6.8 - RHSA-2014:1327

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	php security update

Informations
Name	RHSA-2014:1327	First vendor Publication	2014-09-30
Vendor	RedHat	Last vendor Modification	2014-09-30
Severity (Vendor)	Moderate	Revision	01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score	6.8	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP's fileinfo module provides functions used to identify a particular file according to the type of data contained by the file.

A buffer overflow flaw was found in the way the File Information (fileinfo) extension processed certain Pascal strings. A remote attacker able to make a PHP application using fileinfo convert a specially crafted Pascal string provided by an image file could cause that application to crash. (CVE-2014-3478)

Multiple flaws were found in the File Information (fileinfo) extension regular expression rules for detecting various files. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to consume an excessive amount of CPU. (CVE-2014-3538)

It was found that the fix for CVE-2012-1571 was incomplete; the File Information (fileinfo) extension did not correctly parse certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. (CVE-2014-3587)

It was found that PHP's gd extension did not properly handle file names with a null character. A remote attacker could possibly use this flaw to make a PHP application access unexpected files and bypass intended file system access restrictions. (CVE-2014-5120)

A NULL pointer dereference flaw was found in the gdImageCreateFromXpm() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application using gd via a specially crafted X PixMap (XPM) file. (CVE-2014-2497)

Multiple buffer over-read flaws were found in the php_parserr() function of PHP. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dns_get_record() function to perform a DNS query. (CVE-2014-3597)

Two use-after-free flaws were found in the way PHP handled certain Standard PHP Library (SPL) Iterators and ArrayIterators. A malicious script author could possibly use either of these flaws to disclose certain portions of server memory. (CVE-2014-4670, CVE-2014-4698)

The CVE-2014-3478 issue was discovered by Francisco Alonso of Red Hat Product Security, the CVE-2014-3538 issue was discovered by Jan KaluÅ¾a of the Red Hat Web Stack Team, and the CVE-2014-3597 issue was discovered by David KutÃ¡lek of the Red Hat BaseOS QE.

All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1076676 - CVE-2014-2497 gd: NULL pointer dereference in gdImageCreateFromXpm() 1098222 - CVE-2014-3538 file: unrestricted regular expression matching 1104863 - CVE-2014-3478 file: mconvert incorrect handling of truncated pascal string size 1120259 - CVE-2014-4698 php: ArrayIterator use-after-free due to object change during sorting 1120266 - CVE-2014-4670 php: SPL Iterators use-after-free 1128587 - CVE-2014-3587 file: incomplete fix for CVE-2012-1571 in cdf_read_property_info 1132589 - CVE-2014-3597 php: multiple buffer over-reads in php_parserr 1132793 - CVE-2014-5120 php: gd extension NUL byte injection in file names

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2014-1327.html

CWE : Common Weakness Enumeration

%	Id	Name
43 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer
14 %	CWE-476	NULL Pointer Dereference
14 %	CWE-399	Resource Management Errors
14 %	CWE-189	Numeric Errors (CWE/SANS Top 25)
14 %	CWE-20	Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:15392

Oval ID:	oval:org.mitre.oval:def:15392
Title:	DSA-2422-1 file -- missing bounds checks
Description:	The file type identification tool, file, and its associated library, libmagic, do not properly process malformed files in the Composite Document File format, leading to crashes. Note that after this update, file may return different detection results for CDF files. The new detections are believed to be more accurate.
Family:	unix	Class:	patch
Reference(s):	DSA-2422-1 CVE-2012-1571	Version:	5
Platform(s):	Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0	Product(s):	file
Definition Synopsis:
Debian 6.0 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND Installed architecture is all AND file DPKG is earlier than 5.04-5+squeeze1

