Vulnerabilities > CVE-2018-14851 - Out-of-bounds Read vulnerability in multiple products

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
local
low complexity
php
canonical
debian
netapp
CWE-125
nessus

Summary

exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.

Vulnerable Configurations

Part Description Count
Application
Php
1029
Application
Netapp
1
OS
Canonical
4
OS
Debian
2

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Nessus

  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2018-1066.NASL
    descriptionexif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, and 7.1.x before 7.1.20, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.(CVE-2018-14851) An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, and 7.1.x before 7.1.20. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.(CVE-2018-14883)
    last seen2020-06-01
    modified2020-06-02
    plugin id112093
    published2018-08-24
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112093
    titleAmazon Linux AMI : php56 / php70,php71 (ALAS-2018-1066)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2018-1066.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(112093);
      script_version("1.2");
      script_cvs_date("Date: 2018/10/04  9:31:13");
    
      script_cve_id("CVE-2018-14851", "CVE-2018-14883");
      script_xref(name:"ALAS", value:"2018-1066");
    
      script_name(english:"Amazon Linux AMI : php56 / php70,php71 (ALAS-2018-1066)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37,
    7.0.x before 7.0.31, and 7.1.x before 7.1.20, allows remote attackers
    to cause a denial of service (out-of-bounds read and application
    crash) via a crafted JPEG file.(CVE-2018-14851)
    
    An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, and
    7.1.x before 7.1.20. An Integer Overflow leads to a heap-based buffer
    over-read in exif_thumbnail_extract of exif.c.(CVE-2018-14883)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2018-1066.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Run 'yum update php56' to update your system.
    
    Run 'yum update php70' to update your system.
    
    Run 'yum update php71' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-embedded");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-enchant");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-fpm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-gmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-imap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-intl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mcrypt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mssql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mysqlnd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-opcache");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-process");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pspell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-recode");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-tidy");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-xml");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-embedded");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-enchant");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-fpm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-gmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-imap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-intl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-json");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-mcrypt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-mysqlnd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-opcache");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pdo-dblib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-process");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-pspell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-recode");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-tidy");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-xml");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php70-zip");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-embedded");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-enchant");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-fpm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-gmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-imap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-intl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-json");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-mcrypt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-mysqlnd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-opcache");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-pdo-dblib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-process");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-pspell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-recode");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-tidy");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-xml");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php71-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/08/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"php56-5.6.37-1.139.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-bcmath-5.6.37-1.139.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-cli-5.6.37-1.139.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-common-5.6.37-1.139.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-dba-5.6.37-1.139.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-dbg-5.6.37-1.139.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-debuginfo-5.6.37-1.139.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-devel-5.6.37-1.139.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-embedded-5.6.37-1.139.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-enchant-5.6.37-1.139.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-fpm-5.6.37-1.139.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-gd-5.6.37-1.139.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-gmp-5.6.37-1.139.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-imap-5.6.37-1.139.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-intl-5.6.37-1.139.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-ldap-5.6.37-1.139.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-mbstring-5.6.37-1.139.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-mcrypt-5.6.37-1.139.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-mssql-5.6.37-1.139.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-mysqlnd-5.6.37-1.139.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-odbc-5.6.37-1.139.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-opcache-5.6.37-1.139.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-pdo-5.6.37-1.139.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-pgsql-5.6.37-1.139.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-process-5.6.37-1.139.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-pspell-5.6.37-1.139.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-recode-5.6.37-1.139.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-snmp-5.6.37-1.139.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-soap-5.6.37-1.139.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-tidy-5.6.37-1.139.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-xml-5.6.37-1.139.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-xmlrpc-5.6.37-1.139.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-7.0.31-1.30.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-bcmath-7.0.31-1.30.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-cli-7.0.31-1.30.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-common-7.0.31-1.30.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-dba-7.0.31-1.30.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-dbg-7.0.31-1.30.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-debuginfo-7.0.31-1.30.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-devel-7.0.31-1.30.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-embedded-7.0.31-1.30.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-enchant-7.0.31-1.30.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-fpm-7.0.31-1.30.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-gd-7.0.31-1.30.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-gmp-7.0.31-1.30.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-imap-7.0.31-1.30.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-intl-7.0.31-1.30.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-json-7.0.31-1.30.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-ldap-7.0.31-1.30.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-mbstring-7.0.31-1.30.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-mcrypt-7.0.31-1.30.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-mysqlnd-7.0.31-1.30.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-odbc-7.0.31-1.30.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-opcache-7.0.31-1.30.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-pdo-7.0.31-1.30.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-pdo-dblib-7.0.31-1.30.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-pgsql-7.0.31-1.30.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-process-7.0.31-1.30.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-pspell-7.0.31-1.30.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-recode-7.0.31-1.30.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-snmp-7.0.31-1.30.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-soap-7.0.31-1.30.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-tidy-7.0.31-1.30.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-xml-7.0.31-1.30.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-xmlrpc-7.0.31-1.30.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php70-zip-7.0.31-1.30.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php71-7.1.20-1.33.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php71-bcmath-7.1.20-1.33.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php71-cli-7.1.20-1.33.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php71-common-7.1.20-1.33.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php71-dba-7.1.20-1.33.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php71-dbg-7.1.20-1.33.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php71-debuginfo-7.1.20-1.33.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php71-devel-7.1.20-1.33.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php71-embedded-7.1.20-1.33.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php71-enchant-7.1.20-1.33.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php71-fpm-7.1.20-1.33.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php71-gd-7.1.20-1.33.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php71-gmp-7.1.20-1.33.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php71-imap-7.1.20-1.33.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php71-intl-7.1.20-1.33.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php71-json-7.1.20-1.33.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php71-ldap-7.1.20-1.33.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php71-mbstring-7.1.20-1.33.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php71-mcrypt-7.1.20-1.33.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php71-mysqlnd-7.1.20-1.33.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php71-odbc-7.1.20-1.33.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php71-opcache-7.1.20-1.33.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php71-pdo-7.1.20-1.33.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php71-pdo-dblib-7.1.20-1.33.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php71-pgsql-7.1.20-1.33.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php71-process-7.1.20-1.33.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php71-pspell-7.1.20-1.33.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php71-recode-7.1.20-1.33.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php71-snmp-7.1.20-1.33.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php71-soap-7.1.20-1.33.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php71-tidy-7.1.20-1.33.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php71-xml-7.1.20-1.33.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php71-xmlrpc-7.1.20-1.33.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php56 / php56-bcmath / php56-cli / php56-common / php56-dba / etc");
    }
    
