Vulnerabilities > CVE-2017-9228 - Out-of-bounds Write vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-3277-1.NASL description This update for php5 fixes the following issues: Security issues fixed : - CVE-2017-16642: Fix timelib_meridian error that could be used to leak information from the interpreter (bsc#1067441). - CVE-2017-4025: Fix pathname truncation in set_include_path, tempnam, rmdir, and readlink (bsc#1067090). - CVE-2017-9228: Fix heap out-of-bounds write that occurs in bitset_set_range() during regex compilation (bsc#1069606). - CVE-2017-9229: Fix invalid pointer dereference in left_adjust_char_head() (bsc#1069631). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 120010 published 2019-01-02 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120010 title SUSE SLES12 Security Update : php5 (SUSE-SU-2017:3277-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2017:3277-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(120010); script_version("1.3"); script_cvs_date("Date: 2019/09/11 11:22:16"); script_cve_id("CVE-2017-16642", "CVE-2017-4025", "CVE-2017-9228", "CVE-2017-9229"); script_name(english:"SUSE SLES12 Security Update : php5 (SUSE-SU-2017:3277-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for php5 fixes the following issues: Security issues fixed : - CVE-2017-16642: Fix timelib_meridian error that could be used to leak information from the interpreter (bsc#1067441). - CVE-2017-4025: Fix pathname truncation in set_include_path, tempnam, rmdir, and readlink (bsc#1067090). - CVE-2017-9228: Fix heap out-of-bounds write that occurs in bitset_set_range() during regex compilation (bsc#1069606). - CVE-2017-9229: Fix invalid pointer dereference in left_adjust_char_head() (bsc#1069631). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1067090" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1067441" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1069606" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1069631" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-16642/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-4025/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-9228/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-9229/" ); # https://www.suse.com/support/update/announcement/2017/suse-su-20173277-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?557d6522" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-2040=1 SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-2040=1 SUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2017-2040=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php5-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-bcmath-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-bz2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-bz2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-calendar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-calendar-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ctype"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ctype-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-curl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-dba-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-dom"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-dom-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-enchant-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-exif"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-exif-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fastcgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fastcgi-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fileinfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fileinfo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-fpm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ftp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ftp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gettext"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gettext-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-gmp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-iconv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-iconv-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-imap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-intl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-json-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-ldap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mbstring-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mcrypt-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-mysql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-odbc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-opcache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-opcache-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-openssl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pcntl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pcntl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pdo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pgsql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-phar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-phar-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-posix"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-posix-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-pspell-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-shmop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-shmop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-snmp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-soap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sockets"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sockets-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sqlite-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-suhosin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-suhosin-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvmsg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvmsg-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvsem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvsem-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvshm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-sysvshm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-tokenizer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-tokenizer-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-wddx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-wddx-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlreader"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlreader-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlrpc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlwriter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xmlwriter-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xsl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-xsl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-zip-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-zlib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php5-zlib-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/24"); script_set_attribute(attribute:"patch_publication_date", value:"2017/12/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"0", reference:"apache2-mod_php5-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"apache2-mod_php5-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-bcmath-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-bcmath-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-bz2-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-bz2-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-calendar-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-calendar-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ctype-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ctype-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-curl-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-curl-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-dba-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-dba-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-debugsource-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-dom-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-dom-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-enchant-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-enchant-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-exif-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-exif-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fastcgi-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fastcgi-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fileinfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fileinfo-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fpm-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-fpm-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ftp-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ftp-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gd-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gd-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gettext-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gettext-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gmp-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-gmp-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-iconv-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-iconv-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-imap-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-imap-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-intl-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-intl-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-json-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-json-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ldap-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-ldap-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mbstring-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mbstring-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mcrypt-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mcrypt-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mysql-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-mysql-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