nIOHIDFamily. These issues were addressed through improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-5866 : Apple\r\nCVE-2015-5867 : moony li of Trend Micro\r\n\r\nIOStorageFamily\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local attacker may be able to read kernel memory\r\nDescription: A memory initialization issue existed in the kernel.\r\nThis issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5863 : Ilja van Sprundel of IOActive\r\n\r\nKernel\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local user may be able to execute arbitrary code with\r\nkernel privileges\r\nDescription: Multiple memory corruption issues existed in the\r\nKernel. These issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5868 : Cererdlong of Alibaba Mobile Security Team\r\nCVE-2015-5896 : Maxime Villard of m00nbsd\r\nCVE-2015-5903 : CESG\r\n\r\nKernel\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local process can modify other processes without\r\nentitlement checks\r\nDescription: An issue existed where root processes using the\r\nprocessor_set_tasks API were allowed to retrieve the task ports of\r\nother processes. This issue was addressed through additional\r\nentitlement checks.\r\nCVE-ID\r\nCVE-2015-5882 : Pedro Vilaca, working from original research by\r\nMing-chieh Pan and Sung-ting Tsai; Jonathan Levin\r\n\r\nKernel\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local attacker may control the value of stack cookies\r\nDescription: Multiple weaknesses existed in the generation of user\r\nspace stack cookies. These issues were addressed through improved\r\ngeneration of stack cookies.\r\nCVE-ID\r\nCVE-2013-3951 : Stefan Esser\r\n\r\nKernel\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: An attacker may be able to launch denial of service attacks\r\non targeted TCP connections without knowing the correct sequence\r\nnumber\r\nDescription: An issue existed in xnu's validation of TCP packet\r\nheaders. This issue was addressed through improved TCP packet header\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5879 : Jonathan Looney\r\n\r\nKernel\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: An attacker in a local LAN segment may disable IPv6 routing\r\nDescription: An insufficient validation issue existed in the\r\nhandling of IPv6 router advertisements that allowed an attacker to\r\nset the hop limit to an arbitrary value. This issue was addressed by\r\nenforcing a minimum hop limit.\r\nCVE-ID\r\nCVE-2015-5869 : Dennis Spindel Ljungmark\r\n\r\nKernel\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local user may be able to determine kernel memory layout\r\nDescription: An issue existed that led to the disclosure of kernel\r\nmemory layout. This was addressed through improved initialization of\r\nkernel memory structures.\r\nCVE-ID\r\nCVE-2015-5842 : beist of grayhash\r\n\r\nKernel\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local user may be able to determine kernel memory layout\r\nDescription: An issue existed in debugging interfaces that led to\r\nthe disclosure of memory content. This issue was addressed by\r\nsanitizing output from debugging interfaces.\r\nCVE-ID\r\nCVE-2015-5870 : Apple\r\n\r\nKernel\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local user may be able to cause a system denial of service\r\nDescription: A state management issue existed in debugging\r\nfunctionality. This issue was addressed through improved validation.\r\nCVE-ID\r\nCVE-2015-5902 : Sergi Alvarez (pancake) of NowSecure Research Team\r\n\r\nlibc\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local user may be able to execute arbitrary code with\r\nkernel privileges\r\nDescription: A memory corruption issue existed in the kernel. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2014-8611 : Adrian Chadd and Alfred Perlstein of Norse\r\nCorporation\r\n\r\nlibpthread\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local user may be able to execute arbitrary code with\r\nkernel privileges\r\nDescription: A memory corruption issue existed in the kernel. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5899 : Lufeng Li of Qihoo 360 Vulcan Team\r\n\r\nlibxpc\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: Many SSH connections could cause a denial of service\r\nDescription: launchd had no limit on the number of processes that\r\ncould be started by a network connection. This issue was addressed by\r\nlimiting the number of SSH processes to 40.\r\nCVE-ID\r\nCVE-2015-5881 : Apple\r\n\r\nLogin Window\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: The screen lock may not engage after the specified time\r\nperiod\r\nDescription: An issue existed with captured display locking. The\r\nissue was addressed through improved lock handling.\r\nCVE-ID\r\nCVE-2015-5833 : Carlos Moreira, Rainer Dorau of rainer dorau\r\ninformationsdesign, Chris Nehren, Kai Takac, Hans Douma, Toni\r\nVaahtera, and an anonymous researcher\r\n\r\nlukemftpd\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A remote attacker may be able to deny service to the FTP\r\nserver\r\nDescription: A glob-processing issue existed in tnftpd. This issue\r\nwas addressed through improved glob validation.\r\nCVE-ID\r\nCVE-2015-5917 : Maksymilian Arciemowicz of cxsecurity.com\r\n\r\nMail\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: Printing an email may leak sensitive user information\r\nDescription: An issue existed in Mail which bypassed user\r\npreferences when printing an email. This issue was addressed through\r\nimproved user preference enforcement.\r\nCVE-ID\r\nCVE-2015-5881 : Owen DeLong of Akamai Technologies, Noritaka Kamiya,\r\nDennis Klein from Eschenburg, Germany, Jeff Hammett of Systim\r\nTechnology Partners\r\n\r\nMail\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: An attacker in a privileged network position may be able to\r\nintercept attachments of S/MIME-encrypted e-mail sent via Mail Drop\r\nDescription: An issue existed in handling encryption parameters for\r\nlarge email attachments sent via Mail Drop. The issue is addressed by\r\nno longer offering Mail Drop when sending an encrypted e-mail.\r\nCVE-ID\r\nCVE-2015-5884 : John McCombs of Integrated Mapping Ltd\r\n\r\nMultipeer Connectivity\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local attacker may be able to observe unprotected\r\nmultipeer data\r\nDescription: An issue existed in convenience initializer handling in\r\nwhich encryption could be actively downgraded to a non-encrypted\r\nsession. This issue was addressed by changing the convenience\r\ninitializer to require encryption.\r\nCVE-ID\r\nCVE-2015-5851 : Alban Diquet (@nabla_c0d3) of Data Theorem\r\n\r\nNetworkExtension\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: An uninitialized memory issue in the kernel led to the\r\ndisclosure of kernel memory content. This issue was addressed through\r\nimproved memory initialization.\r\nCVE-ID\r\nCVE-2015-5831 : Maxime Villard of m00nbsd\r\n\r\nNotes\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local user may be able to leak sensitive user information\r\nDescription: An issue existed in parsing links in the Notes\r\napplication. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5878 : Craig Young of Tripwire VERT, an anonymous researcher\r\n\r\nNotes\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local user may be able to leak sensitive user information\r\nDescription: A cross-site scripting issue existed in parsing text by\r\nthe Notes application. This issue was addressed through improved\r\ninput validation.\r\nCVE-ID\r\nCVE-2015-5875 : xisigr of Tencent's Xuanwu LAB (www.tencent.com)\r\n\r\nOpenSSH\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: Multiple vulnerabilities in OpenSSH\r\nDescription: Multiple vulnerabilities existed in OpenSSH versions\r\nprior to 6.9. These issues were addressed by updating OpenSSH to\r\nversion 6.9.\r\nCVE-ID\r\nCVE-2014-2532\r\n\r\nOpenSSL\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: Multiple vulnerabilities in OpenSSL\r\nDescription: Multiple vulnerabilities existed in OpenSSL versions\r\nprior to 0.9.8zg. These were addressed by updating OpenSSL to version\r\n0.9.8zg.\r\nCVE-ID\r\nCVE-2015-0286\r\nCVE-2015-0287\r\n\r\nprocmail\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: Multiple vulnerabilities in procmail\r\nDescription: Multiple vulnerabilities existed in procmail versions\r\nprior to 3.22. These issues were addressed by removing procmail.\r\nCVE-ID\r\nCVE-2014-3618\r\n\r\nremote_cmds\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local user may be able to execute arbitrary code with root\r\nprivileges\r\nDescription: An issue existed in the usage of environment variables\r\nby the rsh binary. This issue was addressed by dropping setuid\r\nprivileges from the rsh binary.\r\nCVE-ID\r\nCVE-2015-5889 : Philip Pettersson\r\n\r\nremovefile\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: Processing malicious data may lead to unexpected application\r\ntermination\r\nDescription: An overflow fault existed in the checkint division\r\nroutines. This issue was addressed with improved division routines.\r\nCVE-ID\r\nCVE-2015-5840 : an anonymous researcher\r\n\r\nRuby\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: Multiple vulnerabilities in Ruby\r\nDescription: Multiple vulnerabilities existed in Ruby versions prior\r\nto 2.0.0p645. These were addressed by updating Ruby to version\r\n2.0.0p645.\r\nCVE-ID\r\nCVE-2014-8080\r\nCVE-2014-8090\r\nCVE-2015-1855\r\n\r\nSecurity\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: The lock state of the keychain may be incorrectly displayed\r\nto the user\r\nDescription: A state management issue existed in the way keychain\r\nlock status was tracked. This issue was addressed through improved\r\nstate management.\r\nCVE-ID\r\nCVE-2015-5915 : Peter Walz of University of Minnesota, David Ephron,\r\nEric E. Lawrence, Apple\r\n\r\nSecurity\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A trust evaluation configured to require revocation checking\r\nmay succeed even if revocation checking fails\r\nDescription: The kSecRevocationRequirePositiveResponse flag was\r\nspecified but not implemented. This issue was addressed by\r\nimplementing the flag.\r\nCVE-ID\r\nCVE-2015-5894 : Hannes Oud of kWallet GmbH\r\n\r\nSecurity\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A remote server may prompt for a certificate before\r\nidentifying itself\r\nDescription: Secure Transport accepted the CertificateRequest\r\nmessage before the ServerKeyExchange message. This issue was\r\naddressed by requiring the ServerKeyExchange first.\r\nCVE-ID\r\nCVE-2015-5887 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine\r\nDelignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of\r\nINRIA Paris-Rocquencourt, and Cedric Fournet and Markulf Kohlweiss of\r\nMicrosoft Research, Pierre-Yves Strub of IMDEA Software Institute\r\n\r\nSMB\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local user may be able to execute arbitrary code with\r\nkernel privileges\r\nDescription: A memory corruption issue existed in the kernel. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5891 : Ilja van Sprundel of IOActive\r\n\r\nSMB\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local user may be able to determine kernel memory layout\r\nDescription: An issue existed in SMBClient that led to the\r\ndisclosure of kernel memory content. This issue was addressed through\r\nimproved bounds checking.\r\nCVE-ID\r\nCVE-2015-5893 : Ilja van Sprundel of IOActive\r\n\r\nSQLite\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: Multiple vulnerabilities in SQLite v3.8.5\r\nDescription: Multiple vulnerabilities existed in SQLite v3.8.5.\r\nThese issues were addressed by updating SQLite to version 3.8.10.2.\r\nCVE-ID\r\nCVE-2015-3414\r\nCVE-2015-3415\r\nCVE-2015-3416\r\n\r\nTelephony\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local attacker can place phone calls without the user's\r\nknowledge when using Continuity\r\nDescription: An issue existed in the authorization checks for\r\nplacing phone calls. This issue was addressed through improved\r\nauthorization checks.\r\nCVE-ID\r\nCVE-2015-3785 : Dan Bastone of Gotham Digital Science\r\n\r\nTerminal\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: Maliciously crafted text could mislead the user in Terminal\r\nDescription: Terminal did not handle bidirectional override\r\ncharacters in the same way when displaying text and when selecting\r\ntext. This issue was addressed by suppressing bidirectional override\r\ncharacters in Terminal.\r\nCVE-ID\r\nCVE-2015-5883 : an anonymous researcher\r\n\r\ntidy\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: Visiting a maliciously crafted website may lead to arbitrary\r\ncode execution\r\nDescription: Multiple memory corruption issues existed in tidy.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5522 : Fernando Munoz of NULLGroup.com\r\nCVE-2015-5523 : Fernando Munoz of NULLGroup.com\r\n\r\nTime Machine\r\nAvailable for: Mac OS X v10.6.8 and later\r\nImpact: A local attacker may gain access to keychain items\r\nDescription: An issue existed in backups by the Time Machine\r\nframework. This issue was addressed through improved coverage of Time\r\nMachine backups.\r\nCVE-ID\r\nCVE-2015-5854 : Jonas Magazinius of Assured AB\r\n\r\nNote: OS X El Capitan 10.11 includes the security content of\r\nSafari 9: https://support.apple.com/kb/HT205265.