Definition Id: oval:org.mitre.oval:def:25274

Oval ID:	oval:org.mitre.oval:def:25274
Title:	USN-2278-1 -- file vulnerabilities
Description:	File could be made to crash or hang if it processed specially crafted data.
Family:	unix	Class:	patch
Reference(s):	USN-2278-1 CVE-2013-7345 CVE-2014-0207 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3538	Version:	3
Platform(s):	Ubuntu 14.04 Ubuntu 13.10 Ubuntu 12.04 Ubuntu 10.04	Product(s):	file
Definition Synopsis:
Ubuntu 14.04 release section Ubuntu 14.04 is installed Packages match section file DPKG is earlier than 1:5.14-2ubuntu3.1 AND libmagic1 DPKG is earlier than 1:5.14-2ubuntu3.1 AND Ubuntu 13.10 release section Ubuntu 13.10 is installed Packages match section file DPKG is earlier than 0:5.11-2ubuntu4.3 AND libmagic1 DPKG is earlier than 0:5.11-2ubuntu4.3 AND Ubuntu 12.04 release section Ubuntu 12.04 is installed Packages match section file DPKG is earlier than 0:5.09-2ubuntu0.4 AND libmagic1 DPKG is earlier than 0:5.09-2ubuntu0.4 AND Ubuntu 10.04 release section Ubuntu 10.04 is installed Packages match section file DPKG is earlier than 0:5.03-5ubuntu1.3 AND libmagic1 DPKG is earlier than 0:5.03-5ubuntu1.3

Definition Id: oval:org.mitre.oval:def:25839

Oval ID:	oval:org.mitre.oval:def:25839
Title:	SUSE-SU-2014:0868-1 -- Security update for PHP5
Description:	PHP5 has been updated to fix two security vulnerabilities.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:0868-1 CVE-2014-4049 CVE-2014-2497	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11	Product(s):	PHP5
Definition Synopsis:
SUSE Linux Enterprise Server 11.x is installed Packages match section apache2-mod_php5 RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5 RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-bcmath RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-bz2 RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-calendar RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-ctype RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-curl RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-dba RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-dbase RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-dom RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-exif RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-fastcgi RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-ftp RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-gd RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-gettext RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-gmp RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-hash RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-iconv RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-json RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-ldap RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-mbstring RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-mcrypt RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-mysql RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-odbc RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-openssl RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-pcntl RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-pdo RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-pear RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-pgsql RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-pspell RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-shmop RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-snmp RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-soap RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-suhosin RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-sysvmsg RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-sysvsem RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-sysvshm RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-tokenizer RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-wddx RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-xmlreader RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-xmlrpc RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-xmlwriter RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-xsl RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-zip RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-zlib RPM is earlier than 0:5.2.14-0.7.30.54.1

Definition Id: oval:org.mitre.oval:def:26303

Oval ID:	oval:org.mitre.oval:def:26303
Title:	SUSE-SU-2014:0873-2 -- Security update for PHP5
Description:	PHP5 has been updated to fix four security vulnerabilities.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:0873-2 CVE-2014-4049 CVE-2013-6420 CVE-2013-4248 CVE-2014-2497	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11	Product(s):	PHP5
Definition Synopsis:
SUSE Linux Enterprise Server 11.x is installed Packages match section apache2-mod_php5 RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5 RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-bcmath RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-bz2 RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-calendar RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-ctype RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-curl RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-dba RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-dbase RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-dom RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-exif RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-fastcgi RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-ftp RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-gd RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-gettext RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-gmp RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-hash RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-iconv RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-json RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-ldap RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-mbstring RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-mcrypt RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-mysql RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-odbc RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-openssl RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-pcntl RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-pdo RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-pear RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-pgsql RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-pspell RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-shmop RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-snmp RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-soap RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-suhosin RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-sysvmsg RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-sysvsem RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-sysvshm RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-tokenizer RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-wddx RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-xmlreader RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-xmlrpc RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-xmlwriter RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-xsl RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-zip RPM is earlier than 0:5.2.14-0.7.30.54.1 AND php5-zlib RPM is earlier than 0:5.2.14-0.7.30.54.1