-odbc-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-odbc-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-opcache-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-opcache-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-openssl-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-openssl-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pcntl-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pcntl-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pdo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pdo-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pgsql-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pgsql-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-phar-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-phar-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-posix-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-posix-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pspell-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-pspell-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-shmop-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-shmop-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-snmp-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-snmp-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-soap-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-soap-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sockets-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sockets-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sqlite-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sqlite-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-suhosin-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-suhosin-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvmsg-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvmsg-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvsem-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvsem-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvshm-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-sysvshm-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-tokenizer-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-tokenizer-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-wddx-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-wddx-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlreader-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlreader-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlrpc-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlrpc-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlwriter-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xmlwriter-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xsl-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-xsl-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-zip-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-zip-debuginfo-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-zlib-5.5.14-109.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"php5-zlib-debuginfo-5.5.14-109.13.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php5"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2017-B8BB4B86E2.NASL description **PHP version 7.1.7** (06 Jul 2017) **Core:** - Fixed bug php#74738 (Multiple [PATH=] and [HOST=] sections not properly parsed). (Manuel Mausz) - Fixed bug php#74658 (Undefined constants in array properties result in broken properties). (Laruence) - Fixed misparsing of abstract unix domain socket names. (Sara) - Fixed bug php#74603 (PHP INI Parsing Stack Buffer Overflow Vulnerability). (Stas) - Fixed bug php#74101, bug php#74614 (Unserialize Heap Use-After-Free (READ: 1) in zval_get_type). (Nikita) - Fixed bug php#74111 (Heap buffer overread (READ: 1) finish_nested_data from unserialize). (Nikita) - Fixed bug php#74819 (wddx_deserialize() heap out-of-bound read via php_parse_date()). (Derick) **Date:** - Fixed bug php#74639 (implement clone for DatePeriod and DateInterval). (andrewnester) **DOM:** - Fixed bug php#69373 (References to deleted XPath query results). (ttoohey) **Intl:** - Fixed bug php#73473 (Stack Buffer Overflow in msgfmt_parse_message). (libnex) - Fixed bug php#74705 (Wrong reflection on Collator::getSortKey and collator_get_sort_key). (Tyson Andre, Remi) **Mbstring:** - Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229) (Remi, Mamoru TASAKA) **Opcache:** - Fixed bug php#74663 (Segfault with opcache.memory_protect and validate_timestamp). (Laruence) - Revert opcache.enable_cli to default disabled. (Nikita) **OpenSSL:** - Fixed bug php#74720 (pkcs7_en/decrypt does not work if \x1a is used in content). (Anatol) - Fixed bug php#74651 (negative-size-param (-1) in memcpy in zif_openssl_seal()). (Stas) **Reflection:** - Fixed bug php#74673 (Segfault when cast Reflection object to string with undefined constant). (Laruence) **SPL:** - Fixed bug php#74478 (null coalescing operator failing with SplFixedArray). (jhdxr) **FTP:** - Fixed bug php#74598 (ftp:// wrapper ignores context arg). (Sara) **PHAR:** - Fixed bug php#74386 (Phar::__construct reflection incorrect). (villfa) **SOAP** - Fixed bug php#74679 (Incorrect conversion array with WSDL_CACHE_MEMORY). (Dmitry) **Streams:** - Fixed bug php#74556 (stream_socket_get_name() returns last seen 2020-06-05 modified 2017-07-19 plugin id 101797 published 2017-07-19 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101797 title Fedora 26 : php (2017-b8bb4b86e2) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2017-b8bb4b86e2. # include("compat.inc"); if (description) { script_id(101797); script_version("3.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2017-9224", "CVE-2017-9226", "CVE-2017-9227", "CVE-2017-9228", "CVE-2017-9229"); script_xref(name:"FEDORA", value:"2017-b8bb4b86e2"); script_name(english:"Fedora 26 : php (2017-b8bb4b86e2)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "**PHP version 7.1.7** (06 Jul 2017) **Core:** - Fixed bug php#74738 (Multiple [PATH=] and [HOST=] sections not properly parsed). (Manuel Mausz) - Fixed bug php#74658 (Undefined constants in array properties result in broken properties). (Laruence) - Fixed misparsing of abstract unix domain socket names. (Sara) - Fixed bug php#74603 (PHP INI Parsing Stack Buffer Overflow Vulnerability). (Stas) - Fixed bug php#74101, bug php#74614 (Unserialize Heap Use-After-Free (READ: 1) in zval_get_type). (Nikita) - Fixed bug php#74111 (Heap buffer overread (READ: 1) finish_nested_data from unserialize). (Nikita) - Fixed bug php#74819 (wddx_deserialize() heap out-of-bound read via php_parse_date()). (Derick) **Date:** - Fixed bug php#74639 (implement clone for DatePeriod and DateInterval). (andrewnester) **DOM:** - Fixed bug php#69373 (References to deleted XPath query results). (ttoohey) **Intl:** - Fixed bug php#73473 (Stack Buffer Overflow in msgfmt_parse_message). (libnex) - Fixed bug php#74705 (Wrong reflection on Collator::getSortKey and collator_get_sort_key). (Tyson Andre, Remi) **Mbstring:** - Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229) (Remi, Mamoru TASAKA) **Opcache:** - Fixed bug php#74663 (Segfault with opcache.memory_protect and validate_timestamp). (Laruence) - Revert opcache.enable_cli to default disabled. (Nikita) **OpenSSL:** - Fixed bug php#74720 (pkcs7_en/decrypt does not work if \x1a is used in content). (Anatol) - Fixed bug php#74651 (negative-size-param (-1) in memcpy in zif_openssl_seal()). (Stas) **Reflection:** - Fixed bug php#74673 (Segfault when cast Reflection object to string with undefined constant). (Laruence) **SPL:** - Fixed bug php#74478 (null coalescing operator failing with SplFixedArray). (jhdxr) **FTP:** - Fixed bug php#74598 (ftp:// wrapper ignores context arg). (Sara) **PHAR:** - Fixed bug php#74386 (Phar::__construct reflection incorrect). (villfa) **SOAP** - Fixed bug php#74679 (Incorrect conversion array with WSDL_CACHE_MEMORY). (Dmitry) **Streams:** - Fixed bug php#74556 (stream_socket_get_name() returns '\0'). (Sara) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-b8bb4b86e2" ); script_set_attribute(attribute:"solution", value:"Update the affected php package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:26"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/24"); script_set_attribute(attribute:"patch_publication_date", value:"2017/07/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/19"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^26([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 26", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC26", reference:"php-7.1.7-1.fc26")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php"); }
NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-1371.NASL description This update for php5 fixes the following issues : Security issues fixed : - CVE-2017-16642: Fix timelib_meridian error that could be used to leak information from the interpreter (bsc#1067441). - CVE-2017-4025: Fix pathname truncation in set_include_path, tempnam, rmdir, and readlink (bsc#1067090). - CVE-2017-9228: Fix heap out-of-bounds write that occurs in bitset_set_range() during regex compilation (bsc#1069606). - CVE-2017-9229: Fix invalid pointer dereference in left_adjust_char_head() (bsc#1069631). This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-05 modified 2017-12-15 plugin id 105266 published 2017-12-15 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105266 title openSUSE Security Update : php5 (openSUSE-2017-1371) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2017-1371. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(105266); script_version("3.