\r\n\r\nOS X El Capitan 10.11 may be obtained from the Mac App Store:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: https://support.apple.com/kb/HT201222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n", "modified": "2015-10-05T00:00:00", "published": "2015-10-05T00:00:00", "id": "SECURITYVULNS:DOC:32522", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32522", "title": "APPLE-SA-2015-09-30-3 OS X El Capitan 10.11", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:11:00", "bulletinFamily": "software", "description": "\r\n\r\nAPPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update\r\n2015-006\r\n\r\nOS X Yosemite v10.10.5 and Security Update 2015-006 is now available\r\nand addresses the following:\r\n\r\napache\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in Apache 2.4.16, the most\r\nserious of which may allow a remote attacker to cause a denial of\r\nservice.\r\nDescription: Multiple vulnerabilities existed in Apache versions\r\nprior to 2.4.16. These were addressed by updating Apache to version\r\n2.4.16.\r\nCVE-ID\r\nCVE-2014-3581\r\nCVE-2014-3583\r\nCVE-2014-8109\r\nCVE-2015-0228\r\nCVE-2015-0253\r\nCVE-2015-3183\r\nCVE-2015-3185\r\n\r\napache_mod_php\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in PHP 5.5.20, the most\r\nserious of which may lead to arbitrary code execution.\r\nDescription: Multiple vulnerabilities existed in PHP versions prior\r\nto 5.5.20. These were addressed by updating Apache to version 5.5.27.\r\nCVE-ID\r\nCVE-2015-2783\r\nCVE-2015-2787\r\nCVE-2015-3307\r\nCVE-2015-3329\r\nCVE-2015-3330\r\nCVE-2015-4021\r\nCVE-2015-4022\r\nCVE-2015-4024\r\nCVE-2015-4025\r\nCVE-2015-4026\r\nCVE-2015-4147\r\nCVE-2015-4148\r\n\r\nApple ID OD Plug-in\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able change the password of a\r\nlocal user\r\nDescription: In some circumstances, a state management issue existed\r\nin password authentication. The issue was addressed through improved\r\nstate management.\r\nCVE-ID\r\nCVE-2015-3799 : an anonymous researcher working with HP's Zero Day\r\nInitiative\r\n\r\nAppleGraphicsControl\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: An issue existed in AppleGraphicsControl which could\r\nhave led to the disclosure of kernel memory layout. This issue was\r\naddressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2015-5768 : JieTao Yang of KeenTeam\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in\r\nIOBluetoothHCIController. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-3779 : Teddy Reed of Facebook Security\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: A memory management issue could have led to the\r\ndisclosure of kernel memory layout. This issue was addressed with\r\nimproved memory management.\r\nCVE-ID\r\nCVE-2015-3780 : Roberto Paleari and Aristide Fattori of Emaze\r\nNetworks\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious app may be able to access notifications from\r\nother iCloud devices\r\nDescription: An issue existed where a malicious app could access a\r\nBluetooth-paired Mac or iOS device's Notification Center\r\nnotifications via the Apple Notification Center Service. The issue\r\naffected devices using Handoff and logged into the same iCloud\r\naccount. This issue was resolved by revoking access to the Apple\r\nNotification Center Service.\r\nCVE-ID\r\nCVE-2015-3786 : Xiaolong Bai (Tsinghua University), System Security\r\nLab (Indiana University), Tongxin Li (Peking University), XiaoFeng\r\nWang (Indiana University)\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: An attacker with privileged network position may be able to\r\nperform denial of service attack using malformed Bluetooth packets\r\nDescription: An input validation issue existed in parsing of\r\nBluetooth ACL packets. This issue was addressed through improved\r\ninput validation.\r\nCVE-ID\r\nCVE-2015-3787 : Trend Micro\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local attacker may be able to cause unexpected application\r\ntermination or arbitrary code execution\r\nDescription: Multiple buffer overflow issues existed in blued's\r\nhandling of XPC messages. These issues were addressed through\r\nimproved bounds checking.\r\nCVE-ID\r\nCVE-2015-3777 : mitp0sh of [PDX]\r\n\r\nbootp\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious Wi-Fi network may be able to determine networks\r\na device has previously accessed\r\nDescription: Upon connecting to a Wi-Fi network, iOS may have\r\nbroadcast MAC addresses of previously accessed networks via the DNAv4\r\nprotocol. This issue was addressed through disabling DNAv4 on\r\nunencrypted Wi-Fi networks.\r\nCVE-ID\r\nCVE-2015-3778 : Piers O'Hanlon of Oxford Internet Institute,\r\nUniversity of Oxford (on the EPSRC Being There project)\r\n\r\nCloudKit\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to access the iCloud\r\nuser record of a previously signed in user\r\nDescription: A state inconsistency existed in CloudKit when signing\r\nout users. This issue was addressed through improved state handling.\r\nCVE-ID\r\nCVE-2015-3782 : Deepkanwal Plaha of University of Toronto\r\n\r\nCoreMedia Playback\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in CoreMedia Playback.\r\nThese were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5777 : Apple\r\nCVE-2015-5778 : Apple\r\n\r\nCoreText\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5761 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\nCoreText\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5755 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\ncurl\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities in cURL and libcurl prior to\r\n7.38.0, one of which may allow remote attackers to bypass the Same\r\nOrigin Policy.\r\nDescription: Multiple vulnerabilities existed in cURL and libcurl\r\nprior to 7.38.0. These issues were addressed by updating cURL to\r\nversion 7.43.0.\r\nCVE-ID\r\nCVE-2014-3613\r\nCVE-2014-3620\r\nCVE-2014-3707\r\nCVE-2014-8150\r\nCVE-2014-8151\r\nCVE-2015-3143\r\nCVE-2015-3144\r\nCVE-2015-3145\r\nCVE-2015-3148\r\nCVE-2015-3153\r\n\r\nData Detectors Engine\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a sequence of unicode characters can lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in processing of\r\nUnicode characters. These issues were addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-5750 : M1x7e1 of Safeye Team (www.safeye.org)\r\n\r\nDate & Time pref pane\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Applications that rely on system time may have unexpected\r\nbehavior\r\nDescription: An authorization issue existed when modifying the\r\nsystem date and time preferences. This issue was addressed with\r\nadditional authorization checks.\r\nCVE-ID\r\nCVE-2015-3757 : Mark S C Smith\r\n\r\nDictionary Application\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: An attacker with a privileged network position may be able\r\nto intercept users' Dictionary app queries\r\nDescription: An issue existed in the Dictionary app, which did not\r\nproperly secure user communications. This issue was addressed by\r\nmoving Dictionary queries to HTTPS.\r\nCVE-ID\r\nCVE-2015-3774 : Jeffrey Paul of EEQJ, Jan Bee of the Google Security\r\nTeam\r\n\r\nDiskImages\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted DMG file may lead to an\r\nunexpected application termination or arbitrary code execution with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in parsing of\r\nmalformed DMG images. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-3800 : Frank Graziano of the Yahoo Pentest Team\r\n\r\ndyld\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A path validation issue existed in dyld. This was\r\naddressed through improved environment sanitization.\r\nCVE-ID\r\nCVE-2015-3760 : beist of grayhash, Stefan Esser\r\n\r\nFontParser\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-3804 : Apple\r\nCVE-2015-5775 : Apple\r\n\r\nFontParser\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5756 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\ngroff\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple issues in pdfroff\r\nDescription: Multiple issues existed in pdfroff, the most serious of\r\nwhich may allow arbitrary filesystem modification. These issues were\r\naddressed by removing pdfroff.\r\nCVE-ID\r\nCVE-2009-5044\r\nCVE-2009-5078\r\n\r\nImageIO\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nTIFF images. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2015-5758 : Apple\r\n\r\nImageIO\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Visiting a maliciously crafted website may result in the\r\ndisclosure of process memory\r\nDescription: An uninitialized memory access issue existed in\r\nImageIO's handling of PNG and TIFF images. Visiting a malicious\r\nwebsite may result in sending data from process memory to the\r\nwebsite. This issue is addressed through improved memory\r\ninitialization and additional validation of PNG and TIFF images.\r\nCVE-ID\r\nCVE-2015-5781 : Michal Zalewski\r\nCVE-2015-5782 : Michal Zalewski\r\n\r\nInstall Framework Legacy\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with root privileges\r\nDescription: An issue existed in how Install.framework's 'runner'\r\nbinary dropped privileges. This issue was addressed through improved\r\nprivilege management.\r\nCVE-ID\r\nCVE-2015-5784 : Ian Beer of Google Project Zero\r\n\r\nInstall Framework Legacy\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A race condition existed in\r\nInstall.framework's 'runner' binary that resulted in\r\nprivileges being incorrectly dropped. This issue was addressed\r\nthrough improved object locking.\r\nCVE-ID\r\nCVE-2015-5754 : Ian Beer of Google Project Zero\r\n\r\nIOFireWireFamily\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: Memory corruption issues existed in IOFireWireFamily.\r\nThese issues were addressed through additional type input validation.\r\nCVE-ID\r\nCVE-2015-3769 : Ilja van Sprundel\r\nCVE-2015-3771 : Ilja van Sprundel\r\nCVE-2015-3772 : Ilja van Sprundel\r\n\r\nIOGraphics\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in IOGraphics. This\r\nissue was addressed through additional type input validation.\r\nCVE-ID\r\nCVE-2015-3770 : Ilja van Sprundel\r\nCVE-2015-5783 : Ilja van Sprundel\r\n\r\nIOHIDFamily\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A buffer overflow issue existed in IOHIDFamily. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5774 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: An issue existed in the mach_port_space_info interface,\r\nwhich could have led to the disclosure of kernel memory layout. This\r\nwas addressed by disabling the mach_port_space_info interface.\r\nCVE-ID\r\nCVE-2015-3766 : Cererdlong of Alibaba Mobile Security Team,\r\n@PanguTeam\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: An integer overflow existed in the handling of IOKit\r\nfunctions. This issue was addressed through improved validation of\r\nIOKit API arguments.\r\nCVE-ID\r\nCVE-2015-3768 : Ilja van Sprundel\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to cause a system denial of service\r\nDescription: A resource exhaustion issue existed in the fasttrap\r\ndriver. This was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5747 : Maxime VILLARD of m00nbsd\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to cause a system denial of service\r\nDescription: A validation issue existed in the mounting of HFS\r\nvolumes. This was addressed by adding additional checks.\r\nCVE-ID\r\nCVE-2015-5748 : Maxime VILLARD of m00nbsd\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute unsigned code\r\nDescription: An issue existed that allowed unsigned code to be\r\nappended to signed code in a specially crafted executable file. This\r\nissue was addressed through improved code signature validation.\r\nCVE-ID\r\nCVE-2015-3806 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A specially crafted executable file could allow unsigned,\r\nmalicious code to execute\r\nDescription: An issue existed in the way multi-architecture\r\nexecutable files were evaluated that could have allowed unsigned code\r\nto be executed. This issue was addressed through improved validation\r\nof executable files.\r\nCVE-ID\r\nCVE-2015-3803 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute unsigned code\r\nDescription: A validation issue existed in the handling of Mach-O\r\nfiles. This was addressed by adding additional checks.\r\nCVE-ID\r\nCVE-2015-3802 : TaiG Jailbreak Team\r\nCVE-2015-3805 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted plist may lead to an\r\nunexpected application termination or arbitrary code execution with\r\nsystem privileges\r\nDescription: A memory corruption existed in processing of malformed\r\nplists. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3776 : Teddy Reed of Facebook Security, Patrick Stein\r\n(@jollyjinx) of Jinx Germany\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A path validation issue existed. This was addressed\r\nthrough improved environment sanitization.\r\nCVE-ID\r\nCVE-2015-3761 : Apple\r\n\r\nLibc\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted regular expression may lead\r\nto an unexpected application termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in the TRE library.\r\nThese were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3796 : Ian Beer of Google Project Zero\r\nCVE-2015-3797 : Ian Beer of Google Project Zero\r\nCVE-2015-3798 : Ian Beer of Google Project Zero\r\n\r\nLibinfo\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: A remote attacker may be able to cause unexpected\r\napplication termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in handling AF_INET6\r\nsockets. These were addressed by improved memory handling.