DATABASE RESOURCES PRICING ABOUT US

{"id": "UB:CVE-2021-21706", "vendorId": null, "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2021-21706", "description": "In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below\n8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be\ntricked into writing a file outside target directory when extracting a ZIP\nfile, thus potentially causing files to be created or overwritten, subject\nto OS permissions.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[seth-arnold](<https://launchpad.net/~seth-arnold>) | Affects Windows\n", "published": "2021-10-04T00:00:00", "modified": "2021-10-04T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 4.3}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "href": "https://ubuntu.com/security/CVE-2021-21706", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21706", "https://bugs.php.net/bug.php?id=81420", "https://nvd.nist.gov/vuln/detail/CVE-2021-21706", "https://launchpad.net/bugs/cve/CVE-2021-21706", "https://security-tracker.debian.org/tracker/CVE-2021-21706"], "cvelist": ["CVE-2021-21706"], "immutableFields": [], "lastseen": "2022-08-04T13:15:25", "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-21706"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-21706"]}, {"type": "nessus", "idList": ["PHP_7_3_31.NASL", "PHP_7_4_24.NASL", "PHP_8_1_0.NASL", "WEB_APPLICATION_SCANNING_112984", "WEB_APPLICATION_SCANNING_112985", "WEB_APPLICATION_SCANNING_112986"]}, {"type": "veracode", "idList": ["VERACODE:32240"]}]}, "score": {"value": 4.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2021-21706"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-21706"]}, {"type": "nessus", "idList": ["WEB_APPLICATION_SCANNING_112984", "WEB_APPLICATION_SCANNING_112985", "WEB_APPLICATION_SCANNING_112986"]}]}, "exploitation": null, "vulnersScore": 4.4}, "_state": {"dependencies": 1660004461, "score": 1659915622}, "_internal": {"score_hash": "1497951a85fbb62bcead822d417430d0"}, "affectedPackage": [{"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "php5"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "php7.0"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "php7.2"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "php7.4"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "php8.0"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "php8.1"}], "bugs": []}

{"nessus": [{"lastseen": "2023-01-11T14:54:41", "description": "According to its self-reported version number, the version of PHP installed on the remote host is 7.3.x prior to 7.3.31, 7.4.x prior to 7.4.24, or 8.x prior to 8.0.11. It is, therefore, affected by a path traversal via ZipArchive::extractTo().\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-29T00:00:00", "type": "nessus", "title": "PHP 8.x < 8.0.11 Path Traversal", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21706"], "modified": "2022-10-26T00:00:00", "cpe": ["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_112984", "href": "https://www.tenable.com/plugins/was/112984", "sourceData": "No source data", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-11T14:54:41", "description": "According to its self-reported version number, the version of PHP installed on the remote host is 7.3.x prior to 7.3.31, 7.4.x prior to 7.4.24, or 8.x prior to 8.0.11. It is, therefore, affected by a path traversal via ZipArchive::extractTo().\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-29T00:00:00", "type": "nessus", "title": "PHP 7.4.x < 7.4.24 Path Traversal", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21706"], "modified": "2022-10-26T00:00:00", "cpe": ["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_112985", "href": "https://www.tenable.com/plugins/was/112985", "sourceData": "No source data", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-11T14:54:42", "description": "According to its self-reported version number, the version of PHP installed on the remote host is 7.3.x prior to 7.3.31, 7.4.x prior to 7.4.24, or 8.x prior to 8.0.11. It is, therefore, affected by a path traversal via ZipArchive::extractTo().\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-29T00:00:00", "type": "nessus", "title": "PHP 7.3.x < 7.3.31 Path Traversal", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21706"], "modified": "2022-10-26T00:00:00", "cpe": ["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_112986", "href": "https://www.tenable.com/plugins/was/112986", "sourceData": "No source data", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-26T14:49:43", "description": "The version of PHP installed on the remote host is 7.4.x prior to 7.4.25. It is, therefore, affected by a vulnerability as referenced in the version 7.4.24 advisory. In the Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS permissions.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-10-28T00:00:00", "type": "nessus", "title": "PHP 7.4.x < 7.4.24 Arbitrary File Write", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21706"], "modified": "2022-10-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_7_4_24.NASL", "href": "https://www.tenable.com/plugins/nessus/154656", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154656);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/11\");\n\n script_cve_id(\"CVE-2021-21706\");\n script_xref(name:\"IAVA\", value:\"2021-A-0503-S\");\n\n script_name(english:\"PHP 7.4.x < 7.4.24 Arbitrary File Write\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version PHP running on the remote web server is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of PHP installed on the remote host is 7.4.x prior to 7.4.25. It is, therefore, affected by a\nvulnerability as referenced in the version 7.4.24 advisory. In the Microsoft Windows environment, ZipArchive::extractTo\nmay be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files\nto be created or overwritten, subject to OS permissions.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://bugs.php.net/81420\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-7.php#7.4.24\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 7.4.24 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21706\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\", \"os_fingerprint.nasl\");\n script_require_keys(\"www/PHP\", \"installed_sw/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('http.inc');\n\nvar os = get_kb_item_or_exit(\"Host/OS\");\nif (tolower(os) !~ 'windows')\n audit(AUDIT_OS_NOT, 'Windows');\n\nvar port = get_http_port(default:80, php:TRUE);\nvar app_info = vcf::get_app_info(app:'PHP', port:port, webapp:TRUE);\n\nvar backported = get_kb_item('www/php/' + port + '/' + app_info.version + '/backported');\nif ((report_paranoia < 2) && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, 'PHP ' + app_info.version + ' install');\n\nvar constraints = [\n { 'min_version' : '7.4.0alpha1', 'fixed_version' : '7.4.24' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-26T14:50:09", "description": "The version of PHP installed on the remote host is 7.3.x prior to 7.3.31. It is, therefore, affected by a vulnerability as referenced in the version 7.3.31 advisory. In the Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS permissions.