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2017-16642", "CVE-2017-4025", "CVE-2017-9228", "CVE-2017-9229"); script_name(english:"openSUSE Security Update : php5 (openSUSE-2017-1371)"); script_summary(english:"Check for the openSUSE-2017-1371 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for php5 fixes the following issues : Security issues fixed : - CVE-2017-16642: Fix timelib_meridian error that could be used to leak information from the interpreter (bsc#1067441). - CVE-2017-4025: Fix pathname truncation in set_include_path, tempnam, rmdir, and readlink (bsc#1067090). - CVE-2017-9228: Fix heap out-of-bounds write that occurs in bitset_set_range() during regex compilation (bsc#1069606). - CVE-2017-9229: Fix invalid pointer dereference in left_adjust_char_head() (bsc#1069631). This update was imported from the SUSE:SLE-12:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1067090" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1067441" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1069606" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1069631" ); script_set_attribute(attribute:"solution", value:"Update the affected php5 packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-enchant-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fileinfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-firebird"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-firebird-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fpm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-intl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mssql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mssql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-opcache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-opcache-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pear"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-phar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-phar-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-readline"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-readline-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3"); script_set_attribute(attribute:"patch_publication_date", value:"2017/12/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.2|SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2 / 42.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.2", reference:"apache2-mod_php5-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"apache2-mod_php5-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-bcmath-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-bcmath-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-bz2-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-bz2-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-calendar-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-calendar-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-ctype-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-ctype-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-curl-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-curl-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-dba-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-dba-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-debugsource-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-devel-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-dom-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-dom-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-enchant-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-enchant-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-exif-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-exif-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-fastcgi-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-fastcgi-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-fileinfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-fileinfo-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-firebird-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-firebird-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-fpm-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-fpm-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-ftp-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-ftp-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-gd-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-gd-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-gettext-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-gettext-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-gmp-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-gmp-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-iconv-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-iconv-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-imap-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-imap-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-intl-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-intl-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-json-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-json-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-ldap-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-ldap-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-mbstring-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-mbstring-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-mcrypt-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-mcrypt-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-mssql-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-mssql-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-mysql-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-mysql-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-odbc-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-odbc-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-opcache-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-opcache-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-openssl-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-openssl-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-pcntl-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-pcntl-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-pdo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-pdo-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-pear-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-pgsql-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-pgsql-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-phar-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-phar-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-posix-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-posix-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-pspell-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-pspell-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-readline-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-readline-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-shmop-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-shmop-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-snmp-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-snmp-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-soap-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-soap-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sockets-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sockets-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sqlite-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sqlite-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-suhosin-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-suhosin-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sysvmsg-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sysvmsg-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sysvsem-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sysvsem-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sysvshm-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-sysvshm-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-tidy-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-tidy-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-tokenizer-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-tokenizer-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-wddx-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-wddx-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-xmlreader-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-xmlreader-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-xmlrpc-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-xmlrpc-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-xmlwriter-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-xmlwriter-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-xsl-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-xsl-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-zip-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-zip-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-zlib-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"php5-zlib-debuginfo-5.5.14-77.15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"apache2-mod_php5-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"apache2-mod_php5-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-bcmath-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-bcmath-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-bz2-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-bz2-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-calendar-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-calendar-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-ctype-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-ctype-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-curl-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-curl-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-dba-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-dba-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-debugsource-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-devel-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-dom-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-dom-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-enchant-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-enchant-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-exif-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-exif-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-fastcgi-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-fastcgi-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-fileinfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-fileinfo-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-firebird-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-firebird-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