\r\nCVE-ID\r\nCVE-2015-5776 : Apple\r\n\r\nlibpthread\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in handling syscalls.\r\nThis issue was addressed through improved lock state checking.\r\nCVE-ID\r\nCVE-2015-5757 : Lufeng Li of Qihoo 360\r\n\r\nlibxml2\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in libxml2 versions prior\r\nto 2.9.2, the most serious of which may allow a remote attacker to\r\ncause a denial of service\r\nDescription: Multiple vulnerabilities existed in libxml2 versions\r\nprior to 2.9.2. These were addressed by updating libxml2 to version\r\n2.9.2.\r\nCVE-ID\r\nCVE-2012-6685 : Felix Groebert of Google\r\nCVE-2014-0191 : Felix Groebert of Google\r\n\r\nlibxml2\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted XML document may lead to\r\ndisclosure of user information\r\nDescription: A memory access issue existed in libxml2. This was\r\naddressed by improved memory handling\r\nCVE-ID\r\nCVE-2014-3660 : Felix Groebert of Google\r\n\r\nlibxml2\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted XML document may lead to\r\ndisclosure of user information\r\nDescription: A memory corruption issue existed in parsing of XML\r\nfiles. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3807 : Apple\r\n\r\nlibxpc\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in handling of\r\nmalformed XPC messages. This issue was improved through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2015-3795 : Mathew Rowley\r\n\r\nmail_cmds\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary shell commands\r\nDescription: A validation issue existed in the mailx parsing of\r\nemail addresses. This was addressed by improved sanitization.\r\nCVE-ID\r\nCVE-2014-7844\r\n\r\nNotification Center OSX\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to access all\r\nnotifications previously displayed to users\r\nDescription: An issue existed in Notification Center, which did not\r\nproperly delete user notifications. This issue was addressed by\r\ncorrectly deleting notifications dismissed by users.\r\nCVE-ID\r\nCVE-2015-3764 : Jonathan Zdziarski\r\n\r\nntfs\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in NTFS. This issue\r\nwas addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5763 : Roberto Paleari and Aristide Fattori of Emaze\r\nNetworks\r\n\r\nOpenSSH\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Remote attackers may be able to circumvent a time delay for\r\nfailed login attempts and conduct brute-force attacks\r\nDescription: An issue existed when processing keyboard-interactive\r\ndevices. This issue was addressed through improved authentication\r\nrequest validation.\r\nCVE-ID\r\nCVE-2015-5600\r\n\r\nOpenSSL\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in OpenSSL versions prior\r\nto 0.9.8zg, the most serious of which may allow a remote attacker to\r\ncause a denial of service.\r\nDescription: Multiple vulnerabilities existed in OpenSSL versions\r\nprior to 0.9.8zg. These were addressed by updating OpenSSL to version\r\n0.9.8zg.\r\nCVE-ID\r\nCVE-2015-1788\r\nCVE-2015-1789\r\nCVE-2015-1790\r\nCVE-2015-1791\r\nCVE-2015-1792\r\n\r\nperl\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted regular expression may lead to\r\ndisclosure of unexpected application termination or arbitrary code\r\nexecution\r\nDescription: An integer underflow issue existed in the way Perl\r\nparsed regular expressions. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2013-7422\r\n\r\nPostgreSQL\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: An attacker may be able to cause unexpected application\r\ntermination or gain access to data without proper authentication\r\nDescription: Multiple issues existed in PostgreSQL 9.2.4. These\r\nissues were addressed by updating PostgreSQL to 9.2.13.\r\nCVE-ID\r\nCVE-2014-0067\r\nCVE-2014-8161\r\nCVE-2015-0241\r\nCVE-2015-0242\r\nCVE-2015-0243\r\nCVE-2015-0244\r\n\r\npython\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in Python 2.7.6, the most\r\nserious of which may lead to arbitrary code execution\r\nDescription: Multiple vulnerabilities existed in Python versions\r\nprior to 2.7.6. These were addressed by updating Python to version\r\n2.7.10.\r\nCVE-ID\r\nCVE-2013-7040\r\nCVE-2013-7338\r\nCVE-2014-1912\r\nCVE-2014-7185\r\nCVE-2014-9365\r\n\r\nQL Office\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted Office document may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in parsing of Office\r\ndocuments. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5773 : Apple\r\n\r\nQL Office\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted XML file may lead to\r\ndisclosure of user information\r\nDescription: An external entity reference issue existed in XML file\r\nparsing. This issue was addressed through improved parsing.\r\nCVE-ID\r\nCVE-2015-3784 : Bruno Morisson of INTEGRITY S.A.\r\n\r\nQuartz Composer Framework\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted QuickTime file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in parsing of\r\nQuickTime files. This issue was addressed through improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-5771 : Apple\r\n\r\nQuick Look\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Searching for a previously viewed website may launch the web\r\nbrowser and render that website\r\nDescription: An issue existed where QuickLook had the capability to\r\nexecute JavaScript. The issue was addressed by disallowing execution\r\nof JavaScript.\r\nCVE-ID\r\nCVE-2015-3781 : Andrew Pouliot of Facebook, Anto Loyola of Qubole\r\n\r\nQuickTime 7\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in QuickTime.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3772\r\nCVE-2015-3779\r\nCVE-2015-5753 : Apple\r\nCVE-2015-5779 : Apple\r\n\r\nQuickTime 7\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in QuickTime.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3765 : Joe Burnett of Audio Poison\r\nCVE-2015-3788 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3789 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3790 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3791 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3792 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-5751 : WalkerFuz\r\n\r\nSceneKit\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Viewing a maliciously crafted Collada file may lead to\r\narbitrary code execution\r\nDescription: A heap buffer overflow existed in SceneKit's handling\r\nof Collada files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5772 : Apple\r\n\r\nSceneKit\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: A remote attacker may be able to cause unexpected\r\napplication termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in SceneKit. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3783 : Haris Andrianakis of Google Security Team\r\n\r\nSecurity\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A standard user may be able to gain access to admin\r\nprivileges without proper authentication\r\nDescription: An issue existed in handling of user authentication.\r\nThis issue was addressed through improved authentication checks.\r\nCVE-ID\r\nCVE-2015-3775 : [Eldon Ahrold]\r\n\r\nSMBClient\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A remote attacker may be able to cause unexpected\r\napplication termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the SMB client.\r\nThis issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3773 : Ilja van Sprundel\r\n\r\nSpeech UI\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted unicode string with speech\r\nalerts enabled may lead to an unexpected application termination or\r\narbitrary code execution\r\nDescription: A memory corruption issue existed in handling of\r\nUnicode strings. This issue was addressed by improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-3794 : Adam Greenbaum of Refinitive\r\n\r\nsudo\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in sudo versions prior to\r\n1.7.10p9, the most serious of which may allow an attacker access to\r\narbitrary files\r\nDescription: Multiple vulnerabilities existed in sudo versions prior\r\nto 1.7.10p9. These were addressed by updating sudo to version\r\n1.7.10p9.\r\nCVE-ID\r\nCVE-2013-1775\r\nCVE-2013-1776\r\nCVE-2013-2776\r\nCVE-2013-2777\r\nCVE-2014-0106\r\nCVE-2014-9680\r\n\r\ntcpdump\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in tcpdump 4.7.3, the most\r\nserious of which may allow a remote attacker to cause a denial of\r\nservice.\r\nDescription: Multiple vulnerabilities existed in tcpdump versions\r\nprior to 4.7.3. These were addressed by updating tcpdump to version\r\n4.7.3.\r\nCVE-ID\r\nCVE-2014-8767\r\nCVE-2014-8769\r\nCVE-2014-9140\r\n\r\nText Formats\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted text file may lead to\r\ndisclosure of user information\r\nDescription: An XML external entity reference issue existed with\r\nTextEdit parsing. This issue was addressed through improved parsing.\r\nCVE-ID\r\nCVE-2015-3762 : Xiaoyong Wu of the Evernote Security Team\r\n\r\nudf\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted DMG file may lead to an\r\nunexpected application termination or arbitrary code execution with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in parsing of\r\nmalformed DMG images. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-3767 : beist of grayhash\r\n\r\nOS X Yosemite v10.10.5 includes the security content of Safari 8.0.8:\r\nhttps://support.apple.com/en-us/HT205033\r\n\r\nOS X Yosemite 10.10.5 and Security Update 2015-006 may be obtained\r\nfrom the Mac App Store or Apple's Software Downloads web site:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: https://support.apple.com/kb/HT201222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n\r\n\r\n", "modified": "2015-08-17T00:00:00", "published": "2015-08-17T00:00:00", "id": "SECURITYVULNS:DOC:32390", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32390", "title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:01", "bulletinFamily": "software", "description": "Over 150 different vulnerabilities in system components and libraries.", "modified": "2015-08-17T00:00:00", "published": "2015-08-17T00:00:00", "id": "SECURITYVULNS:VULN:14630", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14630", "title": "Apple Mac OS X / OS X Server multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:02", "bulletinFamily": "software", "description": "Code execution, information disclosure, restrictions bypass, multiple memory corruptions, multiple libraries vulnerabilities.", "modified": "2015-10-25T00:00:00", "published": "2015-10-25T00:00:00", "id": "SECURITYVULNS:VULN:14702", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14702", "title": "Apple Mac OS X / Mac EFI / OS X Server multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:57:19", "bulletinFamily": "unix", "description": "PHP was updated to fix three security issues.\n\n The following vulnerabilities were fixed:\n\n * CVE-2015-3330: Specially crafted PHAR files could, when executed under\n Apache httpd 2.4 (apache2handler), allow arbitrary code execution\n (bnc#928506)\n * CVE-2015-3329: Specially crafted PHAR data could lead to disclosure of\n sensitive information due to a buffer overflow (bnc#928506)\n * CVE-2015-2783: Specially crafted PHAR data could lead to disclosure of\n sensitive information due to a buffer over-read (bnc#928511)\n\n On openSUSE 13.2, the following bug was fixed:\n\n * boo#927147: php5-fpm did not start correctly\n\n", "modified": "2015-05-12T17:05:25", "published": "2015-05-12T17:05:25", "id": "OPENSUSE-SU-2015:0855-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html", "type": "suse", "title": "Security update for php5 (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:37:53", "bulletinFamily": "unix", "description": "PHP was updated to fix ten security issues.\n\n The following vulnerabilities were fixed:\n\n * CVE-2014-9709: A specially crafted GIF file could cause a buffer read\n overflow in php-gd (bnc#923946)\n * CVE-2015-2301: Memory was use after it was freed in PHAR (bnc#922022)\n * CVE-2015-2305: heap overflow vulnerability in regcomp.c (bnc#922452)\n * CVE-2014-9705: heap buffer overflow in Enchant (bnc#922451)\n * CVE-2015-2787: use-after-free vulnerability in the process_nested_data\n function (bnc#924972)\n * unserialize SoapClient type confusion (bnc#925109)\n * CVE-2015-2348: move_uploaded_file truncates a pathNAME upon encountering\n a x00 character (bnc#924970)\n * CVE-2015-3330: Specially crafted PHAR files could, when executed under\n Apache httpd 2.4 (apache2handler), allow arbitrary code execution\n (bnc#928506)\n * CVE-2015-3329: Specially crafted PHAR data could lead to disclosure of\n sensitive information due to a buffer overflow (bnc#928506)\n * CVE-2015-2783: Specially crafted PHAR data could lead to disclosure of\n sensitive information due to a buffer over-read (bnc#928511)\n\n", "modified": "2015-05-13T15:07:04", "published": "2015-05-13T15:07:04", "id": "SUSE-SU-2015:0868-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html", "title": "Security update for php5 (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:09:51", "bulletinFamily": "unix", "description": "This update for php53 to version 5.3.17 fixes the following issues:\n\n These security issues were fixed:\n - CVE-2016-5093: get_icu_value_internal out-of-bounds read (bnc#982010).\n - CVE-2016-5094: Don't create strings with lengths outside int range\n (bnc#982011).