Vulnerabilities > CVE-2018-12882 - Use After Free vulnerability in multiple products

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
php
canonical
netapp
CWE-416
critical
nessus
NVD
Published: 2018-06-26
Updated: 2019-03-12

Summary

exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function.

Vulnerable Configurations

Part Description Count
Application
Php
35
Application
Netapp
1
OS
Canonical
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-708.NASL
    descriptionThis update for php7 fixes the following issues : - CVE-2018-12882: exif_read_from_impl allowed attackers to trigger a use-after-free (in exif_read_from_file) because it closed a stream that it is not responsible for closing (bsc#1099098) This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2018-07-09
    plugin id110964
    published2018-07-09
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110964
    titleopenSUSE Security Update : php7 (openSUSE-2018-708)
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2018-708.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(110964);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2018-12882");

  script_name(english:"openSUSE Security Update : php7 (openSUSE-2018-708)");
  script_summary(english:"Check for the openSUSE-2018-708 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for php7 fixes the following issues :

  - CVE-2018-12882: exif_read_from_impl allowed attackers to
    trigger a use-after-free (in exif_read_from_file)
    because it closed a stream that it is not responsible
    for closing (bsc#1099098)

This update was imported from the SUSE:SLE-12:Update update project."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1099098"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected php7 packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php7-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-bcmath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-bcmath-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-bz2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-bz2-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-calendar");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-calendar-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ctype");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ctype-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-curl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-curl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-dba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-dba-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-dom");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-dom-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-enchant");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-enchant-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-exif");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-exif-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fastcgi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fastcgi-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fileinfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fileinfo-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-firebird");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-firebird-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fpm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fpm-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ftp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ftp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gd-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gettext");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gettext-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gmp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-iconv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-iconv-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-imap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-imap-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-intl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-intl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-json");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-json-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ldap-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-mbstring-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-mcrypt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-mcrypt-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-mysql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-odbc-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-opcache");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-opcache-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-openssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-openssl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pcntl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pcntl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pdo-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pear");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pear-Archive_Tar");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pgsql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-phar");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-phar-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-posix");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-posix-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pspell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pspell-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-readline");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-readline-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-shmop");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-shmop-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-snmp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-soap-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sockets");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sockets-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sqlite");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sqlite-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvmsg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvmsg-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvsem");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvsem-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvshm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvshm-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-tidy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-tidy-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-tokenizer");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-tokenizer-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-wddx");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-wddx-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlreader");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlreader-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlrpc-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlwriter");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlwriter-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xsl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xsl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-zip");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-zip-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-zlib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-zlib-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");

  script_set_attribute(attribute:"patch_publication_date", value:"2018/07/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/09");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE42.3", reference:"apache2-mod_php7-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"apache2-mod_php7-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-bcmath-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-bcmath-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-bz2-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-bz2-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-calendar-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-calendar-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-ctype-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-ctype-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-curl-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-curl-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-dba-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-dba-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-debugsource-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-devel-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-dom-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-dom-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-enchant-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-enchant-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-exif-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-exif-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-fastcgi-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-fastcgi-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-fileinfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-fileinfo-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-firebird-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-firebird-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-fpm-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-fpm-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-ftp-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-ftp-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-gd-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-gd-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-gettext-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-gettext-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-gmp-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-gmp-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-iconv-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-iconv-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-imap-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-imap-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-intl-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-intl-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-json-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-json-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-ldap-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-ldap-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-mbstring-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-mbstring-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-mcrypt-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-mcrypt-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-mysql-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-mysql-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-odbc-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-odbc-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-opcache-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-opcache-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-openssl-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-openssl-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-pcntl-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-pcntl-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-pdo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-pdo-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-pear-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-pear-Archive_Tar-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-pgsql-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-pgsql-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-phar-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-phar-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-posix-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-posix-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-pspell-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-pspell-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-readline-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-readline-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-shmop-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-shmop-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-snmp-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-snmp-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-soap-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-soap-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-sockets-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-sockets-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-sqlite-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-sqlite-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-sysvmsg-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-sysvmsg-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-sysvsem-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-sysvsem-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-sysvshm-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-sysvshm-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-tidy-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-tidy-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-tokenizer-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-tokenizer-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-wddx-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-wddx-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-xmlreader-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-xmlreader-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-xmlrpc-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-xmlrpc-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-xmlwriter-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-xmlwriter-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-xsl-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-xsl-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-zip-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-zip-debuginfo-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-zlib-7.0.7-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php7-zlib-debuginfo-7.0.7-40.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2-mod_php7 / apache2-mod_php7-debuginfo / php7 / php7-bcmath / etc");
}
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-998.NASL
    descriptionThis update for php5 fixes the following issues : The following security issues were fixed : - CVE-2018-10360: Fixed an out-of-bounds read in the do_core_note function in readelf.c in libmagic.a, which allowed remote attackers to cause a denial of service via a crafted ELF file (bsc#1096984) - CVE-2018-14851: Fixed an out-of-bound read in exif_process_IFD_in_MAKERNOTE, which could be exploited by an attacker via crafted JPG files, and could result in an application crash. (bsc#1103659) - CVE-2018-12882: Fixed an use-after-free in exif_read_from_impl in ext/exif/exif.c (bsc#1099098) - CVE-2017-9118: Fixed an out of bounds access in php_pcre_replace_impl via a crafted preg_replace call (bsc#1105466) This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2018-09-13
    plugin id117477
    published2018-09-13
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117477
    titleopenSUSE Security Update : php5 (openSUSE-2018-998)
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2018-998.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(117477);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2017-9118", "CVE-2018-10360", "CVE-2018-12882", "CVE-2018-14851");