Definition Id: oval:org.mitre.oval:def:26348

Oval ID:	oval:org.mitre.oval:def:26348
Title:	SUSE-SU-2014:0869-1 -- Security update for php53
Description:	hp53 was updated to fix the following security vulnerabilities.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:0869-1 CVE-2014-4049 CVE-2014-0238 CVE-2014-0237 CVE-2014-2497	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11	Product(s):	php53
Definition Synopsis:
SUSE Linux Enterprise Server 11.x is installed Packages match section apache2-mod_php53 RPM is earlier than 0:5.3.17-0.23.5 AND php53 RPM is earlier than 0:5.3.17-0.23.5 AND php53-bcmath RPM is earlier than 0:5.3.17-0.23.5 AND php53-bz2 RPM is earlier than 0:5.3.17-0.23.5 AND php53-calendar RPM is earlier than 0:5.3.17-0.23.5 AND php53-ctype RPM is earlier than 0:5.3.17-0.23.5 AND php53-curl RPM is earlier than 0:5.3.17-0.23.5 AND php53-dba RPM is earlier than 0:5.3.17-0.23.5 AND php53-dom RPM is earlier than 0:5.3.17-0.23.5 AND php53-exif RPM is earlier than 0:5.3.17-0.23.5 AND php53-fastcgi RPM is earlier than 0:5.3.17-0.23.5 AND php53-fileinfo RPM is earlier than 0:5.3.17-0.23.5 AND php53-ftp RPM is earlier than 0:5.3.17-0.23.5 AND php53-gd RPM is earlier than 0:5.3.17-0.23.5 AND php53-gettext RPM is earlier than 0:5.3.17-0.23.5 AND php53-gmp RPM is earlier than 0:5.3.17-0.23.5 AND php53-iconv RPM is earlier than 0:5.3.17-0.23.5 AND php53-intl RPM is earlier than 0:5.3.17-0.23.5 AND php53-json RPM is earlier than 0:5.3.17-0.23.5 AND php53-ldap RPM is earlier than 0:5.3.17-0.23.5 AND php53-mbstring RPM is earlier than 0:5.3.17-0.23.5 AND php53-mcrypt RPM is earlier than 0:5.3.17-0.23.5 AND php53-mysql RPM is earlier than 0:5.3.17-0.23.5 AND php53-odbc RPM is earlier than 0:5.3.17-0.23.5 AND php53-openssl RPM is earlier than 0:5.3.17-0.23.5 AND php53-pcntl RPM is earlier than 0:5.3.17-0.23.5 AND php53-pdo RPM is earlier than 0:5.3.17-0.23.5 AND php53-pear RPM is earlier than 0:5.3.17-0.23.5 AND php53-pgsql RPM is earlier than 0:5.3.17-0.23.5 AND php53-pspell RPM is earlier than 0:5.3.17-0.23.5 AND php53-shmop RPM is earlier than 0:5.3.17-0.23.5 AND php53-snmp RPM is earlier than 0:5.3.17-0.23.5 AND php53-soap RPM is earlier than 0:5.3.17-0.23.5 AND php53-suhosin RPM is earlier than 0:5.3.17-0.23.5 AND php53-sysvmsg RPM is earlier than 0:5.3.17-0.23.5 AND php53-sysvsem RPM is earlier than 0:5.3.17-0.23.5 AND php53-sysvshm RPM is earlier than 0:5.3.17-0.23.5 AND php53-tokenizer RPM is earlier than 0:5.3.17-0.23.5 AND php53-wddx RPM is earlier than 0:5.3.17-0.23.5 AND php53-xmlreader RPM is earlier than 