  • NASL familyMisc.
    NASL idSECURITYCENTER_5_7_1_TNS_2018_12.NASL
    descriptionAccording to its self-reported version, the Tenable SecurityCenter application installed on the remote host is prior to 5.7.1. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id117672
    published2018-09-24
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117672
    titleTenable SecurityCenter < 5.7.1 Multiple Vulnerabilities (TNS-2018-12)
  • NASL familyCGI abuses
    NASL idPHP_7_1_20.NASL
    descriptionAccording to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.20. It is, therefore, affected by a denial of service vulnerability.
    last seen2020-06-01
    modified2020-06-02
    plugin id111231
    published2018-07-24
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111231
    titlePHP 7.1.x < 7.1.20 exif_thumbnail_extract() DoS
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4353.NASL
    descriptionMultiple security issues were found in PHP, a widely-used open source general purpose scripting language: The EXIF module was susceptible to denial of service/information disclosure when parsing malformed images, the Apache module allowed cross-site-scripting via the body of a
    last seen2020-04-30
    modified2018-12-11
    plugin id119561
    published2018-12-11
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119561
    titleDebian DSA-4353-1 : php7.0 - security update
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-998.NASL
    descriptionThis update for php5 fixes the following issues : The following security issues were fixed : - CVE-2018-10360: Fixed an out-of-bounds read in the do_core_note function in readelf.c in libmagic.a, which allowed remote attackers to cause a denial of service via a crafted ELF file (bsc#1096984) - CVE-2018-14851: Fixed an out-of-bound read in exif_process_IFD_in_MAKERNOTE, which could be exploited by an attacker via crafted JPG files, and could result in an application crash. (bsc#1103659) - CVE-2018-12882: Fixed an use-after-free in exif_read_from_impl in ext/exif/exif.c (bsc#1099098) - CVE-2017-9118: Fixed an out of bounds access in php_pcre_replace_impl via a crafted preg_replace call (bsc#1105466) This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2018-09-13
    plugin id117477
    published2018-09-13
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117477
    titleopenSUSE Security Update : php5 (openSUSE-2018-998)
  • NASL familyCGI abuses
    NASL idPHP_5_6_37_MULTIPLE.NASL
    descriptionThis plugin has been deprecated due to prior coverage
    last seen2018-10-04
    modified2018-09-20
    plugin id117340
    published2018-09-07
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=117340
    titlePHP < 5.6.37 or 7.2.x < 7.2.8 Multiple Vulnerabilities (Deprecated)
  • NASL familyCGI abuses
    NASL idPHP_5_6_37.NASL
    descriptionAccording to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.37. It is, therefore, affected by a denial of service vulnerability.
    last seen2020-06-01
    modified2020-06-02
    plugin id111230
    published2018-07-24
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111230
    titlePHP 5.6.x < 5.6.37 exif_thumbnail_extract() DoS
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2682-1.NASL
    descriptionThis update for php5 fixes the following issues : The following security issues were fixed : CVE-2018-10360: Fixed an out-of-bounds read in the do_core_note function in readelf.c in libmagic.a, which allowed remote attackers to cause a denial of service via a crafted ELF file (bsc#1096984) CVE-2018-14851: Fixed an out-of-bound read in exif_process_IFD_in_MAKERNOTE, which could be exploited by an attacker via crafted JPG files, and could result in an application crash. (bsc#1103659) CVE-2018-12882: Fixed an use-after-free in exif_read_from_impl in ext/exif/exif.c (bsc#1099098) CVE-2017-9118: Fixed an out of bounds access in php_pcre_replace_impl via a crafted preg_replace call (bsc#1105466) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2019-01-02
    plugin id120095
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120095
    titleSUSE SLES12 Security Update : php5 (SUSE-SU-2018:2682-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-892.NASL
    descriptionThis update for php7 fixes the following issues: The following security vulnerabilities were fixed : - CVE-2018-14851: Fixed an out-of-bound read in exif_process_IFD_in_MAKERNOTE, which could be exploited by an attacker via crafted JPG files, and could result in an application crash. (bsc#1103659) - CVE-2017-9120: Fixed an buffer overflow in mysqli_real_escape_string, which could be exploited via along string and could result in an application crash or have other unspecified impacts. (bsc#1103661) This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2018-08-20
    plugin id112001
    published2018-08-20
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112001
    titleopenSUSE Security Update : php7 (openSUSE-2018-892)
  • NASL familyCGI abuses
    NASL idPHP_7_2_8.NASL
    descriptionAccording to its banner, the version of PHP running on the remote web server is 7.2.x prior to 7.2.8. It is, therefore, affected by a Use-After-Free Arbitrary Code Execution Vulnerability.
    last seen2020-06-01
    modified2020-06-02
    plugin id111216
    published2018-07-20
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111216
    titlePHP 7.2.x < 7.2.8 Use After Free Arbitrary Code Execution in EXIF
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2649.NASL
    descriptionAccording to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ** DISPUTED ** Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says
    last seen2020-05-08
    modified2019-12-18
    plugin id132184
    published2019-12-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132184
    titleEulerOS 2.0 SP3 : php (EulerOS-SA-2019-2649)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2333-1.NASL
    descriptionThis update for php7 fixes the following issues: The following security vulnerabilities were fixed : - CVE-2018-14851: Fixed an out-of-bound read in exif_process_IFD_in_MAKERNOTE, which could be exploited by an attacker via crafted JPG files, and could result in an application crash. (bsc#1103659) - CVE-2017-9120: Fixed an buffer overflow in mysqli_real_escape_string, which could be exploited via along string and could result in an application crash or have other unspecified impacts. (bsc#1103661) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2019-01-02
    plugin id120078
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120078