  script_name(english:"openSUSE Security Update : php5 (openSUSE-2018-998)");
  script_summary(english:"Check for the openSUSE-2018-998 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for php5 fixes the following issues :

The following security issues were fixed :

  - CVE-2018-10360: Fixed an out-of-bounds read in the
    do_core_note function in readelf.c in libmagic.a, which
    allowed remote attackers to cause a denial of service
    via a crafted ELF file (bsc#1096984)

  - CVE-2018-14851: Fixed an out-of-bound read in
    exif_process_IFD_in_MAKERNOTE, which could be exploited
    by an attacker via crafted JPG files, and could result
    in an application crash. (bsc#1103659)

  - CVE-2018-12882: Fixed an use-after-free in
    exif_read_from_impl in ext/exif/exif.c (bsc#1099098)

  - CVE-2017-9118: Fixed an out of bounds access in
    php_pcre_replace_impl via a crafted preg_replace call
    (bsc#1105466)

This update was imported from the SUSE:SLE-12:Update update project."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1096984"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1099098"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103659"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1105466"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected php5 packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-enchant");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-enchant-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fileinfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-firebird");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-firebird-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fpm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fpm-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-intl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-intl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mssql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mssql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-opcache");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-opcache-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pear");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-phar");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-phar-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-readline");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-readline-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");