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-10-28T00:00:00", "type": "nessus", "title": "PHP 7.3.x < 7.3.31 Arbitrary File Write", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21706"], "modified": "2022-10-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_7_3_31.NASL", "href": "https://www.tenable.com/plugins/nessus/154650", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154650);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/11\");\n\n script_cve_id(\"CVE-2021-21706\");\n script_xref(name:\"IAVA\", value:\"2021-A-0503-S\");\n\n script_name(english:\"PHP 7.3.x < 7.3.31 Arbitrary File Write\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version PHP running on the remote web server is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of PHP installed on the remote host is 7.3.x prior to 7.3.31. It is, therefore, affected by a\nvulnerability as referenced in the version 7.3.31 advisory. In the Microsoft Windows environment, ZipArchive::extractTo\nmay be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files\nto be created or overwritten, subject to OS permissions.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://bugs.php.net/81420\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-7.php#7.3.31\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 7.3.31 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21706\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\", \"os_fingerprint.nasl\");\n script_require_keys(\"www/PHP\", \"installed_sw/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('http.inc');\n\nvar os = get_kb_item_or_exit(\"Host/OS\");\nif (tolower(os) !~ 'windows')\n audit(AUDIT_OS_NOT, 'Windows');\n\nvar port = get_http_port(default:80, php:TRUE);\nvar app_info = vcf::get_app_info(app:'PHP', port:port, webapp:TRUE);\n\nvar backported = get_kb_item('www/php/' + port + '/' + app_info.version + '/backported');\nif ((report_paranoia < 2) && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, 'PHP ' + app_info.version + ' install');\n\nvar constraints = [\n { 'min_version' : '7.3.0alpha1', 'fixed_version' : '7.3.31' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-26T14:51:29", "description": "The version of PHP installed on the remote host is prior to 8.1.0. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.1.0 advisory.\n\n - In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower- privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user.\n (CVE-2021-21703)\n\n - In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS permissions. (CVE-2021-21706)\n\n - In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended. (CVE-2021-21707)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-30T00:00:00", "type": "nessus", "title": "PHP 8.1.x < 8.1.0 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21703", "CVE-2021-21706", "CVE-2021-21707"], "modified": "2022-10-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_8_1_0.NASL", "href": "https://www.tenable.com/plugins/nessus/155730", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155730);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/11\");\n\n script_cve_id(\"CVE-2021-21703\", \"CVE-2021-21706\", \"CVE-2021-21707\");\n script_xref(name:\"IAVA\", value:\"2021-A-0566\");\n script_xref(name:\"IAVA\", value:\"2021-A-0503-S\");\n\n script_name(english:\"PHP 8.1.x < 8.1.0 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version PHP running on the remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of PHP installed on the remote host is prior to 8.1.0. It is, therefore, affected by multiple\nvulnerabilities as referenced in the Version 8.1.0 advisory.\n\n - In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running\n PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-\n privileged users, it is possible for the child processes to access memory shared with the main process and\n write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and\n writes, which can be used to escalate privileges from local unprivileged user to the root user.\n (CVE-2021-21703)\n\n - In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows\n environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when\n extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS\n permissions. (CVE-2021-21706)\n\n - In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing\n functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains\n URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus\n interpreting the filename differently from what the user intended, which may lead it to reading a\n different file than intended. (CVE-2021-21707)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://bugs.php.net/79971\");\n script_set_attribute(attribute:\"see_also\", value:\"http://bugs.php.net/81026\");\n script_set_attribute(attribute:\"see_also\", value:\"http://bugs.php.net/81420\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-8.php#8.1.0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 8.1.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21703\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\", \"installed_sw/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('http.inc');\n\nvar port = get_http_port(default:80, php:TRUE);\nvar app_info = vcf::get_app_info(app:'PHP', port:port, webapp:TRUE);\n\nvar backported = get_kb_item('www/php/' + port + '/' + app_info.version + '/backported');\nif ((report_paranoia < 2) && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, 'PHP ' + app_info.version + ' install');\n\nvar constraints = [\n { 'min_version' : '8.1.0alpha1', 'fixed_version' : '8.1.0' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-25T03:29:12", "description": "The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4069-1 advisory.\n\n - The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string. (CVE-2017-8923)\n\n - In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure. (CVE-2020-7068)\n\n - In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data. (CVE-2020-7069)\n\n - In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like\n __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information. (CVE-2020-7070)\n\n - In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL. (CVE-2020-7071)\n\n - In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash. (CVE-2021-21702)\n\n - In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower- privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user.\n (CVE-2021-21703)\n\n - In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption.\n (CVE-2021-21704)\n\n - In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision.\n (CVE-2021-21705)\n\n - In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS permissions. (CVE-2021-21706)\n\n - In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended. (CVE-2021-21707)\n\n - In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.\n (CVE-2021-21708)\n\n - In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service. (CVE-2022-31625)\n\n - In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability. (CVE-2022-31626)\n\n - In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress quines gzip files, resulting in an infinite loop. (CVE-2022-31628)\n\n - In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications. (CVE-2022-31629)\n\n - In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information. (CVE-2022-31630)\n\n - The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties.\n This occurs in the sponge function interface. (CVE-2022-37454)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-19T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 / openSUSE 15 Security Update : php7 (SUSE-SU-2022:4069-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8923", "CVE-2020-7068", "CVE-2020-7069", "CVE-2020-7070", "CVE-2020-7071", "CVE-2020-8184", "CVE-2021-21702", "CVE-2021-21703", "CVE-2021-21704", "CVE-2021-21705", "CVE-2021-21706", "CVE-2021-21707", "CVE-2021-21708", "CVE-2022-31625", "CVE-2022-31626", "CVE-2022-31628", "CVE-2022-31629", "CVE-2022-31630", "CVE-2022-37454"], "modified": "2023-01-20T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:15:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:apache2-mod_php7:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-bcmath:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-bz2:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-calendar:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-ctype:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-curl:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-dba:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-dom:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-enchant:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-exif:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-fastcgi:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-fileinfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-fpm:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-ftp:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-gd:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-gettext:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-gmp:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-iconv:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-intl:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-json:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-ldap:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-mbstring:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-mysql:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-odbc:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-opcache:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-openssl:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-pcntl:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-pdo:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-pgsql:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-phar:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-posix:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-shmop:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-snmp:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-soap:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-sockets:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-sqlite:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-sysvmsg:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-sysvsem:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-sysvshm:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-tokenizer:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-xmlreader:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-xmlrpc:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-xmlwriter:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-xsl:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-zip:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-zlib:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-embed:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-readline:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-sodium:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:php7-tidy:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-4069-1.NASL", "href": "https://www.tenable.com/plugins/nessus/167937", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:4069-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167937);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/20\");\n\n script_cve_id(\n \"CVE-2017-8923\",\n \"CVE-2020-7068\",\n \"CVE-2020-7069\",\n \"CVE-2020-7070\",\n \"CVE-2020-7071\",\n \"CVE-2021-21702\",\n \"CVE-2021-21703\",\n \"CVE-2021-21704\",\n \"CVE-2021-21705\",\n \"CVE-2021-21706\",\n \"CVE-2021-21707\",\n \"CVE-2021-21708\",\n \"CVE-2022-31625\",\n \"CVE-2022-31626\",\n \"CVE-2022-31628\",\n \"CVE-2022-31629\",\n \"CVE-2022-31630\",\n \"CVE-2022-37454\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:4069-1\");\n script_xref(name:\"IAVA\", value:\"2020-A-0373-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0009-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0455-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0445-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0397\");\n script_xref(name:\"IAVA\", value:\"2021-A-0082-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0515-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0566\");\n script_xref(name:\"IAVA\", value:\"2021-A-0503-S\");\n script_xref(name:\"IAVB\", value:\"2017-B-0060-S\");\n\n script_name(english:\"SUSE SLED15 / SLES15 / openSUSE 15 Security Update : php7 (SUSE-SU-2022:4069-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the SUSE-SU-2022:4069-1 advisory.\n\n - The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to\n string objects that result in a negative length, which allows remote attackers to cause a denial of\n service (application crash) or possibly have unspecified other impact by leveraging a script's use of .=\n with a long string. (CVE-2017-8923)\n\n - In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files\n using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to\n a crash or information disclosure. (CVE-2020-7068)\n\n - In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used\n with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can\n lead to both decreased security and incorrect encryption data. (CVE-2020-7069)\n\n - In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing\n incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like\n __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge\n cookie which is supposed to be secure. See also CVE-2020-8184 for more information. (CVE-2020-7070)\n\n - In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like\n filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may\n lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components\n of the URL. (CVE-2020-7071)\n\n - In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to\n connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would\n cause PHP to access a null pointer and thus cause a crash. (CVE-2021-21702)\n\n - In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running\n PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-\n privileged users, it is possible for the child processes to access memory shared with the main process and\n write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and\n writes, which can be used to escalate privileges from local unprivileged user to the root user.\n (CVE-2021-21703)\n\n - In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO\n driver extension, a malicious database server could cause crashes in various database functions, such as\n getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed\n correctly by the driver. This can result in crashes, denial of service or potentially memory corruption.