    titleSUSE SLES12 Security Update : php7 (SUSE-SU-2018:2333-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2681-1.NASL
    descriptionThis update for php53 fixes the following issues : The following security issues were fixed : CVE-2018-14851: Fixed an out-of-bound read in exif_process_IFD_in_MAKERNOTE, which could be exploited by an attacker via crafted JPG files, and could result in an application crash. (bsc#1103659) CVE-2018-14883: Fixed an integer overflow leading to a heap-based buffer over-read in exif_thumbnail_extract of exif.c. (bsc#1103836) CVE-2017-9118: Fixed an out of bounds access in php_pcre_replace_impl via a crafted preg_replace call (bsc#1105466) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id117449
    published2018-09-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117449
    titleSUSE SLES11 Security Update : php53 (SUSE-SU-2018:2681-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1490.NASL
    descriptionTwo vulnerabilities have been discovered in php5, a server-side, HTML-embedded scripting language. One (CVE-2018-14851) results in a potential denial of service (out-of-bounds read and application crash) via a crafted JPEG file. The other (CVE-2018-14883) is an Integer Overflow that leads to a heap-based buffer over-read. Additionally, a previously introduced patch for CVE-2017-7272 was found to negatively affect existing PHP applications (#890266). As a result of the negative effects and the fact that the security team has marked the CVE in question as
    last seen2020-06-01
    modified2020-06-02
    plugin id112229
    published2018-09-04
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112229
    titleDebian DLA-1490-1 : php5 security update
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2018-1067.NASL
    descriptionexif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.(CVE-2018-14851) exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function.(CVE-2018-12882) An issue was discovered in PHP 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.(CVE-2018-14883)
    last seen2020-06-01
    modified2020-06-02
    plugin id112094
    published2018-08-24
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112094
    titleAmazon Linux AMI : php72 (ALAS-2018-1067)
  • NASL familyCGI abuses
    NASL idPHP_7_0_31.NASL
    descriptionAccording to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.31. It is, therefore, affected by a Use-After-Free Arbitrary Code Execution Vulnerability.
    last seen2020-06-01
    modified2020-06-02
    plugin id111215
    published2018-07-20
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111215
    titlePHP 7.0.x < 7.0.31 Use After Free Arbitrary Code Execution in EXIF
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3766-1.NASL
    descriptionIt was discovered that PHP incorrectly handled restarting certain child processes when php-fpm is used. A remote attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 18.04 LTS. (CVE-2015-9253) It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2018-14851, CVE-2018-14883). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id117539
    published2018-09-18
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117539
    titleUbuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : php5, php7.0, php7.2 vulnerabilities (USN-3766-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2337-1.NASL
    descriptionThis update for php7 fixes the following issues: The following security vulnerabilities were fixed : - CVE-2018-14851: Fixed an out-of-bound read in exif_process_IFD_in_MAKERNOTE, which could be exploited by an attacker via crafted JPG files, and could result in an application crash. (bsc#1103659) - CVE-2017-9120: Fixed an buffer overflow in mysqli_real_escape_string, which could be exploited via along string and could result in an application crash or have other unspecified impacts. (bsc#1103661) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2019-01-02
    plugin id120079
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120079
    titleSUSE SLES15 Security Update : php7 (SUSE-SU-2018:2337-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2438.NASL
    descriptionAccording to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.(CVE-2019-11043) - The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP.(CVE-2017-12933) - ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call.(CVE-2016-7124) - The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi )abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.(CVE-2015-8382) - An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.(CVE-2018-5712) - exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.(CVE-2018-14851) - The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.(CVE-2016-7480) - ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.(CVE-2016-7411) - The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table.(CVE-2015-8879) - In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension
    last seen2020-05-08
    modified2019-12-04
    plugin id131592
    published2019-12-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131592
    titleEulerOS 2.0 SP2 : php (EulerOS-SA-2019-2438)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1984.NASL
    descriptionAccording to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp component, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a locale_get_display_name call with a long first argument.(CVE-2014-9912) - Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation.(CVE-2015-4116) - A flaw was found in the way the way PHP
    last seen2020-05-08
    modified2019-09-24
    plugin id129178
    published2019-09-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129178
    titleEulerOS 2.0 SP5 : php (EulerOS-SA-2019-1984)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-619.NASL
    descriptionThis update for php7 fixes the following issues: The following security vulnerabilities were fixed : - CVE-2018-14851: Fixed an out-of-bound read in exif_process_IFD_in_MAKERNOTE, which could be exploited by an attacker via crafted JPG files, and could result in an application crash. (bsc#1103659) - CVE-2017-9120: Fixed an buffer overflow in mysqli_real_escape_string, which could be exploited via along string and could result in an application crash or have other unspecified impacts. (bsc#1103661) This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-05-31
    modified2019-03-27
    plugin id123270
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123270
    titleopenSUSE Security Update : php7 (openSUSE-2019-619)