-fpm-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-fpm-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-ftp-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-ftp-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-gd-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-gd-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-gettext-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-gettext-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-gmp-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-gmp-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-iconv-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-iconv-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-imap-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-imap-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-intl-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-intl-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-json-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-json-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-ldap-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-ldap-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-mbstring-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-mbstring-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-mcrypt-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-mcrypt-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-mssql-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-mssql-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-mysql-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-mysql-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-odbc-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-odbc-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-opcache-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-opcache-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-openssl-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-openssl-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-pcntl-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-pcntl-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-pdo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-pdo-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-pear-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-pgsql-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-pgsql-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-phar-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-phar-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-posix-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-posix-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-pspell-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-pspell-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-readline-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-readline-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-shmop-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-shmop-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-snmp-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-snmp-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-soap-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-soap-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-sockets-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-sockets-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-sqlite-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-sqlite-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-suhosin-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-suhosin-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-sysvmsg-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-sysvmsg-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-sysvsem-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-sysvsem-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-sysvshm-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-sysvshm-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-tidy-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-tidy-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-tokenizer-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-tokenizer-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-wddx-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-wddx-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-xmlreader-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-xmlreader-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-xmlrpc-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-xmlrpc-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-xmlwriter-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-xmlwriter-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-xsl-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-xsl-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-zip-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-zip-debuginfo-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-zlib-5.5.14-88.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"php5-zlib-debuginfo-5.5.14-88.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2-mod_php5 / apache2-mod_php5-debuginfo / php5 / php5-bcmath / etc"); }
NASL family CGI abuses NASL id PHP_5_6_31.NASL description According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.31. It is, therefore, affected by the following vulnerabilities : - An out-of-bounds read error exists in the PCRE library in the compile_bracket_matchingpath() function within file pcre_jit_compile.c. An unauthenticated, remote attacker can exploit this, via a specially crafted regular expression, to crash a process linked to the library, resulting in a denial of service condition. (CVE-2017-6004) - An out-of-bounds read error exists in the GD Graphics Library (LibGD) in the gdImageCreateFromGifCtx() function within file gd_gif_in.c when handling a specially crafted GIF file. An unauthenticated, remote attacker can exploit this to disclose sensitive memory contents or crash a process linked to the library. (CVE-2017-7890) - An out-of-bounds read error exists in Oniguruma in the match_at() function within file regexec.c. An unauthenticated, remote attacker can exploit this to disclose sensitive memory contents or crash a process linked to the library. (CVE-2017-9224) - An out-of-bounds write error exists in Oniguruma in the next_state_val() function during regular expression compilation. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-9226) - An out-of-bounds read error exists in Oniguruma in the mbc_enc_len() function within file utf8.c. An unauthenticated, remote attacker can exploit this to disclose memory contents or crash a process linked to the library. (CVE-2017-9227) - An out-of-bounds write error exists in Oniguruma in the bitset_set_range() function during regular expression compilation. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-9228) - An invalid pointer deference flaw exists in Oniguruma in the left_adjust_char_head() function within file regexec.c during regular expression compilation. An unauthenticated, remote attacker can exploit this to crash a process linked to the library, resulting in a denial of service condition. (CVE-2017-9229) - A denial of service condition exists in PHP when handling overlarge POST requests. An unauthenticated, remote attacker can exploit this to exhaust available CPU resources. (CVE-2017-11142) - An extended invalid free error exists in PHP in the php_wddx_push_element() function within file ext/wddx/wddx.c when parsing empty boolean tags. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2017-11143) - A flaw exists in OpenSSL in the EVP_SealInit() function within file crypto/evp/p_seal.c due to returning an undocumented value of last seen 2020-06-01 modified 2020-06-02 plugin id 101525 published 2017-07-13 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101525 title PHP 5.6.x < 5.6.31 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(101525); script_version("1.14"); script_cvs_date("Date: 2019/03/04 18:17:59"); script_cve_id( "CVE-2017-6004", "CVE-2017-7890", "CVE-2017-9224", "CVE-2017-9226", "CVE-2017-9227", "CVE-2017-9228", "CVE-2017-9229", "CVE-2017-11142", "CVE-2017-11143", "CVE-2017-11144", "CVE-2017-11145", "CVE-2017-11628", "CVE-2017-12933" ); script_bugtraq_id( 96295, 99489, 99490, 99492, 99501, 99550, 99553, 99601, 99605, 100320, 100538, 101244 ); script_name(english:"PHP 5.6.x < 5.6.31 Multiple Vulnerabilities"); script_summary(english:"Checks the version of PHP."); script_set_attribute(attribute:"synopsis", value: "The version of PHP running on the remote web server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.31. It is, therefore, affected by the following vulnerabilities : - An out-of-bounds read error exists in the PCRE library in the compile_bracket_matchingpath() function within file pcre_jit_compile.c. An unauthenticated, remote attacker can exploit this, via a specially crafted regular expression, to crash a process linked to the library, resulting in a denial of service condition. (CVE-2017-6004) - An out-of-bounds read error exists in the GD Graphics Library (LibGD) in the gdImageCreateFromGifCtx() function within file gd_gif_in.c when handling a specially crafted GIF file. An unauthenticated, remote attacker can exploit this to disclose sensitive memory contents or crash a process linked to the library. (CVE-2017-7890) - An out-of-bounds read error exists in Oniguruma in the match_at() function within file regexec.c. An unauthenticated, remote attacker can exploit this to disclose sensitive memory contents or crash a process linked to the library. (CVE-2017-9224) - An out-of-bounds write error exists in Oniguruma in the next_state_val() function during regular expression compilation. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-9226) - An out-of-bounds read error exists in Oniguruma in the mbc_enc_len() function within file utf8.c. An unauthenticated, remote attacker can exploit this to disclose memory contents or crash a process linked to the library. (CVE-2017-9227) - An out-of-bounds write error exists in Oniguruma in the bitset_set_range() function during regular expression compilation. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-9228) - An invalid pointer deference flaw exists in Oniguruma in the left_adjust_char_head() function within file regexec.c during regular expression compilation. An unauthenticated, remote attacker can exploit this to crash a process linked to the library, resulting in a denial of service condition. (CVE-2017-9229) - A denial of service condition exists in PHP when handling overlarge POST requests. An unauthenticated, remote attacker can exploit this to exhaust available CPU resources. (CVE-2017-11142) - An extended invalid free error exists in PHP in the php_wddx_push_element() function within file ext/wddx/wddx.c when parsing empty boolean tags. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2017-11143) - A flaw exists in OpenSSL in the EVP_SealInit() function within file crypto/evp/p_seal.c due to returning an undocumented value of '-1'. An unauthenticated, remote attacker can exploit this to cause an unspecified impact. (CVE-2017-11144) - An out-of-bounds read error exists in PHP in the php_parse_date() function within file ext/date/lib/parse_date.c. An unauthenticated, remote attacker can exploit this to disclose memory contents or cause a denial of service condition. (CVE-2017-11145) - An out-of-bounds read error exists in PHP in the finish_nested_data() function within file ext/standard/var_unserializer.re. An unauthenticated, remote attacker can exploit this to disclose memory contents or cause a denial of service condition. - An off-by-one overflow condition exists in PHP in the INI parsing API, specifically in the zend_ini_do_op() function within file Zend/zend_ini_parser.y, due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. - A Heap buffer overread flaw in finish_nested_data while unserializing untrusted data could lead to an unspecified impact on the integrity of PHP. (CVE-2017-12933) - A stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. (CVE-2017-11628) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number." ); script_set_attribute(attribute:"see_also", value:"http://www.php.net/ChangeLog-5.php#5.6.31"); script_set_attribute(attribute:"solution", value: "Upgrade to PHP version 5.6.31 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-9224"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/12/23"); script_set_attribute(attribute:"patch_publication_date", value:"2017/07/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/13"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("php_version.nasl"); script_require_keys("www/PHP"); script_require_ports("Services/www", 80); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("webapp_func.inc"); port = get_http_port(default:80, php:TRUE); php = get_php_from_kb( port : port, exit_on_fail : TRUE ); version = php["ver"]; source = php["src"]; backported = get_kb_item('www/php/'+port+'/'+version+'/backported'); if (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, "PHP "+version+" install"); # Check that it is the correct version of PHP if (version =~ "^5(\.6)?$") audit(AUDIT_VER_NOT_GRANULAR, "PHP", port, version); if (version !~ "^5\.6\.") audit(AUDIT_NOT_DETECT, "PHP version 5.6.x", port); fix = "5.6.31"; if (ver_compare(ver:version, fix:fix, strict:FALSE) < 0) { report = '\n Version source : ' + source + '\n Installed version : ' + version + '\n Fixed version : ' + fix + '\n'; security_report_v4(port:port, extra:report, severity:SECURITY_HOLE); } else audit(AUDIT_LISTEN_NOT_VULN, "PHP", port, version);
NASL family Fedora Local Security Checks NASL id FEDORA_2017-E314044789.NASL description This new package includes additional fixes for CVE-2017-9228 . Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-09-29 plugin id 103552 published 2017-09-29 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103552 title Fedora 25 : oniguruma (2017-e314044789) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2017-e314044789. # include("compat.inc"); if (description) { script_id(103552); script_version("3.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2017-9224", "CVE-2017-9228"); script_xref(name:"FEDORA", value:"2017-e314044789"); script_name(english:"Fedora 25 : oniguruma (2017-e314044789)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This new package includes additional fixes for CVE-2017-9228 . Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-e314044789" ); script_set_attribute( attribute:"solution", value:"Update the affected oniguruma package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:oniguruma"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:25"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/24"); script_set_attribute(attribute:"patch_publication_date", value:"2017/09/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/09/29"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^25([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 25", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC25", reference:"oniguruma-6.1.3-3.fc25")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "oniguruma"); }
NASL family CGI abuses NASL id PHP_7_0_21.NASL description According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.21. It is, therefore, affected by the following vulnerabilities : - An out-of-bounds read error exists in the PCRE library in the compile_bracket_matchingpath() function within file pcre_jit_compile.c. An unauthenticated, remote attacker can exploit this, via a specially crafted regular expression, to crash a process linked to the library, resulting in a denial of service condition. (CVE-2017-6004) - An out-of-bounds read error exists in the GD Graphics Library (LibGD) in the gdImageCreateFromGifCtx() function within file gd_gif_in.c when handling a specially crafted GIF file. An unauthenticated, remote attacker can exploit this to disclose sensitive memory contents or crash a process linked to the library. (CVE-2017-7890) - An out-of-bounds read error exists in Oniguruma in the match_at() function within file regexec.c. An unauthenticated, remote attacker can exploit this to disclose sensitive memory contents or crash a process linked to the library. (CVE-2017-9224) - An out-of-bounds write error exists in Oniguruma in the next_state_val() function during regular expression compilation. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-9226) - An out-of-bounds read error exists in Oniguruma in the mbc_enc_len() function within file utf8.c. An unauthenticated, remote attacker can exploit this to disclose memory contents or crash a process linked to the library. (CVE-2017-9227) - An out-of-bounds write error exists in Oniguruma in the bitset_set_range() function during regular expression compilation. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-9228) - An invalid pointer deference flaw exists in Oniguruma in the left_adjust_char_head() function within file regexec.c during regular expression compilation. An unauthenticated, remote attacker can exploit this to crash a process linked to the library, resulting in a denial of service condition. (CVE-2017-9229) - A flaw exists in OpenSSL in the EVP_SealInit() function within file crypto/evp/p_seal.c due to returning an undocumented value of last seen 2020-04-30 modified 2017-07-13 plugin id 101526 published 2017-07-13 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101526 title PHP 7.0.x < 7.0.21 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(101526); script_version("1.10"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/27"); script_cve_id( "CVE-2017-6004", "CVE-2017-7890", "CVE-2017-9224", "CVE-2017-9226", "CVE-2017-9227", "CVE-2017-9228", "CVE-2017-9229", "CVE-2017-11144", "CVE-2017-11145", "CVE-2017-11362", "CVE-2017-11628", "CVE-2017-12933", "CVE-2017-12934" ); script_bugtraq_id( 96295, 99489, 99490, 99492, 99501, 100428 ); script_name(english:"PHP 7.0.x < 7.0.21 Multiple Vulnerabilities"); script_summary(english:"Checks the version of PHP."); script_set_attribute(attribute:"synopsis", value: "The version of PHP running on the remote web server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.21. It is, therefore, affected by the following vulnerabilities : - An out-of-bounds read error exists in the PCRE library in the compile_bracket_matchingpath() function within file pcre_jit_compile.c. An unauthenticated, remote attacker can exploit this, via a specially crafted regular expression, to crash a process linked to the library, resulting in a denial of service condition. (CVE-2017-6004) - An out-of-bounds read error exists in the GD Graphics Library (LibGD) in the gdImageCreateFromGifCtx() function within file gd_gif_in.c when handling a specially crafted GIF file. An unauthenticated, remote attacker can exploit this to disclose sensitive memory contents or crash a process linked to the library. (CVE-2017-7890) - An out-of-bounds read error exists in Oniguruma in the match_at() function within file regexec.c. An unauthenticated, remote attacker can exploit this to disclose sensitive memory contents or crash a process linked to the library. (CVE-2017-9224) - An out-of-bounds write error exists in Oniguruma in the next_state_val() function during regular expression compilation. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-9226) - An out-of-bounds read error exists in Oniguruma in the mbc_enc_len() function within file utf8.c. An unauthenticated, remote attacker can exploit this to disclose memory contents or crash a process linked to the library. (CVE-2017-9227) - An out-of-bounds write error exists in Oniguruma in the bitset_set_range() function during regular expression compilation. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-9228) - An invalid pointer deference flaw exists in Oniguruma in the left_adjust_char_head() function within file regexec.c during regular expression compilation. An unauthenticated, remote attacker can exploit this to crash a process linked to the library, resulting in a denial of service condition. (CVE-2017-9229) - A flaw exists in OpenSSL in the EVP_SealInit() function within file crypto/evp/p_seal.c due to returning an undocumented value of '-1'. An unauthenticated, remote attacker can exploit this to cause an unspecified impact. (CVE-2017-11144) - An out-of-bounds read error exists in PHP in the php_parse_date() function within file ext/date/lib/parse_date.c. An unauthenticated, remote attacker can exploit this to disclose memory contents or cause a denial of service condition. (CVE-2017-11145) - A stack-based buffer overflow condition exists in PHP in the msgfmt_parse_message() function due to improper validation of user-supplied input when parsing locale. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-11362) - An off-by-one overflow condition exists in PHP in the INI parsing API, specifically in the zend_ini_do_op() function within file Zend/zend_ini_parser.c, due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-11628) - An out-of-bounds read error exists in PHP in the finish_nested_data() function within file ext/standard/var_unserializer.re. An unauthenticated, remote attacker can exploit this to disclose memory contents or cause a denial of service condition. (CVE-2017-12933) - A use-after-free error exists in PHP in the zval_get_type() function within file ext/standard/var_unserializer.c. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-12934) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"http://php.net/ChangeLog-7.php#7.0.21"); script_set_attribute(attribute:"solution", value: "Upgrade to PHP version 7.0.21 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-12933"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/17"); script_set_attribute(attribute:"patch_publication_date", value:"2017/07/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/13"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("php_version.nasl"); script_require_keys("www/PHP"); script_require_ports("Services/www", 80); exit(0); } include("vcf.inc"); include("vcf_extras.inc"); include("http.inc"); include("webapp_func.inc"); vcf::php::initialize(); port = get_http_port(default:80, php:TRUE); app_info = vcf::php::get_app_info(port:port); constraints = [ { "min_version" : "7.0.0alpha0", "fixed_version" : "7.0.21" } ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
NASL family Fedora Local Security Checks NASL id FEDORA_2017-EE01A2CED6.NASL description Multiple security flaws were found on the previous version of oniguruma. This new version should fix the issue. Fixed CVEs: CVE-2017-9226 CVE-2017-9225 CVE-2017-9224 CVE-2017-9227 CVE-2017-9229 CVE-2017-9228 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-07-17 plugin id 101745 published 2017-07-17 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101745 title Fedora 26 : oniguruma (2017-ee01a2ced6) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2017-ee01a2ced6. # include("compat.inc"); if (description) { script_id(101745); script_version("3.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2017-9224", "CVE-2017-9225", "CVE-2017-9226", "CVE-2017-9227", "CVE-2017-9228", "CVE-2017-9229"); script_xref(name:"FEDORA", value:"2017-ee01a2ced6"); script_name(english:"Fedora 26 : oniguruma (2017-ee01a2ced6)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Multiple security flaws were found on the previous version of oniguruma. This new version should fix the issue. Fixed CVEs: CVE-2017-9226 CVE-2017-9225 CVE-2017-9224 CVE-2017-9227 CVE-2017-9229 CVE-2017-9228 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-ee01a2ced6" ); script_set_attribute( attribute:"solution", value:"Update the affected oniguruma package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:oniguruma"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:26"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/24"); script_set_attribute(attribute:"patch_publication_date", value:"2017/06/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/17"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^26([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 26", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC26", reference:"oniguruma-6.3.0-1.fc26")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "oniguruma"); }
NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2017-867.NASL description Out-of-bounds heap write in bitset_set_range() : An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it last seen 2020-06-01 modified 2020-06-02 plugin id 102181 published 2017-08-04 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102181 title Amazon Linux AMI : php70 (ALAS-2017-867) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2017-867. # include("compat.inc"); if (description) { script_id(102181); script_version("3.4"); script_cvs_date("Date: 2019/07/10 16:04:12"); script_cve_id("CVE-2017-7890", "CVE-2017-9224", "CVE-2017-9226", "CVE-2017-9227", "CVE-2017-9228", "CVE-2017-9229"); script_xref(name:"ALAS", value:"2017-867"); script_name(english:"Amazon Linux AMI : php70 (ALAS-2017-867)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "Out-of-bounds heap write in bitset_set_range() : An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption. (CVE-2017-9228) Buffer over-read from unitialized data in gdImageCreateFromGifCtx function The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information. (CVE-2017-7890) Invalid pointer dereference in left_adjust_char_head() : An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition. (CVE-2017-9229) Heap buffer overflow in next_state_val() during regular expression compilation : An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of \\700 would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption.(CVE-2017-9226) Out-of-bounds stack read in mbc_enc_len() during regular expression searching : An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer. (CVE-2017-9227) Out-of-bounds stack read in match_at() during regular expression searching : An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer. (CVE-2017-9224)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2017-867.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update php70' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-embedded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-mysqlnd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-opcache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pdo-dblib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-process"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-recode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-zip"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/24"); script_set_attribute(attribute:"patch_publication_date", value:"2017/08/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"php70-7.0.21-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-bcmath-7.0.21-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-cli-7.0.21-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-common-7.0.21-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-dba-7.0.21-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-dbg-7.0.21-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-debuginfo-7.0.21-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-devel-7.0.21-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-embedded-7.0.21-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-enchant-7.0.21-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-fpm-7.0.21-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-gd-7.0.21-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-gmp-7.0.21-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-imap-7.0.21-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-intl-7.0.21-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-json-7.0.21-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-ldap-7.0.21-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-mbstring-7.0.21-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-mcrypt-7.0.21-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-mysqlnd-7.0.21-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-odbc-7.0.21-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-opcache-7.0.21-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-pdo-7.0.21-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-pdo-dblib-7.0.21-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-pgsql-7.0.21-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-process-7.0.21-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-pspell-7.0.21-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-recode-7.0.21-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-snmp-7.0.21-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-soap-7.0.21-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-tidy-7.0.21-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-xml-7.0.21-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-xmlrpc-7.0.21-1.23.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"php70-zip-7.0.21-1.23.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php70 / php70-bcmath / php70-cli / php70-common / php70-dba / etc"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-958.NASL description CVE-2017-9224 An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer. CVE-2017-9226 An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of last seen 2020-03-17 modified 2017-05-30 plugin id 100478 published 2017-05-30 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100478 title Debian DLA-958-1 : libonig security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-958-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(100478); script_version("3.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2017-9224", "CVE-2017-9226", "CVE-2017-9227", "CVE-2017-9228", "CVE-2017-9229"); script_name(english:"Debian DLA-958-1 : libonig security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "CVE-2017-9224 An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer. CVE-2017-9226 An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption. CVE-2017-9227 An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer. CVE-2017-9228 An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption. CVE-2017-9229 An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial of service condition. For Debian 7 'Wheezy', these problems have been fixed in version 5.9.1-1+deb7u1. We recommend that you upgrade your libonig packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2017/05/msg00029.