\n (CVE-2021-21704)\n\n - In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation\n functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password\n field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially\n leading to other security implications - like contacting a wrong server or making a wrong access decision.\n (CVE-2021-21705)\n\n - In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows\n environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when\n extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS\n permissions. (CVE-2021-21706)\n\n - In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing\n functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains\n URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus\n interpreting the filename differently from what the user intended, which may lead it to reading a\n different file than intended. (CVE-2021-21707)\n\n - In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions\n with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to\n trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of\n other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.\n (CVE-2021-21708)\n\n - In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres\n database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to\n free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of\n service. (CVE-2022-31625)\n\n - In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension\n with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the\n connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote\n code execution vulnerability. (CVE-2022-31626)\n\n - In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress\n quines gzip files, resulting in an infinite loop. (CVE-2022-31628)\n\n - In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site\n attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or\n `__Secure-` cookie by PHP applications. (CVE-2022-31629)\n\n - In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont() function in gd extension,\n it is possible to supply a specially crafted font file, such as if the loaded font is used with\n imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or\n disclosure of confidential information. (CVE-2022-31630)\n\n - The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer\n overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties.\n This occurs in the sponge function interface. (CVE-2022-37454)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203867\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203870\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204979\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-November/012985.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d37461b9\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-8923\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-7068\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-7069\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-7070\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-7071\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-21702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-21703\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-21704\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-21705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-21706\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-21707\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-21708\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-31625\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-31626\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-31628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-31629\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-31630\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-37454\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8923\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-37454\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sodium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^((SLE(S|D)|SUSE)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15|SUSE15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2/3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'apache2-mod_php7-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-bcmath-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-bz2-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-calendar-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-ctype-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-curl-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-dba-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-devel-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-dom-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-enchant-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-exif-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-fastcgi-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-fileinfo-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-fpm-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-ftp-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-gd-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-gettext-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-gmp-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-iconv-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-intl-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-json-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-ldap-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-mbstring-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-mysql-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-odbc-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-opcache-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-openssl-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-pcntl-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-pdo-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-pgsql-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-phar-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-posix-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-readline-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-shmop-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-snmp-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-soap-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-sockets-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-sodium-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-sqlite-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-sysvmsg-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-sysvsem-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-sysvshm-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-tidy-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-tokenizer-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-xmlreader-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-xmlrpc-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-xmlwriter-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-xsl-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-zip-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-zlib-7.4.33-150200.3.46.