Redhat

advisories
rhsa
idRHSA-2019:2519
rpms
  • rh-php71-php-0:7.1.30-1.el7
  • rh-php71-php-bcmath-0:7.1.30-1.el7
  • rh-php71-php-cli-0:7.1.30-1.el7
  • rh-php71-php-common-0:7.1.30-1.el7
  • rh-php71-php-dba-0:7.1.30-1.el7
  • rh-php71-php-dbg-0:7.1.30-1.el7
  • rh-php71-php-debuginfo-0:7.1.30-1.el7
  • rh-php71-php-devel-0:7.1.30-1.el7
  • rh-php71-php-embedded-0:7.1.30-1.el7
  • rh-php71-php-enchant-0:7.1.30-1.el7
  • rh-php71-php-fpm-0:7.1.30-1.el7
  • rh-php71-php-gd-0:7.1.30-1.el7
  • rh-php71-php-gmp-0:7.1.30-1.el7
  • rh-php71-php-intl-0:7.1.30-1.el7
  • rh-php71-php-json-0:7.1.30-1.el7
  • rh-php71-php-ldap-0:7.1.30-1.el7
  • rh-php71-php-mbstring-0:7.1.30-1.el7
  • rh-php71-php-mysqlnd-0:7.1.30-1.el7
  • rh-php71-php-odbc-0:7.1.30-1.el7
  • rh-php71-php-opcache-0:7.1.30-1.el7
  • rh-php71-php-pdo-0:7.1.30-1.el7
  • rh-php71-php-pgsql-0:7.1.30-1.el7
  • rh-php71-php-process-0:7.1.30-1.el7
  • rh-php71-php-pspell-0:7.1.30-1.el7
  • rh-php71-php-recode-0:7.1.30-1.el7
  • rh-php71-php-snmp-0:7.1.30-1.el7
  • rh-php71-php-soap-0:7.1.30-1.el7
  • rh-php71-php-xml-0:7.1.30-1.el7
  • rh-php71-php-xmlrpc-0:7.1.30-1.el7
  • rh-php71-php-zip-0:7.1.30-1.el7