\n - CVE-2016-5095: Don't create strings with lengths outside int range\n (bnc#982012).\n - CVE-2016-5096: int/size_t confusion in fread (bsc#982013).\n - CVE-2016-5114: fpm_log.c memory leak and buffer overflow (bnc#982162).\n - CVE-2015-8879: The odbc_bindcols function in ext/odbc/php_odbc.c in PHP\n mishandles driver behavior for SQL_WVARCHAR columns, which allowed\n remote attackers to cause a denial of service (application crash) in\n opportunistic circumstances by leveraging use of the odbc_fetch_array\n function to access a certain type of Microsoft SQL Server table\n (bsc#981050).\n - CVE-2015-4116: Use-after-free vulnerability in the spl_ptr_heap_insert\n function in ext/spl/spl_heap.c in PHP allowed remote attackers to\n execute arbitrary code by triggering a failed SplMinHeap::compare\n operation (bsc#980366).\n - CVE-2015-8874: Stack consumption vulnerability in GD in PHP allowed\n remote attackers to cause a denial of service via a crafted\n imagefilltoborder call (bsc#980375).\n - CVE-2015-8873: Stack consumption vulnerability in Zend/zend_exceptions.c\n in PHP allowed remote attackers to cause a denial of service\n (segmentation fault) via recursive method calls (bsc#980373).\n - CVE-2016-4540: The grapheme_stripos function in\n ext/intl/grapheme/grapheme_string.c in PHP allowed remote attackers to\n cause a denial of service (out-of-bounds read) or possibly have\n unspecified other impact via a negative offset (bsc#978829).\n - CVE-2016-4541: The grapheme_strpos function in\n ext/intl/grapheme/grapheme_string.c in PHP allowed remote attackers to\n cause a denial of service (out-of-bounds read) or possibly have\n unspecified other impact via a negative offset (bsc#978829.\n - CVE-2016-4542: The exif_process_IFD_TAG function in ext/exif/exif.c in\n PHP did not properly construct spprintf arguments, which allowed remote\n attackers to cause a denial of service (out-of-bounds read) or possibly\n have unspecified other impact via crafted header data (bsc#978830).\n - CVE-2016-4543: The exif_process_IFD_in_JPEG function in ext/exif/exif.c\n in PHP did not validate IFD sizes, which allowed remote attackers to\n cause a denial of service (out-of-bounds read) or possibly have\n unspecified other impact via crafted header data (bsc#978830.\n - CVE-2016-4544: The exif_process_TIFF_in_JPEG function in ext/exif/exif.c\n in PHP did not validate TIFF start data, which allowed remote attackers\n to cause a denial of service (out-of-bounds read) or possibly have\n unspecified other impact via crafted header data (bsc#978830.\n - CVE-2016-4537: The bcpowmod function in ext/bcmath/bcmath.c in PHP\n accepted a negative integer for the scale argument, which allowed remote\n attackers to cause a denial of service or possibly have unspecified\n other impact via a crafted call (bsc#978827).\n - CVE-2016-4538: The bcpowmod function in ext/bcmath/bcmath.c in PHP\n modified certain data structures without considering whether they are\n copies of the _zero_, _one_, or _two_ global variable, which allowed\n remote attackers to cause a denial of service or possibly have\n unspecified other impact via a crafted call (bsc#978827).\n - CVE-2016-4539: The xml_parse_into_struct function in ext/xml/xml.c in\n PHP allowed remote attackers to cause a denial of service (buffer\n under-read and segmentation fault) or possibly have unspecified other\n impact via crafted XML data in the second argument, leading to a parser\n level of zero (bsc#978828).\n - CVE-2016-4342: ext/phar/phar_object.c in PHP mishandles zero-length\n uncompressed data, which allowed remote attackers to cause a denial of\n service (heap memory corruption) or possibly have unspecified other\n impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive (bsc#977991).\n - CVE-2016-4346: Integer overflow in the str_pad function in\n ext/standard/string.c in PHP allowed remote attackers to cause a denial\n of service or possibly have unspecified other impact via a long string,\n leading to a heap-based buffer overflow (bsc#977994).\n - CVE-2016-4073: Multiple integer overflows in the mbfl_strcut function in\n ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP allowed remote attackers to\n cause a denial of service (application crash) or possibly execute\n arbitrary code via a crafted mb_strcut call (bsc#977003).\n - CVE-2015-8867: The openssl_random_pseudo_bytes function in\n ext/openssl/openssl.c in PHP incorrectly relied on the deprecated\n RAND_pseudo_bytes function, which made it easier for remote attackers to\n defeat cryptographic protection mechanisms via unspecified vectors\n (bsc#977005).\n - CVE-2016-4070: Integer overflow in the php_raw_url_encode function in\n ext/standard/url.c in PHP allowed remote attackers to cause a denial of\n service (application crash) via a long string to the rawurlencode\n function (bsc#976997).\n - CVE-2015-8866: ext/libxml/libxml.c in PHP when PHP-FPM is used, did not\n isolate each thread from libxml_disable_entity_loader changes in other\n threads, which allowed remote attackers to conduct XML External Entity\n (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document,\n a related issue to CVE-2015-5161 (bsc#976996).\n - CVE-2015-8838: ext/mysqlnd/mysqlnd.c in PHP used a client SSL option to\n mean that SSL is optional, which allowed man-in-the-middle attackers to\n spoof servers via a cleartext-downgrade attack, a related issue to\n CVE-2015-3152 (bsc#973792).\n - CVE-2015-8835: The make_http_soap_request function in\n ext/soap/php_http.c in PHP did not properly retrieve keys, which allowed\n remote attackers to cause a denial of service (NULL pointer dereference,\n type confusion, and application crash) or possibly execute arbitrary\n code via crafted serialized data representing a numerically indexed\n _cookies array, related to the SoapClient::__call method in\n ext/soap/soap.c (bsc#973351).\n - CVE-2016-3141: Use-after-free vulnerability in wddx.c in the WDDX\n extension in PHP allowed remote attackers to cause a denial of service\n (memory corruption and application crash) or possibly have unspecified\n other impact by triggering a wddx_deserialize call on XML data\n containing a crafted var element (bsc#969821).\n - CVE-2016-3142: The phar_parse_zipfile function in zip.c in the PHAR\n extension in PHP allowed remote attackers to obtain sensitive\n information from process memory or cause a denial of service\n (out-of-bounds read and application crash) by placing a PK\\x05\\x06\n signature at an invalid location (bsc#971912).\n - CVE-2014-9767: Directory traversal vulnerability in the\n ZipArchive::extractTo function in ext/zip/php_zip.c in PHP\n ext/zip/ext_zip.cpp in HHVM allowed remote attackers to create arbitrary\n empty directories via a crafted ZIP archive (bsc#971612).\n - CVE-2016-3185: The make_http_soap_request function in\n ext/soap/php_http.c in PHP allowed remote attackers to obtain sensitive\n information from process memory or cause a denial of service (type\n confusion and application crash) via crafted serialized _cookies data,\n related to the SoapClient::__call method in ext/soap/soap.c (bsc#971611).\n - CVE-2016-2554: Stack-based buffer overflow in ext/phar/tar.c in PHP\n allowed remote attackers to cause a denial of service (application\n crash) or possibly have unspecified other impact via a crafted TAR\n archive (bsc#968284).\n - CVE-2015-7803: The phar_get_entry_data function in ext/phar/util.c in\n PHP allowed remote attackers to cause a denial of service (NULL pointer\n dereference and application crash) via a .phar file with a crafted TAR\n archive entry in which the Link indicator references a file that did not\n exist (bsc#949961).\n - CVE-2015-6831: Multiple use-after-free vulnerabilities in SPL in PHP\n allowed remote attackers to execute arbitrary code via vectors involving\n (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList,\n which are mishandled during unserialization (bsc#942291).\n - CVE-2015-6833: Directory traversal vulnerability in the PharData class\n in PHP allowed remote attackers to write to arbitrary files via a ..\n (dot dot) in a ZIP archive entry that is mishandled during an extractTo\n call (bsc#942296.\n - CVE-2015-6836: The SoapClient __call method in ext/soap/soap.c in PHP\n did not properly manage headers, which allowed remote attackers to\n execute arbitrary code via crafted serialized data that triggers a "type\n confusion" in the serialize_function_call function (bsc#945428).\n - CVE-2015-6837: The xsl_ext_function_php function in\n ext/xsl/xsltprocessor.c in PHP when libxml2 is used, did not consider\n the possibility of a NULL valuePop return value proceeding with a free\n operation during initial error checking, which allowed remote attackers\n to cause a denial of service (NULL pointer dereference and application\n crash) via a crafted XML document, a different vulnerability than\n CVE-2015-6838 (bsc#945412).\n - CVE-2015-6838: The xsl_ext_function_php function in\n ext/xsl/xsltprocessor.c in PHP when libxml2 is used, did not consider\n the possibility of a NULL valuePop return value proceeding with a free\n operation after the principal argument loop, which allowed remote\n attackers to cause a denial of service (NULL pointer dereference and\n application crash) via a crafted XML document, a different vulnerability\n than CVE-2015-6837 (bsc#945412).\n - CVE-2015-5590: Stack-based buffer overflow in the phar_fix_filepath\n function in ext/phar/phar.c in PHP allowed remote attackers to cause a\n denial of service or possibly have unspecified other impact via a large\n length value, as demonstrated by mishandling of an e-mail attachment by\n the imap PHP extension (bsc#938719).\n - CVE-2015-5589: The phar_convert_to_other function in\n ext/phar/phar_object.c in PHP did not validate a file pointer a close\n operation, which allowed remote attackers to cause a denial of service\n (segmentation fault) or possibly have unspecified other impact via a\n crafted TAR archive that is mishandled in a Phar::convertToData call\n (bsc#938721).\n - CVE-2015-4602: The __PHP_Incomplete_Class function in\n ext/standard/incomplete_class.c in PHP allowed remote attackers to cause\n a denial of service (application crash) or possibly execute arbitrary\n code via an unexpected data type, related to a "type confusion" issue\n (bsc#935224).\n - CVE-2015-4599: The SoapFault::__toString method in ext/soap/soap.c in\n PHP allowed remote attackers to obtain sensitive information, cause a\n denial of service (application crash), or possibly execute arbitrary\n code via an unexpected data type, related to a "type confusion" issue\n (bsc#935226).\n - CVE-2015-4600: The SoapClient implementation in PHP allowed remote\n attackers to cause a denial of service (application crash) or possibly\n execute arbitrary code via an unexpected data type, related to "type\n confusion" issues in the (1) SoapClient::__getLastRequest, (2)\n SoapClient::__getLastResponse, (3) SoapClient::__getLastRequestHeaders,\n (4) SoapClient::__getLastResponseHeaders, (5) SoapClient::__getCookies,\n and (6) SoapClient::__setCookie methods (bsc#935226).\n - CVE-2015-4601: PHP allowed remote attackers to cause a denial of service\n (application crash) or possibly execute arbitrary code via an unexpected\n data type, related to "type confusion" issues in (1)\n ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3)\n ext/soap/soap.c, a different issue than CVE-2015-4600 (bsc#935226.\n - CVE-2015-4603: The exception::getTraceAsString function in\n Zend/zend_exceptions.c in PHP allowed remote attackers to execute\n arbitrary code via an unexpected data type, related to a "type\n confusion" issue (bsc#935234).\n - CVE-2015-4644: The php_pgsql_meta_data function in pgsql.c in the\n PostgreSQL (aka pgsql) extension in PHP did not validate token\n extraction for table names, which might allowed remote attackers to\n cause a denial of service (NULL pointer dereference and application\n crash) via a crafted name. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2015-1352 (bsc#935274).\n - CVE-2015-4643: Integer overflow in the ftp_genlist function in\n ext/ftp/ftp.c in PHP allowed remote FTP servers to execute arbitrary\n code via a long reply to a LIST command, leading to a heap-based buffer\n overflow. NOTE: this vulnerability exists because of an incomplete fix\n for CVE-2015-4022 (bsc#935275).\n - CVE-2015-3411: PHP did not ensure that pathnames lack %00 sequences,\n which might have allowed remote attackers to read or write to arbitrary\n files via crafted input to an application that calls (1) a DOMDocument\n load method, (2) the xmlwriter_open_uri function, (3) the finfo_file\n function, or (4) the hash_hmac_file function, as demonstrated by a\n filename\\0.xml attack that bypasses an intended configuration in which\n client users may read only .xml files (bsc#935227).\n - CVE-2015-3412: PHP did not ensure that pathnames lack %00 sequences,\n which might have allowed remote attackers to read arbitrary files via\n crafted input to an application that calls the\n stream_resolve_include_path function in ext/standard/streamsfuncs.c, as\n demonstrated by a filename\\0.extension attack that bypasses an intended\n configuration in which client users may read files with only one\n specific extension (bsc#935229).\n - CVE-2015-4598: PHP did not ensure that pathnames lack %00 sequences,\n which might have allowed remote attackers to read or write to arbitrary\n files via crafted input to an application that calls (1) a DOMDocument\n save method or (2) the GD imagepsloadfont function, as demonstrated by a\n filename\\0.html attack that bypasses an intended configuration in which\n client users may write to only .html files (bsc#935232).