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'php7-embed-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-packagehub-subpackages-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'php7-embed-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-packagehub-subpackages-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'apache2-mod_php7-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-bcmath-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-bz2-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-calendar-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-ctype-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-curl-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-dba-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-devel-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-dom-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-embed-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-enchant-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-exif-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-fastcgi-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-fileinfo-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-firebird-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-fpm-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-ftp-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-gd-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-gettext-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-gmp-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-iconv-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-intl-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-json-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-ldap-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-mbstring-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-mysql-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-odbc-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-opcache-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-openssl-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-pcntl-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-pdo-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-pgsql-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-phar-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-posix-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-readline-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-shmop-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-snmp-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-soap-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-sockets-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-sodium-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-sqlite-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-sysvmsg-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-sysvsem-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-sysvshm-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-test-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-tidy-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-tokenizer-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-xmlreader-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-xmlrpc-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-xmlwriter-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-xsl-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-zip-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-zlib-7.4.33-150200.3.46.2', 'sp':'3', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'php7-firebird-7.4.33-150200.3.46.2', 'sp':'4', 'release':'SUSE15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache2-mod_php7 / php7 / php7-bcmath / php7-bz2 / php7-calendar / etc');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-14T03:17:34", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4068-1 advisory.\n\n - The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string. (CVE-2017-8923)\n\n - In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure. (CVE-2020-7068)\n\n - In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data. (CVE-2020-7069)\n\n - In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like\n __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information. (CVE-2020-7070)\n\n - In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL. (CVE-2020-7071)\n\n - In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash. (CVE-2021-21702)\n\n - In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower- privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user.\n (CVE-2021-21703)\n\n - In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption.\n (CVE-2021-21704)\n\n - In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision.\n (CVE-2021-21705)\n\n - In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS permissions. (CVE-2021-21706)\n\n - In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended. (CVE-2021-21707)\n\n - In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.\n (CVE-2021-21708)\n\n - In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service. (CVE-2022-31625)\n\n - In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability. (CVE-2022-31626)\n\n - In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress quines gzip files, resulting in an infinite loop. (CVE-2022-31628)\n\n - In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications. (CVE-2022-31629)\n\n - In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information. (CVE-2022-31630)\n\n - The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties.\n This occurs in the sponge function interface. (CVE-2022-37454)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-19T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : php74 (SUSE-SU-2022:4068-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8923", "CVE-2020-7068", "CVE-2020-7069", "CVE-2020-7070", "CVE-2020-7071", "CVE-2020-8184", "CVE-2021-21702", "CVE-2021-21703", "CVE-2021-21704", "CVE-2021-21705", "CVE-2021-21706", "CVE-2021-21707", "CVE-2021-21708", "CVE-2022-31625", "CVE-2022-31626", "CVE-2022-31628", "CVE-2022-31629", "CVE-2022-31630", "CVE-2022-37454"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2-mod_php74", "p-cpe:/a:novell:suse_linux:php74", "p-cpe:/a:novell:suse_linux:php74-bcmath", "p-cpe:/a:novell:suse_linux:php74-bz2", "p-cpe:/a:novell:suse_linux:php74-calendar", "p-cpe:/a:novell:suse_linux:php74-ctype", "p-cpe:/a:novell:suse_linux:php74-curl", "p-cpe:/a:novell:suse_linux:php74-dba", "p-cpe:/a:novell:suse_linux:php74-devel", "p-cpe:/a:novell:suse_linux:php74-dom", "p-cpe:/a:novell:suse_linux:php74-enchant", "p-cpe:/a:novell:suse_linux:php74-exif", "p-cpe:/a:novell:suse_linux:php74-fastcgi", "p-cpe:/a:novell:suse_linux:php74-fileinfo", "p-cpe:/a:novell:suse_linux:php74-fpm", "p-cpe:/a:novell:suse_linux:php74-ftp", "p-cpe:/a:novell:suse_linux:php74-gd", "p-cpe:/a:novell:suse_linux:php74-gettext", "p-cpe:/a:novell:suse_linux:php74-gmp", "p-cpe:/a:novell:suse_linux:php74-iconv", "p-cpe:/a:novell:suse_linux:php74-intl", "p-cpe:/a:novell:suse_linux:php74-json", "p-cpe:/a:novell:suse_linux:php74-ldap", "p-cpe:/a:novell:suse_linux:php74-mbstring", "p-cpe:/a:novell:suse_linux:php74-mysql", "p-cpe:/a:novell:suse_linux:php74-odbc", "p-cpe:/a:novell:suse_linux:php74-opcache", "p-cpe:/a:novell:suse_linux:php74-openssl", "p-cpe:/a:novell:suse_linux:php74-pcntl", "p-cpe:/a:novell:suse_linux:php74-pdo", "p-cpe:/a:novell:suse_linux:php74-pgsql", "p-cpe:/a:novell:suse_linux:php74-phar", "p-cpe:/a:novell:suse_linux:php74-posix", "p-cpe:/a:novell:suse_linux:php74-readline", "p-cpe:/a:novell:suse_linux:php74-shmop", "p-cpe:/a:novell:suse_linux:php74-snmp", "p-cpe:/a:novell:suse_linux:php74-soap", "p-cpe:/a:novell:suse_linux:php74-sockets", "p-cpe:/a:novell:suse_linux:php74-sodium", "p-cpe:/a:novell:suse_linux:php74-sqlite", "p-cpe:/a:novell:suse_linux:php74-sysvmsg", "p-cpe:/a:novell:suse_linux:php74-sysvsem", "p-cpe:/a:novell:suse_linux:php74-sysvshm", "p-cpe:/a:novell:suse_linux:php74-tidy", "p-cpe:/a:novell:suse_linux:php74-tokenizer", "p-cpe:/a:novell:suse_linux:php74-xmlreader", "p-cpe:/a:novell:suse_linux:php74-xmlrpc", "p-cpe:/a:novell:suse_linux:php74-xmlwriter", "p-cpe:/a:novell:suse_linux:php74-xsl", "p-cpe:/a:novell:suse_linux:php74-zip", "p-cpe:/a:novell:suse_linux:php74-zlib", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-4068-1.NASL", "href": "https://www.tenable.com/plugins/nessus/167963", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:4068-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167963);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\n \"CVE-2017-8923\",\n \"CVE-2020-7068\",\n \"CVE-2020-7069\",\n \"CVE-2020-7070\",\n \"CVE-2020-7071\",\n \"CVE-2021-21702\",\n \"CVE-2021-21703\",\n \"CVE-2021-21704\",\n \"CVE-2021-21705\",\n \"CVE-2021-21706\",\n \"CVE-2021-21707\",\n \"CVE-2021-21708\",\n \"CVE-2022-31625\",\n \"CVE-2022-31626\",\n \"CVE-2022-31628\",\n \"CVE-2022-31629\",\n \"CVE-2022-31630\",\n \"CVE-2022-37454\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:4068-1\");\n script_xref(name:\"IAVA\", value:\"2022-A-0397\");\n script_xref(name:\"IAVA\", value:\"2020-A-0445-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0373-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0566\");\n script_xref(name:\"IAVA\", value:\"2021-A-0082-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0009-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0503-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0455-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0515-S\");\n script_xref(name:\"IAVB\", value:\"2017-B-0060-S\");\n\n script_name(english:\"SUSE SLES12 Security Update : php74 (SUSE-SU-2022:4068-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:4068-1 advisory.\n\n - The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to\n string objects that result in a negative length, which allows remote attackers to cause a denial of\n service (application crash) or possibly have unspecified other impact by leveraging a script's use of .=\n with a long string. (CVE-2017-8923)\n\n - In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files\n using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to\n a crash or information disclosure. (CVE-2020-7068)\n\n - In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used\n with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can\n lead to both decreased security and incorrect encryption data. (CVE-2020-7069)\n\n - In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing\n incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like\n __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge\n cookie which is supposed to be secure. See also CVE-2020-8184 for more information. (CVE-2020-7070)\n\n - In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like\n filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may\n lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components\n of the URL. (CVE-2020-7071)\n\n - In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to\n connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would\n cause PHP to access a null pointer and thus cause a crash. (CVE-2021-21702)\n\n - In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running\n PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-\n privileged users, it is possible for the child processes to access memory shared with the main process and\n write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and\n writes, which can be used to escalate privileges from local unprivileged user to the root user.\n (CVE-2021-21703)\n\n - In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO\n driver extension, a malicious database server could cause crashes in various database functions, such as\n getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed\n correctly by the driver. This can result in crashes, denial of service or potentially memory corruption.\n (CVE-2021-21704)\n\n - In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation\n functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password\n field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially\n leading to other security implications - like contacting a wrong server or making a wrong access decision.\n (CVE-2021-21705)\n\n - In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows\n environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when\n extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS\n permissions. (CVE-2021-21706)\n\n - In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing\n functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains\n URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus\n interpreting the filename differently from what the user intended, which may lead it to reading a\n different file than intended. (CVE-2021-21707)\n\n - In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions\n with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to\n trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of\n other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.\n (CVE-2021-21708)\n\n - In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres\n database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to\n free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of\n service. (CVE-2022-31625)\n\n - In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension\n with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the\n connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote\n code execution vulnerability. (CVE-2022-31626)\n\n - In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress\n quines gzip files, resulting in an infinite loop. (CVE-2022-31628)\n\n - In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site\n attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or\n `__Secure-` cookie by PHP applications. (CVE-2022-31629)\n\n - In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont() function in gd extension,\n it is possible to supply a specially crafted font file, such as if the loaded font is used with\n imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or\n disclosure of confidential information. (CVE-2022-31630)\n\n - The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer\n overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties.\n This occurs in the sponge function interface. (CVE-2022-37454)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203867\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203870\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204979\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-November/012984.