0:5.3.17-0.23.5 AND php53-xmlrpc RPM is earlier than 0:5.3.17-0.23.5 AND php53-xmlwriter RPM is earlier than 0:5.3.17-0.23.5 AND php53-xsl RPM is earlier than 0:5.3.17-0.23.5 AND php53-zip RPM is earlier than 0:5.3.17-0.23.5 AND php53-zlib RPM is earlier than 0:5.3.17-0.23.5 AND apache2-mod_php53 RPM is earlier than 0:5.3.8-0.45.1 AND php53 RPM is earlier than 0:5.3.8-0.45.1 AND php53-bcmath RPM is earlier than 0:5.3.8-0.45.1 AND php53-bz2 RPM is earlier than 0:5.3.8-0.45.1 AND php53-calendar RPM is earlier than 0:5.3.8-0.45.1 AND php53-ctype RPM is earlier than 0:5.3.8-0.45.1 AND php53-curl RPM is earlier than 0:5.3.8-0.45.1 AND php53-dba RPM is earlier than 0:5.3.8-0.45.1 AND php53-dom RPM is earlier than 0:5.3.8-0.45.1 AND php53-exif RPM is earlier than 0:5.3.8-0.45.1 AND php53-fastcgi RPM is earlier than 0:5.3.8-0.45.1 AND php53-fileinfo RPM is earlier than 0:5.3.8-0.45.1 AND php53-ftp RPM is earlier than 0:5.3.8-0.45.1 AND php53-gd RPM is earlier than 0:5.3.8-0.45.1 AND php53-gettext RPM is earlier than 0:5.3.8-0.45.1 AND php53-gmp RPM is earlier than 0:5.3.8-0.45.1 AND php53-iconv RPM is earlier than 0:5.3.8-0.45.1 AND php53-intl RPM is earlier than 0:5.3.8-0.45.1 AND php53-json RPM is earlier than 0:5.3.8-0.45.1 AND php53-ldap RPM is earlier than 0:5.3.8-0.45.1 AND php53-mbstring RPM is earlier than 0:5.3.8-0.45.1 AND php53-mcrypt RPM is earlier than 0:5.3.8-0.45.1 AND php53-mysql RPM is earlier than 0:5.3.8-0.45.1 AND php53-odbc RPM is earlier than 0:5.3.8-0.45.1 AND php53-openssl RPM is earlier than 0:5.3.8-0.45.1 AND php53-pcntl RPM is earlier than 0:5.3.8-0.45.1 AND php53-pdo RPM is earlier than 0:5.3.8-0.45.1 AND php53-pear RPM is earlier than 0:5.3.8-0.45.1 AND php53-pgsql RPM is earlier than 0:5.3.8-0.45.1 AND php53-pspell RPM is earlier than 0:5.3.8-0.45.1 AND php53-shmop RPM is earlier than 0:5.3.8-0.45.1 AND php53-snmp RPM is earlier than 0:5.3.8-0.45.1 AND php53-soap RPM is earlier than 0:5.3.8-0.45.1 AND php53-suhosin RPM is earlier than 0:5.3.8-0.45.1 AND php53-sysvmsg RPM is earlier than 0:5.3.8-0.45.1 AND php53-sysvsem RPM is earlier than 0:5.3.8-0.45.1 AND php53-sysvshm RPM is earlier than 0:5.3.8-0.45.1 AND php53-tokenizer RPM is earlier than 0:5.3.8-0.45.1 AND php53-wddx RPM is earlier than 0:5.3.8-0.45.1 AND php53-xmlreader RPM is earlier than 0:5.3.8-0.45.1 AND php53-xmlrpc RPM is earlier than 0:5.3.8-0.45.1 AND php53-xmlwriter RPM is earlier than 0:5.3.8-0.45.1 AND php53-xsl RPM is earlier than 0:5.3.8-0.45.1 AND php53-zip RPM is earlier than 0:5.3.8-0.45.1 AND php53-zlib RPM is earlier than 0:5.3.8-0.45.1