\n - CVE-2015-4148: The do_soap_call function in ext/soap/soap.c in PHP did\n not verify that the uri property is a string, which allowed remote\n attackers to obtain sensitive information by providing crafted\n serialized data with an int data type, related to a "type confusion"\n issue (bsc#933227).\n - CVE-2015-4024: Algorithmic complexity vulnerability in the\n multipart_buffer_headers function in main/rfc1867.c in PHP allowed\n remote attackers to cause a denial of service (CPU consumption) via\n crafted form data that triggers an improper order-of-growth outcome\n (bsc#931421).\n - CVE-2015-4026: The pcntl_exec implementation in PHP truncates a pathname\n upon encountering a \\x00 character, which might allowed remote attackers\n to bypass intended extension restrictions and execute files with\n unexpected names via a crafted first argument. NOTE: this vulnerability\n exists because of an incomplete fix for CVE-2006-7243 (bsc#931776).\n - CVE-2015-4022: Integer overflow in the ftp_genlist function in\n ext/ftp/ftp.c in PHP allowed remote FTP servers to execute arbitrary\n code via a long reply to a LIST command, leading to a heap-based buffer\n overflow (bsc#931772).\n - CVE-2015-4021: The phar_parse_tarfile function in ext/phar/tar.c in PHP\n did not verify that the first character of a filename is different from\n the \\0 character, which allowed remote attackers to cause a denial of\n service (integer underflow and memory corruption) via a crafted entry in\n a tar archive (bsc#931769).\n - CVE-2015-3329: Multiple stack-based buffer overflows in the\n phar_set_inode function in phar_internal.h in PHP allowed remote\n attackers to execute arbitrary code via a crafted length value in a (1)\n tar, (2) phar, or (3) ZIP archive (bsc#928506).\n - CVE-2015-2783: ext/phar/phar.c in PHP allowed remote attackers to obtain\n sensitive information from process memory or cause a denial of service\n (buffer over-read and application crash) via a crafted length value in\n conjunction with crafted serialized data in a phar archive, related to\n the phar_parse_metadata and phar_parse_pharfile functions (bsc#928511).\n - CVE-2015-2787: Use-after-free vulnerability in the process_nested_data\n function in ext/standard/var_unserializer.re in PHP allowed remote\n attackers to execute arbitrary code via a crafted unserialize call that\n leverages use of the unset function within an __wakeup function, a\n related issue to CVE-2015-0231 (bsc#924972).\n - CVE-2014-9709: The GetCode_ function in gd_gif_in.c in GD 2.1.1 and\n earlier, as used in PHP allowed remote attackers to cause a denial of\n service (buffer over-read and application crash) via a crafted GIF image\n that is improperly handled by the gdImageCreateFromGif function\n (bsc#923945).\n - CVE-2015-2301: Use-after-free vulnerability in the phar_rename_archive\n function in phar_object.c in PHP allowed remote attackers to cause a\n denial of service or possibly have unspecified other impact via vectors\n that trigger an attempted renaming of a Phar archive to the name of an\n existing file (bsc#922452).\n - CVE-2015-2305: Integer overflow in the regcomp implementation in the\n Henry Spencer BSD regex library (aka rxspencer) 32-bit platforms might\n have allowed context-dependent attackers to execute arbitrary code via a\n large regular expression that leads to a heap-based buffer overflow\n (bsc#921950).\n - CVE-2014-9705: Heap-based buffer overflow in the\n enchant_broker_request_dict function in ext/enchant/enchant.c in PHP\n allowed remote attackers to execute arbitrary code via vectors that\n trigger creation of multiple dictionaries (bsc#922451).\n - CVE-2015-0273: Multiple use-after-free vulnerabilities in\n ext/date/php_date.c in PHP allowed remote attackers to execute arbitrary\n code via crafted serialized input containing a (1) R or (2) r type\n specifier in (a) DateTimeZone data handled by the\n php_date_timezone_initialize_from_hash function or (b) DateTime data\n handled by the php_date_initialize_from_hash function (bsc#918768).\n - CVE-2014-9652: The mconvert function in softmagic.c in file as used in\n the Fileinfo component in PHP did not properly handle a certain\n string-length field during a copy of a truncated version of a Pascal\n string, which might allowed remote attackers to cause a denial of\n service (out-of-bounds memory access and application crash) via a\n crafted file (bsc#917150).\n - CVE-2014-8142: Use-after-free vulnerability in the process_nested_data\n function in ext/standard/var_unserializer.re in PHP allowed remote\n attackers to execute arbitrary code via a crafted unserialize call that\n leverages improper handling of duplicate keys within the serialized\n properties of an object, a different vulnerability than CVE-2004-1019\n (bsc#910659).\n - CVE-2015-0231: Use-after-free vulnerability in the process_nested_data\n function in ext/standard/var_unserializer.re in PHP allowed remote\n attackers to execute arbitrary code via a crafted unserialize call that\n leverages improper handling of duplicate numerical keys within the\n serialized properties of an object. NOTE: this vulnerability exists\n because of an incomplete fix for CVE-2014-8142 (bsc#910659).\n - CVE-2014-8142: Use-after-free vulnerability in the process_nested_data\n function in ext/standard/var_unserializer.re in PHP allowed remote\n attackers to execute arbitrary code via a crafted unserialize call that\n leverages improper handling of duplicate keys within the serialized\n properties of an object, a different vulnerability than CVE-2004-1019\n (bsc#910659).\n - CVE-2015-0232: The exif_process_unicode function in ext/exif/exif.c in\n PHP allowed remote attackers to execute arbitrary code or cause a denial\n of service (uninitialized pointer free and application crash) via\n crafted EXIF data in a JPEG image (bsc#914690).\n - CVE-2014-3670: The exif_ifd_make_value function in exif.c in the EXIF\n extension in PHP operates on floating-point arrays incorrectly, which\n allowed remote attackers to cause a denial of service (heap memory\n corruption and application crash) or possibly execute arbitrary code via\n a crafted JPEG image with TIFF thumbnail data that is improperly handled\n by the exif_thumbnail function (bsc#902357).\n - CVE-2014-3669: Integer overflow in the object_custom function in\n ext/standard/var_unserializer.c in PHP allowed remote attackers to cause\n a denial of service (application crash) or possibly execute arbitrary\n code via an argument to the unserialize function that triggers\n calculation of a large length value (bsc#902360).\n - CVE-2014-3668: Buffer overflow in the date_from_ISO8601 function in the\n mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in\n PHP allowed remote attackers to cause a denial of service (application\n crash) via (1) a crafted first argument to the xmlrpc_set_type function\n or (2) a crafted argument to the xmlrpc_decode function, related to an\n out-of-bounds read operation (bsc#902368).\n - CVE-2014-5459: The PEAR_REST class in REST.php in PEAR in PHP allowed\n local users to write to arbitrary files via a symlink attack on a (1)\n rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to\n the retrieveCacheFirst and useLocalCache functions (bsc#893849).\n - CVE-2014-3597: Multiple buffer overflows in the php_parserr function in\n ext/standard/dns.c in PHP allowed remote DNS servers to cause a denial\n of service (application crash) or possibly execute arbitrary code via a\n crafted DNS record, related to the dns_get_record function and the\n dn_expand function. NOTE: this issue exists because of an incomplete fix\n for CVE-2014-4049 (bsc#893853).\n - CVE-2014-4670: Use-after-free vulnerability in ext/spl/spl_dllist.c in\n the SPL component in PHP allowed context-dependent attackers to cause a\n denial of service or possibly have unspecified other impact via crafted\n iterator usage within applications in certain web-hosting environments\n (bsc#886059).\n - CVE-2014-4698: Use-after-free vulnerability in ext/spl/spl_array.c in\n the SPL component in PHP allowed context-dependent attackers to cause a\n denial of service or possibly have unspecified other impact via crafted\n ArrayIterator usage within applications in certain web-hosting\n environments (bsc#886060).\n - CVE-2014-4721: The phpinfo implementation in ext/standard/info.c in PHP\n did not ensure use of the string data type for the PHP_AUTH_PW,\n PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might\n allowed context-dependent attackers to obtain sensitive information from\n process memory by using the integer data type with crafted values,\n related to a "type confusion" vulnerability, as demonstrated by reading\n a private SSL key in an Apache HTTP Server web-hosting environment with\n mod_ssl and a PHP 5.3.x mod_php (bsc#885961).\n - CVE-2014-0207: The cdf_read_short_sector function in cdf.c in file as\n used in the Fileinfo component in PHP allowed remote attackers to cause\n a denial of service (assertion failure and application exit) via a\n crafted CDF file (bsc#884986).\n - CVE-2014-3478: Buffer overflow in the mconvert function in softmagic.c\n in file as used in the Fileinfo component in PHP allowed remote\n attackers to cause a denial of service (application crash) via a crafted\n Pascal string in a FILE_PSTRING conversion (bsc#884987).\n - CVE-2014-3479: The cdf_check_stream_offset function in cdf.c in file as\n used in the Fileinfo component in PHP relies on incorrect sector-size\n data, which allowed remote attackers to cause a denial of service\n (application crash) via a crafted stream offset in a CDF file\n (bsc#884989).\n - CVE-2014-3480: The cdf_count_chain function in cdf.c in file as used in\n the Fileinfo component in PHP did not properly validate sector-count\n data, which allowed remote attackers to cause a denial of service\n (application crash) via a crafted CDF file (bsc#884990).\n - CVE-2014-3487: The cdf_read_property_info function in file as used in\n the Fileinfo component in PHP did not properly validate a stream offset,\n which allowed remote attackers to cause a denial of service (application\n crash) via a crafted CDF file (bsc#884991).\n - CVE-2014-3515: The SPL component in PHP incorrectly anticipates that\n certain data structures will have the array data type after\n unserialization, which allowed remote attackers to execute arbitrary\n code via a crafted string that triggers use of a Hashtable destructor,\n related to "type confusion" issues in (1) ArrayObject and (2)\n SPLObjectStorage (bsc#884992).\n\n These non-security issues were fixed:\n - bnc#935074: compare with SQL_NULL_DATA correctly\n - bnc#935074: fix segfault in odbc_fetch_array\n - bnc#919080: fix timezone map\n - bnc#925109: unserialize SoapClient type confusion\n\n", "modified": "2016-06-21T13:08:17", "published": "2016-06-21T13:08:17", "id": "SUSE-SU-2016:1638-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00041.html", "title": "Security update for php53 (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:10:08", "bulletinFamily": "unix", "description": "It was discovered that PHP incorrectly handled cleanup when used with Apache 2.4. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-3330)\n\nIt was discovered that PHP incorrectly handled opening tar, zip or phar archives through the PHAR extension. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-3329)\n\nIt was discovered that PHP incorrectly handled regular expressions. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-2305)\n\nPaulos Yibelo discovered that PHP incorrectly handled moving files when a pathname contained a null character. A remote attacker could use this issue to possibly bypass filename restrictions. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-2348)\n\nIt was discovered that PHP incorrectly handled unserializing PHAR files. A remote attacker could use this issue to cause PHP to possibly expose sensitive information. (CVE-2015-2783)\n\nTaoguang Chen discovered that PHP incorrectly handled unserializing certain objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-2787)", "modified": "2015-04-20T00:00:00", "published": "2015-04-20T00:00:00", "id": "USN-2572-1", "href": "https://usn.ubuntu.com/2572-1/", "title": "PHP vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-16T22:14:03", "bulletinFamily": "unix", "description": "Package : php5\nVersion : 5.3.3.1-7+squeeze26\nCVE ID : CVE-2014-9705 CVE-2015-0232 CVE-2015-2301 CVE-2015-2331\n CVE-2015-2783 CVE-2015-2787 CVE-2015-3329 CVE-2015-3330\n\nCVE-2014-9705\n Heap-based buffer overflow in the enchant_broker_request_dict\n function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x\n before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers\n to execute arbitrary code via vectors that trigger creation of\n multiple dictionaries.\n\nCVE-2015-0232\n The exif_process_unicode function in ext/exif/exif.c in PHP\n before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5\n allows remote attackers to execute arbitrary code or cause a\n denial of service (uninitialized pointer free and application\n crash) via crafted EXIF data in a JPEG image.\n\nCVE-2015-2301\n Use-after-free vulnerability in the phar_rename_archive function\n in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6\n allows remote attackers to cause a denial of service or possibly\n have unspecified other impact via vectors that trigger an attempted\n renaming of a Phar archive to the name of an existing file.