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?21cf1372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-8923\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-7068\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-7069\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-7070\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-7071\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-21702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-21703\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-21704\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-21705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-21706\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-21707\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-21708\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-31625\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-31626\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-31628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-31629\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-31630\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-37454\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8923\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-37454\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php74\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-sodium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php74-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|3|4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP0/3/4/5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'apache2-mod_php74-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'apache2-mod_php74-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'apache2-mod_php74-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'apache2-mod_php74-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-bcmath-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-bcmath-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-bcmath-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-bcmath-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-bz2-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-bz2-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-bz2-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-bz2-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-calendar-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-calendar-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-calendar-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-calendar-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-ctype-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-ctype-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-ctype-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-ctype-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-curl-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-curl-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-curl-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-curl-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-dba-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-dba-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-dba-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-dba-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-dom-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-dom-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-dom-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-dom-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-enchant-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-enchant-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-enchant-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-enchant-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-exif-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-exif-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-exif-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-exif-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-fastcgi-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-fastcgi-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-fastcgi-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-fastcgi-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-fileinfo-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-fileinfo-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-fileinfo-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-fileinfo-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-fpm-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-fpm-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-fpm-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-fpm-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-ftp-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-ftp-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-ftp-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-ftp-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-gd-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-gd-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-gd-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-gd-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-gettext-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-gettext-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-gettext-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-gettext-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-gmp-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-gmp-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-gmp-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-gmp-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-iconv-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-iconv-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-iconv-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-iconv-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-intl-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-intl-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-intl-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-intl-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-json-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-json-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-json-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-json-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-ldap-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-ldap-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-ldap-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-ldap-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-mbstring-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-mbstring-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-mbstring-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-mbstring-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-mysql-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-mysql-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-mysql-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-mysql-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-odbc-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-odbc-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-odbc-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-odbc-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-opcache-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-opcache-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-opcache-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-opcache-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-openssl-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-openssl-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-openssl-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-openssl-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-pcntl-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-pcntl-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