Definition Id: oval:org.mitre.oval:def:26455

Oval ID:	oval:org.mitre.oval:def:26455
Title:	DSA-3021-1 file - security update
Description:	Multiple security issues have been found in file, a tool to determine a file type. These vulnerabilities allow remote attackers to cause a denial of service, via resource consumption or application crash.
Family:	unix	Class:	patch
Reference(s):	DSA-3021-1 CVE-2014-0207 CVE-2014-0237 CVE-2014-0238 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3538 CVE-2014-3587	Version:	3
Platform(s):	Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0	Product(s):	file
Definition Synopsis:
Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND file DPKG is earlier than 0:5.11-2+deb7u4

Definition Id: oval:org.mitre.oval:def:26755

Oval ID:	oval:org.mitre.oval:def:26755
Title:	USN-2344-1 -- php5 vulnerabilities
Description:	php5 could be made to crash or run programs if it received specially crafted network traffic.
Family:	unix	Class:	patch
Reference(s):	USN-2344-1 CVE-2014-3587 CVE-2014-3597	Version:	3
Platform(s):	Ubuntu 14.04 Ubuntu 12.04 Ubuntu 10.04	Product(s):	php5
Definition Synopsis:
Ubuntu 14.04 release section Ubuntu 14.04 is installed Packages match section libapache2-mod-php5 DPKG is earlier than 0:5.5.9+dfsg-1ubuntu4.4 AND php5 DPKG is earlier than 0:5.5.9+dfsg-1ubuntu4.4 AND php5-cgi DPKG is earlier than 0:5.5.9+dfsg-1ubuntu4.4 AND php5-fpm DPKG is earlier than 0:5.5.9+dfsg-1ubuntu4.4 AND Ubuntu 12.04 release section Ubuntu 12.04 is installed Packages match section libapache2-mod-php5 DPKG is earlier than 0:5.3.10-1ubuntu3.14 AND php5 DPKG is earlier than 0:5.3.10-1ubuntu3.14 AND php5-cgi DPKG is earlier than 0:5.3.10-1ubuntu3.14 AND php5-fpm DPKG is earlier than 0:5.3.10-1ubuntu3.14 AND Ubuntu 10.04 release section Ubuntu 10.04 is installed Packages match section libapache2-mod-php5 DPKG is earlier than 0:5.3.2-1ubuntu4.27 AND php5 DPKG is earlier than 0:5.3.2-1ubuntu4.27 AND php5-cgi DPKG is earlier than 0:5.3.2-1ubuntu4.27