\n\nCVE-2015-2331\n Integer overflow in the _zip_cdir_new function in zip_dirent.c\n in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP\n before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and\n other products, allows remote attackers to cause a denial of\n service (application crash) or possibly execute arbitrary code\n via a ZIP archive that contains many entries, leading to a\n heap-based buffer overflow.\n\nCVE-2015-2783\n Buffer Over-read in unserialize when parsing Phar\n\nCVE-2015-2787\n Use-after-free vulnerability in the process_nested_data function\n in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x\n before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to\n execute arbitrary code via a crafted unserialize call that\n leverages use of the unset function within an __wakeup function,\n a related issue to CVE-2015-0231.\n\nCVE-2015-3329\n Buffer Overflow when parsing tar/zip/phar in phar_set_inode)\n\nCVE-2015-3330\n PHP potential remote code execution with apache 2.4 apache2handler\n\nCVE-2015-temp-68819\n denial of service when processing a crafted file with Fileinfo\n\n", "modified": "2015-04-29T21:00:22", "published": "2015-04-29T21:00:22", "id": "DEBIAN:DLA-212-1:91793", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201504/msg00025.html", "title": "[SECURITY] [DLA 212-1] php5 security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-18T13:49:16", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3280-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJune 07, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : php5\nCVE ID : CVE-2015-2783 CVE-2015-3329 CVE-2015-4021 CVE-2015-4022 \n CVE-2015-4024 CVE-2015-4025 CVE-2015-4026\n\nMultiple vulnerabilities have been discovered in PHP:\n\nCVE-2015-4025 / CVE-2015-4026\n\n Multiple function didn't check for NULL bytes in path names.\n\nCVE-2015-4024\n\n Denial of service when processing multipart/form-data requests.\n\nCVE-2015-4022\n\n Integer overflow in the ftp_genlist() function may result in\n denial of service or potentially the execution of arbitrary code.\n\nCVE-2015-4021 CVE-2015-3329 CVE-2015-2783\n\n Multiple vulnerabilities in the phar extension may result in\n denial of service or potentially the execution of arbitrary code\n when processing malformed archives.\n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 5.4.41-0+deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.6.9+dfsg-0+deb8u1.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 5.6.9+dfsg-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 5.6.9+dfsg-1.\n\nWe recommend that you upgrade your php5 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2015-06-07T17:07:13", "published": "2015-06-07T17:07:13", "id": "DEBIAN:DSA-3280-1:3B96E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00175.html", "title": "[SECURITY] [DSA 3280-1] php5 security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "amazon": [{"lastseen": "2018-10-02T16:55:16", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nA buffer overflow vulnerability was found in PHP's phar (PHP Archive) implementation. See <https://bugs.php.net/bug.php?id=69324> for more details. ([CVE-2015-2783 __](<https://access.redhat.com/security/cve/CVE-2015-2783>))\n\nA use-after-free flaw was found in PHP's phar (PHP Archive) paths implementation. A malicious script author could possibly use this flaw to disclose certain portions of server memory. ([CVE-2015-2301 __](<https://access.redhat.com/security/cve/CVE-2015-2301>))\n\nA buffer over-read flaw was found in the GD library. A specially crafted GIF file could cause an application using the gdImageCreateFromGif() function to crash. ([CVE-2014-9709 __](<https://access.redhat.com/security/cve/CVE-2014-9709>))\n\nA NULL pointer dereference flaw was found in PHP's pgsql extension. A specially crafted table name passed to function as pg_insert() or pg_select() could cause a PHP application to crash. ([CVE-2015-1352 __](<https://access.redhat.com/security/cve/CVE-2015-1352>))\n\nA buffer overflow flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. ([CVE-2015-3329 __](<https://access.redhat.com/security/cve/CVE-2015-3329>))\n\n \n**Affected Packages:** \n\n\nphp54\n\n \n**Issue Correction:** \nRun _yum update php54_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n php54-mysqlnd-5.4.40-1.68.amzn1.i686 \n php54-xmlrpc-5.4.40-1.68.amzn1.i686 \n php54-devel-5.4.40-1.68.amzn1.i686 \n php54-pgsql-5.4.40-1.68.amzn1.i686 \n php54-enchant-5.4.40-1.68.amzn1.i686 \n php54-cli-5.4.40-1.68.amzn1.i686 \n php54-soap-5.4.40-1.68.amzn1.i686 \n php54-dba-5.4.40-1.68.amzn1.i686 \n php54-mysql-5.4.40-1.68.amzn1.i686 \n php54-ldap-5.4.40-1.68.amzn1.i686 \n php54-pdo-5.4.40-1.68.amzn1.i686 \n php54-recode-5.4.40-1.68.amzn1.i686 \n php54-tidy-5.4.40-1.68.amzn1.i686 \n php54-common-5.4.40-1.68.amzn1.i686 \n php54-process-5.4.40-1.68.amzn1.i686 \n php54-intl-5.4.40-1.68.amzn1.i686 \n php54-fpm-5.4.40-1.68.amzn1.i686 \n php54-snmp-5.4.40-1.68.amzn1.i686 \n php54-debuginfo-5.4.40-1.68.amzn1.i686 \n php54-5.4.40-1.68.amzn1.i686 \n php54-odbc-5.4.40-1.68.amzn1.i686 \n php54-embedded-5.4.40-1.68.amzn1.i686 \n php54-xml-5.4.40-1.68.amzn1.i686 \n php54-gd-5.4.40-1.68.amzn1.i686 \n php54-mcrypt-5.4.40-1.68.amzn1.i686 \n php54-mssql-5.4.40-1.68.amzn1.i686 \n php54-mbstring-5.4.40-1.68.amzn1.i686 \n php54-imap-5.4.40-1.68.amzn1.i686 \n php54-pspell-5.4.40-1.68.amzn1.i686 \n php54-bcmath-5.4.40-1.68.amzn1.i686 \n \n src: \n php54-5.4.40-1.68.amzn1.src \n \n x86_64: \n php54-mbstring-5.4.40-1.68.amzn1.x86_64 \n php54-dba-5.4.40-1.68.amzn1.x86_64 \n php54-soap-5.4.40-1.68.amzn1.x86_64 \n php54-pgsql-5.4.40-1.68.amzn1.x86_64 \n php54-xml-5.4.40-1.68.amzn1.x86_64 \n php54-devel-5.4.40-1.68.amzn1.x86_64 \n php54-tidy-5.4.40-1.68.amzn1.x86_64 \n php54-enchant-5.4.40-1.68.amzn1.x86_64 \n php54-common-5.4.40-1.68.amzn1.x86_64 \n php54-mysqlnd-5.4.40-1.68.amzn1.x86_64 \n php54-gd-5.4.40-1.68.amzn1.x86_64 \n php54-snmp-5.4.40-1.68.amzn1.x86_64 \n php54-odbc-5.4.40-1.68.amzn1.x86_64 \n php54-intl-5.4.40-1.68.amzn1.x86_64 \n php54-5.4.40-1.68.amzn1.x86_64 \n php54-debuginfo-5.4.40-1.68.amzn1.x86_64 \n php54-pdo-5.4.40-1.68.amzn1.x86_64 \n php54-process-5.4.40-1.68.amzn1.x86_64 \n php54-bcmath-5.4.40-1.68.amzn1.x86_64 \n php54-pspell-5.4.40-1.68.amzn1.x86_64 \n php54-xmlrpc-5.4.40-1.68.amzn1.x86_64 \n php54-fpm-5.4.40-1.68.amzn1.x86_64 \n php54-embedded-5.4.40-1.68.amzn1.x86_64 \n php54-recode-5.4.40-1.68.amzn1.x86_64 \n php54-mssql-5.4.40-1.68.amzn1.x86_64 \n php54-mcrypt-5.4.40-1.68.amzn1.x86_64 \n php54-ldap-5.4.40-1.68.amzn1.x86_64 \n php54-cli-5.4.40-1.68.amzn1.x86_64 \n php54-mysql-5.4.40-1.68.amzn1.x86_64 \n php54-imap-5.4.40-1.68.amzn1.x86_64 \n \n \n", "modified": "2015-06-15T14:29:00", "published": "2015-06-15T14:29:00", "id": "ALAS-2015-509", "href": "https://alas.aws.amazon.com/ALAS-2015-509.html", "title": "Important: php54", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-02T16:55:09", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nA use-after-free flaw was found in PHP's OPcache extension. This flaw could possibly lead to a disclosure of portion of server memory. ([CVE-2015-1351 __](<https://access.redhat.com/security/cve/CVE-2015-1351>))\n\nA NULL pointer dereference flaw was found in PHP's pgsql extension. A specially crafted table name passed to function as pg_insert() or pg_select() could cause a PHP application to crash. ([CVE-2015-1352 __](<https://access.redhat.com/security/cve/CVE-2015-1352>))\n\nA buffer overflow flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. ([CVE-2015-3329 __](<https://access.redhat.com/security/cve/CVE-2015-3329>))\n\n \n**Affected Packages:** \n\n\nphp56\n\n \n**Issue Correction:** \nRun _yum update php56_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n php56-recode-5.6.8-1.111.amzn1.i686 \n php56-process-5.6.8-1.111.amzn1.i686 \n php56-opcache-5.6.8-1.111.amzn1.i686 \n php56-odbc-5.6.8-1.111.amzn1.i686 \n php56-common-5.6.8-1.111.amzn1.i686 \n php56-xmlrpc-5.6.8-1.111.amzn1.i686 \n php56-enchant-5.6.8-1.111.amzn1.i686 \n php56-intl-5.6.8-1.111.amzn1.i686 \n php56-bcmath-5.6.8-1.111.amzn1.i686 \n php56-mysqlnd-5.6.8-1.111.amzn1.i686 \n php56-ldap-5.6.8-1.111.amzn1.i686 \n php56-fpm-5.6.8-1.111.amzn1.i686 \n php56-cli-5.6.8-1.111.amzn1.i686 \n php56-devel-5.6.8-1.111.amzn1.i686 \n php56-soap-5.6.8-1.111.amzn1.i686 \n php56-gmp-5.6.8-1.111.amzn1.i686 \n php56-debuginfo-5.6.8-1.111.amzn1.i686 \n php56-tidy-5.6.8-1.111.amzn1.i686 \n php56-mssql-5.6.8-1.111.amzn1.i686 \n php56-imap-5.6.8-1.111.amzn1.i686 \n php56-mcrypt-5.6.8-1.111.amzn1.i686 \n php56-pdo-5.6.8-1.111.amzn1.i686 \n php56-5.6.8-1.111.amzn1.i686 \n php56-dba-5.6.8-1.111.amzn1.i686 \n php56-snmp-5.6.8-1.111.amzn1.i686 \n php56-dbg-5.6.8-1.111.amzn1.i686 \n php56-mbstring-5.6.8-1.111.amzn1.i686 \n php56-pgsql-5.6.8-1.111.amzn1.i686 \n php56-xml-5.6.8-1.111.amzn1.i686 \n php56-gd-5.6.8-1.111.amzn1.i686 \n php56-embedded-5.6.8-1.111.amzn1.i686 \n php56-pspell-5.6.8-1.111.amzn1.i686 \n \n src: \n php56-5.6.8-1.111.amzn1.src \n \n x86_64: \n php56-mbstring-5.6.8-1.111.amzn1.x86_64 \n php56-debuginfo-5.6.8-1.111.amzn1.x86_64 \n php56-ldap-5.6.8-1.111.amzn1.x86_64 \n php56-bcmath-5.6.8-1.111.amzn1.x86_64 \n php56-pdo-5.6.8-1.111.amzn1.x86_64 \n php56-snmp-5.6.8-1.111.amzn1.x86_64 \n php56-mssql-5.6.8-1.111.amzn1.x86_64 \n php56-tidy-5.6.8-1.111.amzn1.x86_64 \n php56-pgsql-5.6.8-1.111.amzn1.x86_64 \n php56-mysqlnd-5.6.8-1.111.amzn1.x86_64 \n php56-cli-5.6.8-1.111.amzn1.x86_64 \n php56-mcrypt-5.6.8-1.111.amzn1.x86_64 \n php56-dbg-5.6.8-1.111.amzn1.x86_64 \n php56-xml-5.6.8-1.111.amzn1.x86_64 \n php56-process-5.6.8-1.111.amzn1.x86_64 \n php56-intl-5.6.8-1.111.amzn1.x86_64 \n php56-odbc-5.6.8-1.111.amzn1.x86_64 \n php56-enchant-5.6.8-1.111.amzn1.x86_64 \n php56-gmp-5.6.8-1.111.amzn1.x86_64 \n php56-xmlrpc-5.6.8-1.111.amzn1.x86_64 \n php56-embedded-5.6.8-1.111.amzn1.x86_64 \n php56-dba-5.6.8-1.111.amzn1.x86_64 \n php56-gd-5.6.8-1.111.amzn1.x86_64 \n php56-imap-5.6.8-1.111.amzn1.x86_64 \n php56-devel-5.6.8-1.111.amzn1.x86_64 \n php56-recode-5.6.8-1.111.amzn1.x86_64 \n php56-opcache-5.6.8-1.111.amzn1.x86_64 \n php56-soap-5.6.8-1.111.amzn1.x86_64 \n php56-common-5.6.8-1.111.amzn1.x86_64 \n php56-fpm-5.6.8-1.111.amzn1.x86_64 \n php56-pspell-5.6.8-1.111.amzn1.x86_64 \n php56-5.6.8-1.111.amzn1.x86_64 \n \n \n", "modified": "2015-06-15T14:29:00", "published": "2015-06-15T14:29:00", "id": "ALAS-2015-511", "href": "https://alas.aws.amazon.com/ALAS-2015-511.html", "title": "Low: php56", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-02T16:55:08", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nA use-after-free flaw was found in PHP's OPcache extension. This flaw could possibly lead to a disclosure of portion of server memory. ([CVE-2015-1351 __](<https://access.redhat.com/security/cve/CVE-2015-1351>))\n\nA NULL pointer dereference flaw was found in PHP's pgsql extension. A specially crafted table name passed to function as pg_insert() or pg_select() could cause a PHP application to crash. ([CVE-2015-1352 __](<https://access.redhat.com/security/cve/CVE-2015-1352>))\n\nA buffer overflow flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. ([CVE-2015-3329 __](<https://access.redhat.com/security/cve/CVE-2015-3329>))\n\n \n**Affected Packages:** \n\n\nphp55\n\n \n**Issue Correction:** \nRun _yum update php55_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n php55-tidy-5.5.24-1.100.amzn1.i686 \n php55-process-5.5.24-1.100.amzn1.i686 \n php55-snmp-5.5.24-1.100.amzn1.i686 \n php55-enchant-5.5.24-1.100.amzn1.i686 \n php55-opcache-5.5.24-1.100.amzn1.i686 \n php55-mssql-5.5.24-1.100.amzn1.i686 \n php55-pgsql-5.5.24-1.100.amzn1.i686 \n php55-gmp-5.5.24-1.100.amzn1.i686 \n php55-xml-5.5.24-1.100.amzn1.i686 \n php55-ldap-5.5.24-1.100.amzn1.i686 \n php55-debuginfo-5.5.24-1.100.amzn1.i686 \n php55-mysqlnd-5.5.24-1.100.amzn1.i686 \n php55-dba-5.5.24-1.100.amzn1.i686 \n php55-odbc-5.5.24-1.100.amzn1.i686 \n php55-devel-5.5.24-1.100.amzn1.i686 \n php55-common-5.5.24-1.100.amzn1.i686 \n php55-imap-5.5.24-1.100.amzn1.i686 \n php55-recode-5.5.24-1.100.amzn1.i686 \n php55-mbstring-5.5.24-1.100.amzn1.i686 \n php55-pdo-5.5.24-1.100.amzn1.i686 \n php55-pspell-5.5.24-1.100.amzn1.i686 \n php55-gd-5.5.24-1.100.amzn1.i686 \n php55-bcmath-5.5.24-1.100.amzn1.i686 \n php55-5.5.24-1.100.amzn1.i686 \n php55-xmlrpc-5.5.24-1.100.amzn1.i686 \n php55-intl-5.5.24-1.100.amzn1.i686 \n php55-embedded-5.5.24-1.100.amzn1.i686 \n php55-mcrypt-5.5.24-1.100.amzn1.i686 \n php55-soap-5.5.24-1.100.amzn1.i686 \n php55-cli-5.5.24-1.100.amzn1.i686 \n php55-fpm-5.5.24-1.100.amzn1.i686 \n \n src: \n php55-5.5.24-1.100.amzn1.src \n \n x86_64: \n php55-dba-5.5.24-1.100.amzn1.x86_64 \n php55-mysqlnd-5.5.24-1.100.amzn1.x86_64 \n php55-process-5.5.24-1.100.amzn1.x86_64 \n php55-cli-5.5.24-1.100.amzn1.x86_64 \n php55-imap-5.5.24-1.100.amzn1.x86_64 \n php55-mcrypt-5.5.24-1.100.amzn1.x86_64 \n php55-embedded-5.5.24-1.100.amzn1.x86_64 \n php55-snmp-5.5.24-1.100.amzn1.x86_64 \n php55-intl-5.5.24-1.100.amzn1.x86_64 \n php55-common-5.5.24-1.100.amzn1.x86_64 \n php55-gmp-5.5.24-1.100.amzn1.x86_64 \n php55-ldap-5.5.24-1.100.amzn1.x86_64 \n php55-pdo-5.5.24-1.100.amzn1.x86_64 \n php55-fpm-5.5.24-1.100.amzn1.x86_64 \n php55-bcmath-5.5.24-1.100.amzn1.x86_64 \n php55-tidy-5.5.24-1.100.amzn1.x86_64 \n php55-opcache-5.5.24-1.100.amzn1.x86_64 \n php55-enchant-5.5.24-1.100.amzn1.x86_64 \n php55-mbstring-5.5.24-1.100.amzn1.x86_64 \n php55-devel-5.5.24-1.100.amzn1.x86_64 \n php55-gd-5.5.24-1.100.amzn1.x86_64 \n php55-debuginfo-5.5.24-1.100.amzn1.x86_64 \n php55-soap-5.5.24-1.100.amzn1.x86_64 \n php55-xmlrpc-5.5.24-1.100.amzn1.x86_64 \n php55-pgsql-5.5.24-1.100.amzn1.x86_64 \n php55-pspell-5.5.24-1.100.amzn1.x86_64 \n php55-5.5.24-1.100.amzn1.x86_64 \n php55-xml-5.5.24-1.100.amzn1.x86_64 \n php55-mssql-5.5.24-1.100.amzn1.x86_64 \n php55-recode-5.5.24-1.100.amzn1.x86_64 \n php55-odbc-5.5.24-1.100.amzn1.x86_64 \n \n \n", "modified": "2015-06-15T14:29:00", "published": "2015-06-15T14:29:00", "id": "ALAS-2015-510", "href": "https://alas.aws.amazon.com/ALAS-2015-510.html", "title": "Low: php55", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "hackerone": [{"lastseen": "2018-08-31T00:39:15", "bulletinFamily": "bugbounty", "bounty": 1000.0, "description": "https://bugs.php.net/bug.php?id=69441\n\nMultiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.", "modified": "2015-04-14T00:00:00", "published": "2015-04-14T00:00:00", "id": "H1:73237", "href": "https://hackerone.com/reports/73237", "title": "PHP (IBB): Buffer Over flow when parsing tar/zip/phar in phar_set_inode", "type": "hackerone", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T00:39:15", "bulletinFamily": "bugbounty", "bounty": 1000.0, "description": "https://bugs.php.net/bug.php?id=69324\n\next/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions.", "modified": "2015-04-14T00:00:00", "published": "2015-03-29T00:00:00", "id": "H1:73238", "href": "https://hackerone.com/reports/73238", "title": "PHP (IBB): Buffer Over-read in unserialize when parsing Phar", "type": "hackerone", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}], "slackware": [{"lastseen": "2018-08-31T00:37:12", "bulletinFamily": "unix", "description": "New php packages are available for Slackware 14.0, 14.1, and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/php-5.4.40-i486-1_slack14.1.txz: Upgraded.