  script_set_attribute(attribute:"patch_publication_date", value:"2018/09/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/09/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE42.3", reference:"apache2-mod_php5-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"apache2-mod_php5-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-bcmath-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-bcmath-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-bz2-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-bz2-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-calendar-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-calendar-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-ctype-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-ctype-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-curl-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-curl-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-dba-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-dba-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-debugsource-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-devel-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-dom-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-dom-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-enchant-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-enchant-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-exif-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-exif-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-fastcgi-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-fastcgi-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-fileinfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-fileinfo-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-firebird-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-firebird-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-fpm-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-fpm-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-ftp-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-ftp-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-gd-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-gd-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-gettext-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-gettext-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-gmp-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-gmp-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-iconv-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-iconv-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-imap-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-imap-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-intl-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-intl-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-json-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-json-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-ldap-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-ldap-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-mbstring-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-mbstring-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-mcrypt-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-mcrypt-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-mssql-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-mssql-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-mysql-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-mysql-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-odbc-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-odbc-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-opcache-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-opcache-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-openssl-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-openssl-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-pcntl-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-pcntl-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-pdo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-pdo-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-pear-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-pgsql-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-pgsql-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-phar-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-phar-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-posix-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-posix-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-pspell-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-pspell-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-readline-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-readline-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-shmop-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-shmop-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-snmp-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-snmp-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-soap-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-soap-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-sockets-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-sockets-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-sqlite-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-sqlite-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-suhosin-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-suhosin-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-sysvmsg-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-sysvmsg-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-sysvsem-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-sysvsem-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-sysvshm-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-sysvshm-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-tidy-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-tidy-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-tokenizer-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-tokenizer-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-wddx-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-wddx-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-xmlreader-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-xmlreader-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-xmlrpc-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-xmlrpc-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-xmlwriter-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-xmlwriter-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-xsl-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-xsl-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-zip-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-zip-debuginfo-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-zlib-5.5.14-103.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"php5-zlib-debuginfo-5.5.14-103.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2-mod_php5 / apache2-mod_php5-debuginfo / php5 / php5-bcmath / etc");
}
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-737.NASL
    descriptionThis update for php7 fixes the following issues : - CVE-2018-12882: exif_read_from_impl allowed attackers to trigger a use-after-free (in exif_read_from_file) because it closed a stream that it is not responsible for closing (bsc#1099098). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-05
    modified2018-07-20
    plugin id111194
    published2018-07-20
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111194
    titleopenSUSE Security Update : php7 (openSUSE-2018-737)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2682-1.NASL
    descriptionThis update for php5 fixes the following issues : The following security issues were fixed : CVE-2018-10360: Fixed an out-of-bounds read in the do_core_note function in readelf.c in libmagic.a, which allowed remote attackers to cause a denial of service via a crafted ELF file (bsc#1096984) CVE-2018-14851: Fixed an out-of-bound read in exif_process_IFD_in_MAKERNOTE, which could be exploited by an attacker via crafted JPG files, and could result in an application crash. (bsc#1103659) CVE-2018-12882: Fixed an use-after-free in exif_read_from_impl in ext/exif/exif.c (bsc#1099098) CVE-2017-9118: Fixed an out of bounds access in php_pcre_replace_impl via a crafted preg_replace call (bsc#1105466) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2019-01-02
    plugin id120095
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120095
    titleSUSE SLES12 Security Update : php5 (SUSE-SU-2018:2682-1)
  • NASL familyCGI abuses
    NASL idPHP_7_2_8.NASL
    descriptionAccording to its banner, the version of PHP running on the remote web server is 7.2.x prior to 7.2.8. It is, therefore, affected by a Use-After-Free Arbitrary Code Execution Vulnerability.
    last seen2020-06-01
    modified2020-06-02
    plugin id111216
    published2018-07-20
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111216
    titlePHP 7.2.x < 7.2.8 Use After Free Arbitrary Code Execution in EXIF
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1936-1.NASL
    descriptionThis update for php7 fixes the following issues : - CVE-2018-12882: exif_read_from_impl allowed attackers to trigger a use-after-free (in exif_read_from_file) because it closed a stream that it is not responsible for closing (bsc#1099098). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-21
    modified2019-01-02
    plugin id120041
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120041
    titleSUSE SLES15 Security Update : php7 (SUSE-SU-2018:1936-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2044-1.NASL
    descriptionThis update for php53 fixes the following issues: The following security issue was fixed : - An out-of-bounds read in the do_core_note function in readelf.c in libmagic.a allowed remote attackers to cause a denial of service via a crafted ELF file (CVE-2018-10360, bsc#1096984) - CVE-2018-12882: exif_read_from_impl allowed attackers to trigger a use-after-free (in exif_read_from_file) because it closed a stream that it is not responsible for closing (bsc#1099098) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id111265
    published2018-07-24
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111265
    titleSUSE SLES11 Security Update : php53 (SUSE-SU-2018:2044-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1886-1.NASL
    descriptionThis update for php7 fixes the following issues : - CVE-2018-12882: exif_read_from_impl allowed attackers to trigger a use-after-free (in exif_read_from_file) because it closed a stream that it is not responsible for closing (bsc#1099098) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-21
    modified2019-01-02
    plugin id120033
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120033
    titleSUSE SLES12 Security Update : php7 (SUSE-SU-2018:1886-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3702-2.NASL
    descriptionUSN-3702-1 fixed a vulnerability in PHP. PHP 7.2.7 did not actually include the fix for CVE-2018-12882. This update adds a backported patch to correct the issue. We apologize for the inconvenience. Original advisory details : It was discovered that PHP incorrectly handled exif tags in certain images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id110940
    published2018-07-06
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110940
    titleUbuntu 18.04 LTS : php7.2 vulnerability (USN-3702-2)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2018-1067.NASL
    descriptionexif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.(CVE-2018-14851) exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function.(CVE-2018-12882) An issue was discovered in PHP 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.(CVE-2018-14883)
    last seen2020-06-01
    modified2020-06-02
    plugin id112094
    published2018-08-24
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112094
    titleAmazon Linux AMI : php72 (ALAS-2018-1067)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-522.NASL
    descriptionThis update for php7 fixes the following issues : - CVE-2018-12882: exif_read_from_impl allowed attackers to trigger a use-after-free (in exif_read_from_file) because it closed a stream that it is not responsible for closing (bsc#1099098). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id123220
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123220
    titleopenSUSE Security Update : php7 (openSUSE-2019-522)
  • NASL familyCGI abuses
    NASL idPHP_7_0_31.NASL
    descriptionAccording to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.31. It is, therefore, affected by a Use-After-Free Arbitrary Code Execution Vulnerability.
    last seen2020-06-01
    modified2020-06-02
    plugin id111215
    published2018-07-20
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111215
    titlePHP 7.0.x < 7.0.31 Use After Free Arbitrary Code Execution in EXIF
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1936-2.NASL
    descriptionThis update for php7 fixes the following issues : - CVE-2018-12882: exif_read_from_impl allowed attackers to trigger a use-after-free (in exif_read_from_file) because it closed a stream that it is not responsible for closing (bsc#1099098). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-21
    modified2019-01-02
    plugin id120042
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120042
    titleSUSE SLES15 Security Update : php7 (SUSE-SU-2018:1936-2)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3702-1.NASL
    descriptionIt was discovered that PHP incorrectly handled exif tags in certain images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id110924
    published2018-07-05
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110924
    titleUbuntu 18.04 LTS : php7.2 vulnerability (USN-3702-1)

References