-pcntl-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-pcntl-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-pdo-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-pdo-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-pdo-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-pdo-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-pgsql-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-pgsql-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-pgsql-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-pgsql-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-phar-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-phar-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-phar-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-phar-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-posix-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-posix-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-posix-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-posix-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-readline-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-readline-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-readline-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-readline-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-shmop-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-shmop-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-shmop-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-shmop-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-snmp-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-snmp-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-snmp-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-snmp-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-soap-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-soap-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-soap-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-soap-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sockets-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sockets-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sockets-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sockets-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sodium-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sodium-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sodium-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sodium-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sqlite-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sqlite-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sqlite-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sqlite-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sysvmsg-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sysvmsg-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sysvmsg-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sysvmsg-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sysvsem-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sysvsem-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sysvsem-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sysvsem-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sysvshm-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sysvshm-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sysvshm-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-sysvshm-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-tidy-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-tidy-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-tidy-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-tidy-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-tokenizer-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-tokenizer-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-tokenizer-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-tokenizer-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-xmlreader-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-xmlreader-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-xmlreader-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-xmlreader-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-xmlrpc-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-xmlrpc-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-xmlrpc-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-xmlrpc-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-xmlwriter-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-xmlwriter-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-xmlwriter-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-xmlwriter-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-xsl-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-xsl-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-xsl-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-xsl-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-zip-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-zip-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-zip-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-zip-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-zlib-7.4.33-1.47.2', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-zlib-7.4.33-1.47.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-zlib-7.4.33-1.47.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-zlib-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-web-scripting-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'php74-devel-7.4.33-1.47.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sle-sdk-release-12.5', 'sles-release-12.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache2-mod_php74 / php74 / php74-bcmath / php74-bz2 / php74-calendar / etc');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2022-12-17T15:20:21", "description": "In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS permissions.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-10-04T04:15:00", "type": "debiancve", "title": "CVE-2021-21706", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21706"], "modified": "2021-10-04T04:15:00", "id": "DEBIANCVE:CVE-2021-21706", "href": "https://security-tracker.debian.org/tracker/CVE-2021-21706", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "veracode": [{"lastseen": "2022-07-17T13:03:32", "description": "php is vulnerable to SQL injection. The vulnerability exists due to a flaw in the multi-byte character process, an attacker is still able to inject arbitary SQL statements into the MySQL server for execution. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-24T02:43:11", "type": "veracode", "title": "SQL Injection", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21706"], "modified": "2021-11-03T22:29:51", "id": "VERACODE:32240", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-32240/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "cve": [{"lastseen": "2022-03-23T13:48:52", "description": "In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS permissions.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-10-04T04:15:00", "type": "cve", "title": "CVE-2021-21706", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21706"], "modified": "2021-11-03T20:24:00", "cpe": [], "id": "CVE-2021-21706", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21706", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}]}