\n This update fixes some security issues.\n Please note that this package build also moves the configuration files\n from /etc/httpd to /etc, /etc/php.d, and /etc/php-fpm.d.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2783\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3330\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.40-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.40-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.40-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.40-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.8-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.8-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\n2666059d6540b1b4385d25dfc5ebbe99 php-5.4.40-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nc146f500912ba9c7e5d652e5e3643c04 php-5.4.40-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n9efc8a96f9a3f3261e5f640292b1b781 php-5.4.40-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n2c95e077f314f1cfa3ee83b9aba90b91 php-5.4.40-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n30d14f237c71fada0d594c2360a58016 n/php-5.6.8-i486-1.txz\n\nSlackware x86_64 -current package:\n1a0fcc590aa4dff5de5f08293936d0d9 n/php-5.6.8-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg php-5.4.40-i486-1_slack14.1.txz\n\nThen, restart Apache httpd:\n > /etc/rc.d/rc.httpd stop\n > /etc/rc.d/rc.httpd start", "modified": "2015-04-21T18:22:40", "published": "2015-04-21T18:22:40", "id": "SSA-2015-111-10", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.429606", "title": "php", "type": "slackware", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:36", "bulletinFamily": "unix", "description": "- CVE-2015-1351 (denial of service)\n\nUse-after-free vulnerability in the _zend_shared_memdup function in\nzend_shared_alloc.c in the OPcache extension allows remote attackers to\ncause a denial of service or possibly have unspecified other impact via\nunknown vectors.\n\n- CVE-2015-1352 (denial of service)\n\nThe build_tablename function in pgsql.c in the PostgreSQL (aka pgsql)\nextension does not validate token extraction for table names, which\nallows remote attackers to cause a denial of service (NULL pointer\ndereference and application crash) via a crafted name.\n\n- CVE-2015-2783 (out-of-bounds read)\n\nThe vulnerability can be triggered when parsing a PHAR file at\nphar.c:623. The "buf_len" is obtained from the phar file and passed into\nphp_var_unserialize() as the max argument. Under normal\nphp_var_unserialize() circumstances, YYCURSOR will always be <= max.\nThis however can be bypassed when processing a malform phar with a\nbuf_len that is shorter then the string to be unserialized resulting in\na memory info leak.", "modified": "2015-04-17T00:00:00", "published": "2015-04-17T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-April/000291.html", "id": "ASA-201504-14", "title": "php: multiple issues", "type": "archlinux", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:47:53", "bulletinFamily": "unix", "description": "[5.5.21-4]\n- fix more functions accept paths with NUL character #1213407\n[5.5.21-3]\n- core: fix multipart/form-data request can use excessive\n amount of CPU usage CVE-2015-4024\n- fix various functions accept paths with NUL character\n CVE-2015-4025, CVE-2015-4026, #1213407\n- fileinfo: fix denial of service when processing a crafted\n file #1213442\n- ftp: fix integer overflow leading to heap overflow when\n reading FTP file listing CVE-2015-4022\n- phar: fix buffer over-read in metadata parsing CVE-2015-2783\n- phar: invalid pointer free() in phar_tar_process_metadata()\n CVE-2015-3307\n- phar: fix buffer overflow in phar_set_inode() CVE-2015-3329\n- phar: fix memory corruption in phar_parse_tarfile caused by\n empty entry file name CVE-2015-4021\n- pgsql: fix NULL pointer dereference CVE-2015-1352\n- soap: fix type confusion through unserialize #1222538\n- apache2handler: fix pipelined request executed in deinitialized\n interpreter under httpd 2.4 CVE-2015-3330", "modified": "2016-02-04T00:00:00", "published": "2016-02-04T00:00:00", "id": "ELSA-2015-1186", "href": "http://linux.oracle.com/errata/ELSA-2015-1186.html", "title": "php55-php security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:44:09", "bulletinFamily": "unix", "description": "php54\n[2.0-1]\n- fix incorrect selinux contexts #1194332\nphp54-php\n[5.4.40-1]\n- rebase to PHP 5.4.40 for various security fix #1209887\n[5.4.37-1]\n- rebase to PHP 5.4.37\n[5.4.36-1]\n- rebase to PHP 5.4.36 #1168193\n- fix package name in description\n- php-fpm own session dir\nphp54-php-pecl-zendopcache\n[7.0.4-3]\n- fix use after free CVE-2015-1351\n[7.0.4-2]\n- add upstream patch for failed test\n[7.0.4-1]\n- Update to 7.0.4\n[7.0.3-1]\n- update to 7.0.3 #1055927", "modified": "2016-02-04T00:00:00", "published": "2016-02-04T00:00:00", "id": "ELSA-2015-1066", "href": "http://linux.oracle.com/errata/ELSA-2015-1066.html", "title": "php54 security and bug fix update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:41:18", "bulletinFamily": "unix", "description": "[5.3.3-46]\n- fix gzfile accept paths with NUL character #1213407\n- fix patch for CVE-2015-4024\n[5.3.3-45]\n- fix more functions accept paths with NUL character #1213407\n[5.3.3-44]\n- soap: missing fix for #1222538 and #1204868\n[5.3.3-43]\n- core: fix multipart/form-data request can use excessive\n amount of CPU usage CVE-2015-4024\n- fix various functions accept paths with NUL character\n CVE-2015-4026, #1213407\n- ftp: fix integer overflow leading to heap overflow when\n reading FTP file listing CVE-2015-4022\n- phar: fix buffer over-read in metadata parsing CVE-2015-2783\n- phar: invalid pointer free() in phar_tar_process_metadata()\n CVE-2015-3307\n- phar: fix buffer overflow in phar_set_inode() CVE-2015-3329\n- phar: fix memory corruption in phar_parse_tarfile caused by\n empty entry file name CVE-2015-4021\n- soap: more fix type confusion through unserialize #1222538\n[5.3.3-42]\n- soap: more fix type confusion through unserialize #1204868\n[5.3.3-41]\n- core: fix double in zend_ts_hash_graceful_destroy CVE-2014-9425\n- core: fix use-after-free in unserialize CVE-2015-2787\n- exif: fix free on unitialized pointer CVE-2015-0232\n- gd: fix buffer read overflow in gd_gif.c CVE-2014-9709\n- date: fix use after free vulnerability in unserialize CVE-2015-0273\n- enchant: fix heap buffer overflow in enchant_broker_request_dict\n CVE-2014-9705\n- phar: use after free in phar_object.c CVE-2015-2301\n- soap: fix type confusion through unserialize", "modified": "2015-07-09T00:00:00", "published": "2015-07-09T00:00:00", "id": "ELSA-2015-1218", "href": "http://linux.oracle.com/errata/ELSA-2015-1218.html", "title": "php security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:47:20", "bulletinFamily": "unix", "description": "[5.4.16-36]\n- fix more functions accept paths with NUL character #1213407\n[5.4.16-35]\n- core: fix multipart/form-data request can use excessive\n amount of CPU usage CVE-2015-4024\n- fix various functions accept paths with NUL character\n CVE-2015-4025, CVE-2015-4026, #1213407\n- fileinfo: fix denial of service when processing a crafted\n file #1213442\n- ftp: fix integer overflow leading to heap overflow when\n reading FTP file listing CVE-2015-4022\n- phar: fix buffer over-read in metadata parsing CVE-2015-2783\n- phar: invalid pointer free() in phar_tar_process_metadata()\n CVE-2015-3307\n- phar: fix buffer overflow in phar_set_inode() CVE-2015-3329\n- phar: fix memory corruption in phar_parse_tarfile caused by\n empty entry file name CVE-2015-4021\n- soap: fix type confusion through unserialize #1222538\n- apache2handler: fix pipelined request executed in deinitialized\n interpreter under httpd 2.4 CVE-2015-3330\n[5.4.16-34]\n- fix memory corruption in fileinfo module on big endian\n machines #1082624\n- fix segfault in pdo_odbc on x86_64 #1159892\n- fix segfault in gmp allocator #1154760\n[5.4.16-33]\n- core: use after free vulnerability in unserialize()\n CVE-2014-8142 and CVE-2015-0231\n- core: fix use-after-free in unserialize CVE-2015-2787\n- core: fix NUL byte injection in file name argument of\n move_uploaded_file() CVE-2015-2348\n- date: use after free vulnerability in unserialize CVE-2015-0273\n- enchant: fix heap buffer overflow in enchant_broker_request_dict\n CVE-2014-9705\n- exif: free called on unitialized pointer CVE-2015-0232\n- fileinfo: fix out of bounds read in mconvert CVE-2014-9652\n- gd: fix buffer read overflow in gd_gif_in.c CVE-2014-9709\n- phar: use after free in phar_object.c CVE-2015-2301\n- soap: fix type confusion through unserialize\n[5.4.16-31]\n- fileinfo: fix out-of-bounds read in elf note headers. CVE-2014-3710\n[5.4.16-29]\n- xmlrpc: fix out-of-bounds read flaw in mkgmtime() CVE-2014-3668\n- core: fix integer overflow in unserialize() CVE-2014-3669\n- exif: fix heap corruption issue in exif_thumbnail() CVE-2014-3670\n[5.4.16-27]\n- gd: fix NULL pointer dereference in gdImageCreateFromXpm().\n CVE-2014-2497\n- gd: fix NUL byte injection in file names. CVE-2014-5120\n- fileinfo: fix extensive backtracking in regular expression\n (incomplete fix for CVE-2013-7345). CVE-2014-3538\n- fileinfo: fix mconvert incorrect handling of truncated\n pascal string size. CVE-2014-3478\n- fileinfo: fix cdf_read_property_info\n (incomplete fix for CVE-2012-1571). CVE-2014-3587\n- spl: fix use-after-free in ArrayIterator due to object\n change during sorting. CVE-2014-4698\n- spl: fix use-after-free in SPL Iterators. CVE-2014-4670\n- network: fix segfault in dns_get_record\n (incomplete fix for CVE-2014-4049). CVE-2014-3597\n[5.4.16-25]\n- fix segfault after startup on aarch64 (#1107567)\n- compile php with -O3 on ppc64le (#1123499)", "modified": "2015-06-23T00:00:00", "published": "2015-06-23T00:00:00", "id": "ELSA-2015-1135", "href": "http://linux.oracle.com/errata/ELSA-2015-1135.html", "title": "php security and bug fix update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-12-11T19:43:11", "bulletinFamily": "unix", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA flaw was found in the way the PHP module for the Apache httpd web server\nhandled pipelined requests. A remote attacker could use this flaw to\ntrigger the execution of a PHP script in a deinitialized interpreter,\ncausing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP's FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2015-4602, CVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-4025, CVE-2015-4026, CVE-2015-3411,\nCVE-2015-3412, CVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2783,\nCVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nMultiple flaws were found in PHP's File Information (fileinfo) extension.\nA remote attacker could cause a PHP application to crash if it used\nfileinfo to identify type of attacker supplied files. (CVE-2015-4604,\nCVE-2015-4605)\n\nAll php55-php users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After installing\nthe updated packages, the httpd24-httpd service must be restarted for the\nupdate to take effect.\n", "modified": "2018-06-13T01:28:16", "published": "2015-06-25T04:00:00", "id": "RHSA-2015:1186", "href": "https://access.redhat.com/errata/RHSA-2015:1186", "type": "redhat", "title": "(RHSA-2015:1186) Important: php55-php security update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:43:26", "bulletinFamily": "unix", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. The php54 packages provide a recent stable release of PHP with\nthe PEAR 1.9.4, APC 3.1.15, and memcache 3.0.8 PECL extensions, and a\nnumber of additional utilities.