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/libonig" ); script_set_attribute( attribute:"solution", value:"Upgrade the affected libonig-dev, libonig2, and libonig2-dbg packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libonig-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libonig2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libonig2-dbg"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2017/05/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"libonig-dev", reference:"5.9.1-1+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libonig2", reference:"5.9.1-1+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libonig2-dbg", reference:"5.9.1-1+deb7u1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2017-0029_LIBXML2.NASL description An update of the libxml2 package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 121723 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121723 title Photon OS 1.0: Libxml2 PHSA-2017-0029 NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2086.NASL description According to the versions of the oniguruma package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.(CVE-2019-13224) - A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.(CVE-2019-13225) - An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it last seen 2020-05-03 modified 2019-09-30 plugin id 129445 published 2019-09-30 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129445 title EulerOS 2.0 SP8 : oniguruma (EulerOS-SA-2019-2086) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2017-0029_RUBY.NASL description An update of the ruby package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 121725 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121725 title Photon OS 1.0: Ruby PHSA-2017-0029 NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2017-871.NASL description Out-of-bounds heap write in bitset_set_range() An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it last seen 2020-06-01 modified 2020-06-02 plugin id 102545 published 2017-08-18 reporter This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/102545 title Amazon Linux AMI : php56 (ALAS-2017-871) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2649.NASL description According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ** DISPUTED ** Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says last seen 2020-05-08 modified 2019-12-18 plugin id 132184 published 2019-12-18 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132184 title EulerOS 2.0 SP3 : php (EulerOS-SA-2019-2649) NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-3237-1.NASL description This update for php7 fixes the following issues: Security issues fixed : - CVE-2017-16642: Fix timelib_meridian error that could be used to leak information from the interpreter (bsc#1067441). - CVE-2017-9229: Fix invalid pointer dereference in left_adjust_char_head() (bsc#1069631). - CVE-2017-9228: Fix heap out-of-bounds write that occurs in bitset_set_range() during regex compilation (bsc#1069606). Bugs fixed : - Fix wrong reference when serialize/unserialize an object (bsc#1063815). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 120009 published 2019-01-02 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120009 title SUSE SLES12 Security Update : php7 (SUSE-SU-2017:3237-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-1353.NASL description This update for php7 fixes the following issues : Security issues fixed : - CVE-2017-16642: Fix timelib_meridian error that could be used to leak information from the interpreter (bsc#1067441). - CVE-2017-9229: Fix invalid pointer dereference in left_adjust_char_head() (bsc#1069631). - CVE-2017-9228: Fix heap out-of-bounds write that occurs in bitset_set_range() during regex compilation (bsc#1069606). Bugs fixed : - Fix wrong reference when serialize/unserialize an object (bsc#1063815). This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-05 modified 2017-12-14 plugin id 105238 published 2017-12-14 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105238 title openSUSE Security Update : php7 (openSUSE-2017-1353) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2017-188-01.NASL description New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 101316 published 2017-07-10 reporter This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/101316 title Slackware 14.0 / 14.1 / 14.2 / current : php (SSA:2017-188-01) NASL family Fedora Local Security Checks NASL id FEDORA_2017-60997F0D14.NASL description Multiple security flaws were found on oniguruma currently being shipped on Fedora. This new rpm should fix the issue. Fixed CVEs: CVE-2017-9226 CVE-2017-9225 CVE-2017-9224 CVE-2017-9227 CVE-2017-9229 CVE-2017-9228 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-06-12 plugin id 100730 published 2017-06-12 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100730 title Fedora 25 : oniguruma (2017-60997f0d14) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1195.NASL description According to the versions of the ruby packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition.(CVE-2017-9229) - An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer.(CVE-2017-9227) - An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it last seen 2020-03-19 modified 2020-03-13 plugin id 134484 published 2020-03-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134484 title EulerOS Virtualization for ARM 64 3.0.2.0 : ruby (EulerOS-SA-2020-1195) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2403.NASL description According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.(CVE-2017-9224) - An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of last seen 2020-05-08 modified 2019-12-10 plugin id 131895 published 2019-12-10 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131895 title EulerOS 2.0 SP2 : ruby (EulerOS-SA-2019-2403) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_B396CF6C62E611E79DEFB499BAEBFEAF.NASL description the PHP project reports : - A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer (CVE-2017-9224). - A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of last seen 2020-06-01 modified 2020-06-02 plugin id 101332 published 2017-07-10 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101332 title FreeBSD : oniguruma -- multiple vulnerabilities (b396cf6c-62e6-11e7-9def-b499baebfeaf) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1990.NASL description According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A SMTP command injection flaw was found in the way Ruby last seen 2020-05-08 modified 2019-09-24 plugin id 129184 published 2019-09-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129184 title EulerOS 2.0 SP5 : ruby (EulerOS-SA-2019-1990) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-0003-1.NASL description This update for php53 fixes the following issues: Security issues fixed : - CVE-2017-16642: Fix timelib_meridian error that could be used to leak information from the interpreter (bsc#1067441). - CVE-2017-9228: Fix heap out-of-bounds write that occurs in bitset_set_range() during regex compilation (bsc#1069606). - CVE-2017-9229: Fix invalid pointer dereference in left_adjust_char_head() (bsc#1069631). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 105513 published 2018-01-03 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105513 title SUSE SLES11 Security Update : php53 (SUSE-SU-2018:0003-1) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2017-0029.NASL description An update of [ruby,cassandra,linux,libxml2] packages for PhotonOS has been released. last seen 2019-02-21 modified 2019-02-07 plugin id 111878 published 2018-08-17 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=111878 title Photon OS 1.0: Cassandra / Libxml2 / Linux / Ruby PHSA-2017-0029 (deprecated) NASL family CGI abuses NASL id PHP_7_1_7.NASL description According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.7. It is, therefore, affected by the following vulnerabilities : - An out-of-bounds read error exists in the GD Graphics Library (LibGD) in the gdImageCreateFromGifCtx() function within file gd_gif_in.c when handling a specially crafted GIF file. An unauthenticated, remote attacker can exploit this to disclose sensitive memory contents or crash a process linked to the library. (CVE-2017-7890) - An out-of-bounds read error exists in Oniguruma in the match_at() function within file regexec.c. An unauthenticated, remote attacker can exploit this to disclose sensitive memory contents or crash a process linked to the library. (CVE-2017-9224) - An out-of-bounds write error exists in Oniguruma in the next_state_val() function during regular expression compilation. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-9226) - An out-of-bounds read error exists in Oniguruma in the mbc_enc_len() function within file utf8.c. An unauthenticated, remote attacker can exploit this to disclose memory contents or crash a process linked to the library. (CVE-2017-9227) - An out-of-bounds write error exists in Oniguruma in the bitset_set_range() function during regular expression compilation. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-9228) - An invalid pointer deference flaw exists in Oniguruma in the left_adjust_char_head() function within file regexec.c during regular expression compilation. An unauthenticated, remote attacker can exploit this to crash a process linked to the library, resulting in a denial of service condition. (CVE-2017-9229) - A flaw exists in OpenSSL in the EVP_SealInit() function within file crypto/evp/p_seal.c due to returning an undocumented value of last seen 2020-04-30 modified 2017-07-13 plugin id 101527 published 2017-07-13 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101527 title PHP 7.1.x < 7.1.7 Multiple Vulnerabilities NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2438.NASL description According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.(CVE-2019-11043) - The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP.(CVE-2017-12933) - ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call.(CVE-2016-7124) - The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi )abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.(CVE-2015-8382) - An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.(CVE-2018-5712) - exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.(CVE-2018-14851) - The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.