Definition Id: oval:org.mitre.oval:def:26896

Oval ID:	oval:org.mitre.oval:def:26896
Title:	SUSE-SU-2014:1141-1 -- Security update for php53
Description:	This php53 update fixes the following security issues: * Insecure temporary file used for cache data was fixed by switching to a different root only directory /var/cache/php-pear. (CVE-2014-5459) * An incomplete fix for CVE-2014-4049. (CVE-2014-3597) Security Issues: * CVE-2014-5459 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5459> * CVE-2014-4049 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049>
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1141-1 CVE-2014-5459 CVE-2014-4049 CVE-2014-3597	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11	Product(s):	php53
Definition Synopsis:
SUSE Linux Enterprise Server 11.x is installed Packages match section apache2-mod_php53 RPM is earlier than 0:5.3.17-0.29.1 AND php53 RPM is earlier than 0:5.3.17-0.29.1 AND php53-bcmath RPM is earlier than 0:5.3.17-0.29.1 AND php53-bz2 RPM is earlier than 0:5.3.17-0.29.1 AND php53-calendar RPM is earlier than 0:5.3.17-0.29.1 AND php53-ctype RPM is earlier than 0:5.3.17-0.29.1 AND php53-curl RPM is earlier than 0:5.3.17-0.29.1 AND php53-dba RPM is earlier than 0:5.3.17-0.29.1 AND php53-dom RPM is earlier than 0:5.3.17-0.29.1 AND php53-exif RPM is earlier than 0:5.3.17-0.29.1 AND php53-fastcgi RPM is earlier than 0:5.3.17-0.29.1 AND php53-fileinfo RPM is earlier than 0:5.3.17-0.29.1 AND php53-ftp RPM is earlier than 0:5.3.17-0.29.1 AND php53-gd RPM is earlier than 0:5.3.17-0.29.1 AND php53-gettext RPM is earlier than 0:5.3.17-0.29.1 AND php53-gmp RPM is earlier than 0:5.3.17-0.29.1 AND php53-iconv RPM is earlier than 0:5.3.17-0.29.1 AND php53-intl RPM is earlier than 0:5.3.17-0.29.1 AND php53-json RPM is earlier than 0:5.3.17-0.29.1 AND php53-ldap RPM is earlier than 0:5.3.17-0.29.1 AND php53-mbstring RPM is earlier than 0:5.3.17-0.29.1 AND php53-mcrypt RPM is earlier than 0:5.3.17-0.29.1 AND php53-mysql RPM is earlier than 0:5.3.17-0.29.1 AND php53-odbc RPM is earlier than 0:5.3.17-0.29.1 AND php53-openssl RPM is earlier than 0:5.3.17-0.29.1 AND php53-pcntl RPM is earlier than 0:5.3.17-0.29.1 AND php53-pdo RPM is earlier than 0:5.3.17-0.29.1 AND php53-pear RPM is earlier than 0:5.3.17-0.29.1 AND php53-pgsql RPM is earlier than 0:5.3.17-0.29.1 AND php53-pspell RPM is earlier than 0:5.3.17-0.29.1 AND php53-shmop RPM is earlier than 0:5.3.17-0.29.1 AND php53-snmp RPM is earlier than 0:5.3.17-0.29.1 AND php53-soap RPM is earlier than 0:5.3.17-0.29.1 AND php53-suhosin RPM is earlier than 0:5.3.17-0.29.1 AND php53-sysvmsg RPM is earlier than 0:5.3.17-0.29.1 AND php53-sysvsem RPM is earlier than 0:5.3.17-0.29.1 AND php53-sysvshm RPM is earlier than 0:5.3.17-0.29.1 AND php53-tokenizer RPM is earlier than 0:5.3.17-0.29.1 AND php53-wddx RPM is earlier than 0:5.3.17-0.29.1 AND php53-xmlreader RPM is earlier than 0:5.3.17-0.29.1 AND php53-xmlrpc RPM is earlier than 0:5.3.17-0.29.1 AND php53-xmlwriter RPM is earlier than 0:5.3.17-0.29.1 AND php53-xsl RPM is earlier than 0:5.3.17-0.29.1 AND php53-zip RPM is earlier than 0:5.3.17-0.29.1 AND php53-zlib RPM is earlier than 0:5.3.17-0.29.1

Definition Id: oval:org.mitre.oval:def:27096

Oval ID:	oval:org.mitre.oval:def:27096
Title:	USN-2369-1 -- file vulnerability
Description:	file could be made to crash or run programs as your login if it opened a specially crafted file.
Family:	unix	Class:	patch
Reference(s):	USN-2369-1 CVE-2014-3587	Version:	3
Platform(s):	Ubuntu 14.04 Ubuntu 12.04 Ubuntu 10.04	Product(s):	file
Definition Synopsis:
Ubuntu 14.04 release section Ubuntu 14.04 is installed AND file DPKG is earlier than 1:5.14-2ubuntu3.2 AND Ubuntu 12.04 release section Ubuntu 12.04 is installed AND file DPKG is earlier than 0:5.09-2ubuntu0.5 AND Ubuntu 10.04 release section Ubuntu 10.04 is installed AND file DPKG is earlier than 0:5.03-5ubuntu1.4