\n\nThe php54 packages have been upgraded to upstream version 5.4.40, which\nprovides a number of bug fixes over the version shipped in Red Hat Software\nCollections 1. (BZ#1168193)\n\nThe following security issues were fixed in the php54-php component:\n\nA flaw was found in the way the PHP module for the Apache httpd web server\nhandled pipelined requests. A remote attacker could use this flaw to\ntrigger the execution of a PHP script in a deinitialized interpreter,\ncausing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application.\n(CVE-2015-0232)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,\nCVE-2015-2787, CVE-2015-4147, CVE-2015-4148)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2783,\nCVE-2015-3307, CVE-2015-3329)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP's enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash.\n(CVE-2014-9705)\n\nA heap buffer overflow flaw was found in PHP's regular expression\nextension. An attacker able to make PHP process a specially crafted regular\nexpression pattern could cause it to crash and possibly execute arbitrary\ncode. (CVE-2015-2305)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nA use-after-free flaw was found in PHP's phar (PHP Archive) extension.\nAn attacker able to trigger certain error condition in phar archive\nprocessing could possibly use this flaw to disclose certain portions of\nserver memory. (CVE-2015-2301)\n\nAn ouf-of-bounds read flaw was found in the way the File Information\n(fileinfo) extension processed certain Pascal strings. A remote attacker\ncould cause a PHP application to crash if it used fileinfo to identify the\ntype of the attacker-supplied file. (CVE-2014-9652)\n\nIt was found that PHP move_uploaded_file() function did not properly handle\nfile names with a NULL character. A remote attacker could possibly use this\nflaw to make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-2348)\n\nA flaw was found in the way PHP handled malformed source files when running\nin CGI mode. A specially crafted PHP file could cause PHP CGI to crash.\n(CVE-2014-9427)\n\nThe following security issue was fixed in the php54-php-pecl-zendopcache\ncomponent:\n\nA use-after-free flaw was found in PHP's OPcache extension. This flaw could\npossibly lead to a disclosure of a portion of the server memory.\n(CVE-2015-1351)\n\nAll php54 users are advised to upgrade to these updated packages, which\ncorrect these issues. After installing the updated packages, the httpd\nservice must be restarted for the update to take effect.\n", "modified": "2018-06-13T01:28:17", "published": "2015-06-04T04:00:00", "id": "RHSA-2015:1066", "href": "https://access.redhat.com/errata/RHSA-2015:1066", "type": "redhat", "title": "(RHSA-2015:1066) Important: php54 security and bug fix update", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T21:41:47", "bulletinFamily": "unix", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA flaw was found in the way the PHP module for the Apache httpd web server\nhandled pipelined requests. A remote attacker could use this flaw to\ntrigger the execution of a PHP script in a deinitialized interpreter,\ncausing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP's FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2015-4602, CVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-4025, CVE-2015-4026, CVE-2015-3411,\nCVE-2015-3412, CVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2783,\nCVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nMultiple flaws were found in PHP's File Information (fileinfo) extension.\nA remote attacker could cause a PHP application to crash if it used\nfileinfo to identify type of attacker supplied files. (CVE-2015-4604,\nCVE-2015-4605)\n\nAll rh-php56-php users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After installing\nthe updated packages, the httpd24-httpd service must be restarted for the\nupdate to take effect.\n", "modified": "2018-06-13T01:28:27", "published": "2015-06-25T04:00:00", "id": "RHSA-2015:1187", "href": "https://access.redhat.com/errata/RHSA-2015:1187", "type": "redhat", "title": "(RHSA-2015:1187) Important: rh-php56-php security update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:41:45", "bulletinFamily": "unix", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA flaw was found in the way the PHP module for the Apache httpd web server\nhandled pipelined requests. A remote attacker could use this flaw to\ntrigger the execution of a PHP script in a deinitialized interpreter,\ncausing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application.\n(CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP's FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,\nCVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600,\nCVE-2015-4601, CVE-2015-4602, CVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026,\nCVE-2015-3411, CVE-2015-3412, CVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nMultiple flaws were found in PHP's File Information (fileinfo) extension.\nA remote attacker could cause a PHP application to crash if it used\nfileinfo to identify type of attacker supplied files. (CVE-2014-9652,\nCVE-2015-4604, CVE-2015-4605)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP's enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash.\n(CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nThis update also fixes the following bugs:\n\n* The libgmp library in some cases terminated unexpectedly with a\nsegmentation fault when being used with other libraries that use the GMP\nmemory management. With this update, PHP no longer changes libgmp memory\nallocators, which prevents the described crash from occurring. (BZ#1212305)\n\n* When using the Open Database Connectivity (ODBC) API, the PHP process\nin some cases terminated unexpectedly with a segmentation fault. The\nunderlying code has been adjusted to prevent this crash. (BZ#1212299)\n\n* Previously, running PHP on a big-endian system sometimes led to memory\ncorruption in the fileinfo module. This update adjusts the behavior of\nthe PHP pointer so that it can be freed without causing memory corruption.\n(BZ#1212298)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\n", "modified": "2018-04-12T03:33:12", "published": "2015-06-23T04:00:00", "id": "RHSA-2015:1135", "href": "https://access.redhat.com/errata/RHSA-2015:1135", "type": "redhat", "title": "(RHSA-2015:1135) Important: php security and bug fix update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:42:20", "bulletinFamily": "unix", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application.\n(CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP's FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2015-0273, CVE-2015-2787, CVE-2015-4147,\nCVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602,\nCVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-4026, CVE-2015-3411, CVE-2015-3412,\nCVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP's enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash.\n(CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nA double free flaw was found in zend_ts_hash_graceful_destroy() function in\nthe PHP ZTS module. This flaw could possibly cause a PHP application to\ncrash. (CVE-2014-9425)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\n", "modified": "2018-06-07T08:58:11", "published": "2015-07-09T04:00:00", "id": "RHSA-2015:1218", "href": "https://access.redhat.com/errata/RHSA-2015:1218", "type": "redhat", "title": "(RHSA-2015:1218) Moderate: php security update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2018-08-31T01:14:42", "bulletinFamily": "unix", "description": "\nThe PHP project reports:\n\nThe PHP development team announces the immediate\n\t availability of PHP 5.4.40. 14 security-related\n\t bugs were fixed in this release, including\n\t CVE-2014-9709, CVE-2015-2301, CVE-2015-2783,\n\t CVE-2015-1352. All PHP 5.4 users are encouraged to\n\t upgrade to this version.\nThe PHP development team announces the immediate\n\t availability of PHP 5.5.24. Several bugs have been\n\t fixed, some of them being security related, like\n\t CVE-2015-1351 and CVE-2015-1352. All PHP 5.5 users\n\t are encouraged to upgrade to this version.\nThe PHP development team announces the immediate\n\t availability of PHP 5.6.8. Several bugs have been\n\t fixed, some of them being security related, like\n\t CVE-2015-1351 and CVE-2015-1352. All PHP 5.6 users\n\t are encouraged to upgrade to this version.\n\n", "modified": "2015-05-22T00:00:00", "published": "2015-04-16T00:00:00", "id": "1E232A0C-EB57-11E4-B595-4061861086C1", "href": "https://vuxml.freebsd.org/freebsd/1e232a0c-eb57-11e4-b595-4061861086c1.html", "title": "Several vulnerabilities found in PHP", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:47:07", "bulletinFamily": "unix", "description": "### Background\n\nPHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. \n\n### Description\n\nMultiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nAn attacker can possibly execute arbitrary code or create a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll PHP 5.4 users should upgrade to the latest 5.5 stable branch, as PHP 5.4 is now masked in Portage: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev=lang/php-5.5.33\"\n \n\nAll PHP 5.5 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev=lang/php-5.5.33\"\n \n\nAll PHP 5.6 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev=lang/php-5.6.19\"", "modified": "2016-06-19T00:00:00", "published": "2016-06-19T00:00:00", "id": "GLSA-201606-10", "href": "https://security.gentoo.org/glsa/201606-10", "type": "gentoo", "title": "PHP: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:26:04", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2015:1135\n\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA flaw was found in the way the PHP module for the Apache httpd web server\nhandled pipelined requests. A remote attacker could use this flaw to\ntrigger the execution of a PHP script in a deinitialized interpreter,\ncausing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application.\n(CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP's FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,\nCVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600,\nCVE-2015-4601, CVE-2015-4602, CVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026,\nCVE-2015-3411, CVE-2015-3412, CVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nMultiple flaws were found in PHP's File Information (fileinfo) extension.\nA remote attacker could cause a PHP application to crash if it used\nfileinfo to identify type of attacker supplied files. (CVE-2014-9652,\nCVE-2015-4604, CVE-2015-4605)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP's enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash.\n(CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nThis update also fixes the following bugs:\n\n* The libgmp library in some cases terminated unexpectedly with a\nsegmentation fault when being used with other libraries that use the GMP\nmemory management. With this update, PHP no longer changes libgmp memory\nallocators, which prevents the described crash from occurring. (BZ#1212305)\n\n* When using the Open Database Connectivity (ODBC) API, the PHP process\nin some cases terminated unexpectedly with a segmentation fault. The\nunderlying code has been adjusted to prevent this crash. (BZ#1212299)\n\n* Previously, running PHP on a big-endian system sometimes led to memory\ncorruption in the fileinfo module. This update adjusts the behavior of\nthe PHP pointer so that it can be freed without causing memory corruption.\n(BZ#1212298)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-June/021191.html\n\n**Affected packages:**\nphp\nphp-bcmath\nphp-cli\nphp-common\nphp-dba\nphp-devel\nphp-embedded\nphp-enchant\nphp-fpm\nphp-gd\nphp-intl\nphp-ldap\nphp-mbstring\nphp-mysql\nphp-mysqlnd\nphp-odbc\nphp-pdo\nphp-pgsql\nphp-process\nphp-pspell\nphp-recode\nphp-snmp\nphp-soap\nphp-xml\nphp-xmlrpc\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1135.html", "modified": "2015-06-24T03:28:02", "published": "2015-06-24T03:28:02", "href": "http://lists.centos.org/pipermail/centos-announce/2015-June/021191.html", "id": "CESA-2015:1135", "title": "php security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:26:33", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2015:1218\n\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application.\n(CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP's FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2015-0273, CVE-2015-2787, CVE-2015-4147,\nCVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602,\nCVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-4026, CVE-2015-3411, CVE-2015-3412,\nCVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP's enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash.\n(CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nA double free flaw was found in zend_ts_hash_graceful_destroy() function in\nthe PHP ZTS module. This flaw could possibly cause a PHP application to\ncrash. (CVE-2014-9425)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-July/021237.html\n\n**Affected packages:**\nphp\nphp-bcmath\nphp-cli\nphp-common\nphp-dba\nphp-devel\nphp-embedded\nphp-enchant\nphp-fpm\nphp-gd\nphp-imap\nphp-intl\nphp-ldap\nphp-mbstring\nphp-mysql\nphp-odbc\nphp-pdo\nphp-pgsql\nphp-process\nphp-pspell\nphp-recode\nphp-snmp\nphp-soap\nphp-tidy\nphp-xml\nphp-xmlrpc\nphp-zts\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1218.html", "modified": "2015-07-09T19:23:41", "published": "2015-07-09T19:23:41", "href": "http://lists.centos.org/pipermail/centos-announce/2015-July/021237.html", "id": "CESA-2015:1218", "title": "php security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}