(CVE-2016-7480) - ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.(CVE-2016-7411) - The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table.(CVE-2015-8879) - In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension last seen 2020-05-08 modified 2019-12-04 plugin id 131592 published 2019-12-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131592 title EulerOS 2.0 SP2 : php (EulerOS-SA-2019-2438) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3382-1.NASL description It was discovered that the PHP opcache created keys for files it cached based on their filepath. A local attacker could possibly use this issue in a shared hosting environment to obtain sensitive information. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-8994) It was discovered that the PHP URL parser incorrectly handled certain URI components. A remote attacker could possibly use this issue to bypass hostname-specific URL checks. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-10397) It was discovered that PHP incorrectly handled certain boolean parameters when unserializing data. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2017-11143) Sebastian Li, Wei Lei, Xie Xiaofei, and Liu Yang discovered that PHP incorrectly handled the OpenSSL sealing function. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2017-11144) Wei Lei and Liu Yang discovered that the PHP date extension incorrectly handled memory. A remote attacker could possibly use this issue to disclose sensitive information from the server. (CVE-2017-11145) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash or disclose sensitive information. This issue only affected Ubuntu 14.04 LTS. (CVE-2017-11147) It was discovered that PHP incorrectly handled locale length. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2017-11362) Wei Lei and Liu Yang discovered that PHP incorrectly handled parsing ini files. An attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2017-11628) It was discovered that PHP mbstring incorrectly handled certain regular expressions. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 102416 published 2017-08-11 reporter Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102416 title Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : php5, php7.0 vulnerabilities (USN-3382-1) NASL family Fedora Local Security Checks NASL id FEDORA_2017-E2D6D0067F.NASL description Multiple security flaws were found on oniguruma currently being shipped on Fedora. This new rpm should fix the issue. Fixed CVEs: CVE-2017-9226 CVE-2017-9224 CVE-2017-9227 CVE-2017-9229 CVE-2017-9228 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-06-13 plugin id 100748 published 2017-06-13 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100748 title Fedora 24 : oniguruma (2017-e2d6d0067f) NASL family Fedora Local Security Checks NASL id FEDORA_2017-B674DC22AD.NASL description **PHP version 7.0.21** (06 Jul 2017) **Core:** - Fixed bug php#74738 (Multiple [PATH=] and [HOST=] sections not properly parsed). (Manuel Mausz) - Fixed bug php#74658 (Undefined constants in array properties result in broken properties). (Laruence) - Fixed misparsing of abstract unix domain socket names. (Sara) - Fixed bug php#74101, bug php#74614 (Unserialize Heap Use-After-Free (READ: 1) in zval_get_type). (Nikita) - Fixed bug php#74111 (Heap buffer overread (READ: 1) finish_nested_data from unserialize). (Nikita) - Fixed bug php#74603 (PHP INI Parsing Stack Buffer Overflow Vulnerability). (Stas) - Fixed bug php#74819 (wddx_deserialize() heap out-of-bound read via php_parse_date()). (Derick) **DOM:** - Fixed bug php#69373 (References to deleted XPath query results). (ttoohey) **Intl:** - Fixed bug php#73473 (Stack Buffer Overflow in msgfmt_parse_message). (libnex) - Fixed bug php#74705 (Wrong reflection on Collator::getSortKey and collator_get_sort_key). (Tyson Andre, Remi) - Fixed bug php#73634 (grapheme_strpos illegal memory access). (Stas) **Mbstring:** - Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229) (Remi, Mamoru TASAKA) **Opcache:** - Fixed bug php#74663 (Segfault with opcache.memory_protect and validate_timestamp). (Laruence) **OpenSSL:** - Fixed bug php#74651 (negative-size-param (-1) in memcpy in zif_openssl_seal()). (Stas) **Reflection:** - Fixed bug php#74673 (Segfault when cast Reflection object to string with undefined constant). (Laruence) **SPL:** - Fixed bug php#74478 (null coalescing operator failing with SplFixedArray). (jhdxr) **Standard:** - Fixed bug php#74708 (Invalid Reflection signatures for random_bytes and random_int). (Tyson Andre, Remi) - Fixed bug php#73648 (Heap buffer overflow in substr). (Stas) **FTP:** - Fixed bug php#74598 (ftp:// wrapper ignores context arg). (Sara) **PHAR:** - Fixed bug php#74386 (Phar::__construct reflection incorrect). (villfa) **SOAP** - Fixed bug php#74679 (Incorrect conversion array with WSDL_CACHE_MEMORY). (Dmitry) **Streams:** - Fixed bug php#74556 (stream_socket_get_name() returns last seen 2020-06-05 modified 2017-07-14 plugin id 101538 published 2017-07-14 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101538 title Fedora 25 : php (2017-b674dc22ad) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1443.NASL description According to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteraction#verbose calls say without escaping, escape sequence injection is possible.(CVE-2019-8321) - An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition.(CVE-2017-9229) - An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer.(CVE-2017-9227) - An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it last seen 2020-04-30 modified 2020-04-16 plugin id 135605 published 2020-04-16 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135605 title EulerOS Virtualization 3.0.2.2 : ruby (EulerOS-SA-2020-1443) NASL family Fedora Local Security Checks NASL id FEDORA_2017-5ADE380AB2.NASL description **PHP version 5.6.31** (06 Jul 2017) **Core:** - Fixed bug php#73807 (Performance problem with processing post request over 2000000 chars). (Nikita) - Fixed bug php#74111 (Heap buffer overread (READ: 1) finish_nested_data from unserialize). (Nikita) - Fixed bug php#74603 (PHP INI Parsing Stack Buffer Overflow Vulnerability). (Stas) - Fixed bug php#74819 (wddx_deserialize() heap out-of-bound read via php_parse_date()). (Derick) **mbstring:** - Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229) (Remi, Mamoru TASAKA) **OpenSSL:** - Fixed bug php#74651 (negative-size-param (-1) in memcpy in zif_openssl_seal()). (Stas) **WDDX:** - Fixed bug php#74145 (wddx parsing empty boolean tag leads to SIGSEGV). (Stas) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-07-21 plugin id 101864 published 2017-07-21 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101864 title Fedora 24 : php (2017-5ade380ab2) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2017-0029_LINUX.NASL description An update of the linux package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 121724 published 2019-02-07 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121724 title Photon OS 1.0: Linux PHSA-2017-0029 NASL family Misc. NASL id SECURITYCENTER_PHP_5_6_31.NASL description The Tenable SecurityCenter application installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities in the bundled version of PHP : - An out-of-bounds read error exists in the PCRE library in the compile_bracket_matchingpath() function within file pcre_jit_compile.c. An unauthenticated, remote attacker can exploit this, via a specially crafted regular expression, to crash a process linked to the library, resulting in a denial of service condition. (CVE-2017-6004) - An out-of-bounds read error exists in the GD Graphics Library (LibGD) in the gdImageCreateFromGifCtx() function within file gd_gif_in.c when handling a specially crafted GIF file. An unauthenticated, remote attacker can exploit this to disclose sensitive memory contents or crash a process linked to the library. (CVE-2017-7890) - An out-of-bounds read error exists in Oniguruma in the match_at() function within file regexec.c. An unauthenticated, remote attacker can exploit this to disclose sensitive memory contents or crash a process linked to the library. (CVE-2017-9224) - An out-of-bounds write error exists in Oniguruma in the next_state_val() function during regular expression compilation. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-9226) - An out-of-bounds read error exists in Oniguruma in the mbc_enc_len() function within file utf8.c. An unauthenticated, remote attacker can exploit this to disclose memory contents or crash a process linked to the library. (CVE-2017-9227) - An out-of-bounds write error exists in Oniguruma in the bitset_set_range() function during regular expression compilation. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-9228) - An invalid pointer deference flaw exists in Oniguruma in the left_adjust_char_head() function within file regexec.c during regular expression compilation. An unauthenticated, remote attacker can exploit this to crash a process linked to the library, resulting in a denial of service condition. (CVE-2017-9229) - A denial of service condition exists in PHP when handling overlarge POST requests. An unauthenticated, remote attacker can exploit this to exhaust available CPU resources. (CVE-2017-11142) - An extended invalid free error exists in PHP in the php_wddx_push_element() function within file ext/wddx/wddx.c when parsing empty boolean tags. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2017-11143) - A flaw exists in OpenSSL in the EVP_SealInit() function within file crypto/evp/p_seal.c due to returning an undocumented value of last seen 2020-06-01 modified 2020-06-02 plugin id 103121 published 2017-09-12 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103121 title Tenable SecurityCenter PHP < 5.6.31 Multiple Vulnerabilities (TNS-2017-12
Redhat
advisories |
| ||||
rpms |
|
References
- https://access.redhat.com/errata/RHSA-2018:1296
- https://access.redhat.com/errata/RHSA-2018:1296
- https://github.com/kkos/oniguruma/commit/3b63d12038c8d8fc278e81c942fa9bec7c704c8b
- https://github.com/kkos/oniguruma/commit/3b63d12038c8d8fc278e81c942fa9bec7c704c8b
- https://github.com/kkos/oniguruma/issues/60
- https://github.com/kkos/oniguruma/issues/60