Definition Id: oval:org.mitre.oval:def:27171

Oval ID:	oval:org.mitre.oval:def:27171
Title:	RHSA-2014:1326: php53 and php security update (Moderate)
Description:	PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP's fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. It was found that the fix for CVE-2012-1571 was incomplete; the File Information (fileinfo) extension did not correctly parse certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. (CVE-2014-3587) A NULL pointer dereference flaw was found in the gdImageCreateFromXpm() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application using gd via a specially crafted X PixMap (XPM) file. (CVE-2014-2497) Multiple buffer over-read flaws were found in the php_parserr() function of PHP. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dns_get_record() function to perform a DNS query. (CVE-2014-3597) Two use-after-free flaws were found in the way PHP handled certain Standard PHP Library (SPL) Iterators and ArrayIterators. A malicious script author could possibly use either of these flaws to disclose certain portions of server memory. (CVE-2014-4670, CVE-2014-4698) The CVE-2014-3597 issue was discovered by David KutГЎlek of the Red Hat BaseOS QE. All php53 and php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1326-00 CESA-2014:1326 CVE-2014-2497 CVE-2014-3587 CVE-2014-3597 CVE-2014-4670 CVE-2014-4698	Version:	3
Platform(s):	Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5 CentOS Linux 6	Product(s):	php53 php
Definition Synopsis:
Operation system section Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x Packages section php is earlier than 0:5.3.3-27.el6_5.2 AND php-bcmath is earlier than 0:5.3.3-27.el6_5.2 AND php-cli is earlier than 0:5.3.3-27.el6_5.2 AND php-common is earlier than 0:5.3.3-27.el6_5.2 AND php-dba is earlier than 0:5.3.3-27.el6_5.2 AND php-devel is earlier than 0:5.3.3-27.el6_5.2 AND php-embedded is earlier than 0:5.3.3-27.el6_5.2 AND php-enchant is earlier than 0:5.3.3-27.el6_5.2 AND php-fpm is earlier than 0:5.3.3-27.el6_5.2 AND php-gd is earlier than 0:5.3.3-27.el6_5.2 AND php-imap is earlier than 0:5.3.3-27.el6_5.2 AND php-intl is earlier than 0:5.3.3-27.el6_5.2 AND php-ldap is earlier than 0:5.3.3-27.el6_5.2 AND php-mbstring is earlier than 0:5.3.3-27.el6_5.2 AND php-mysql is earlier than 0:5.3.3-27.el6_5.2 AND php-odbc is earlier than 0:5.3.3-27.el6_5.2 AND php-pdo is earlier than 0:5.3.3-27.el6_5.2 AND php-pgsql is earlier than 0:5.3.3-27.el6_5.2 AND php-process is earlier than 0:5.3.3-27.el6_5.2 AND php-pspell is earlier than 0:5.3.3-27.el6_5.2 AND php-recode is earlier than 0:5.3.3-27.el6_5.2 AND php-snmp is earlier than 0:5.3.3-27.el6_5.2 AND php-soap is earlier than 0:5.3.3-27.el6_5.2 AND php-tidy is earlier than 0:5.3.3-27.el6_5.2 AND php-xml is earlier than 0:5.3.3-27.el6_5.2 AND php-xmlrpc is earlier than 0:5.3.3-27.el6_5.2 AND php-zts is earlier than 0:5.3.3-27.el6_5.2 AND Operation system section Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages section php53 is earlier than 0:5.3.3-24.el5 AND php53-bcmath is earlier than 0:5.3.3-24.el5 AND php53-cli is earlier than 0:5.3.3-24.el5 AND php53-common is earlier than 0:5.3.3-24.el5 AND php53-dba is earlier than 0:5.3.3-24.el5 AND php53-devel is earlier than 0:5.3.3-24.el5 AND php53-gd is earlier than 0:5.3.3-24.el5 AND php53-imap is earlier than 0:5.3.3-24.el5 AND php53-intl is earlier than 0:5.3.3-24.el5 AND php53-ldap is earlier than 0:5.3.3-24.el5 AND php53-mbstring is earlier than 0:5.3.3-24.el5 AND php53-mysql is earlier than 0:5.3.3-24.el5 AND php53-odbc is earlier than 0:5.3.3-24.el5 AND php53-pdo is earlier than 0:5.3.3-24.el5 AND php53-pgsql is earlier than 0:5.3.3-24.el5 AND php53-process is earlier than 0:5.3.3-24.el5 AND php53-pspell is earlier than 0:5.3.3-24.el5 AND php53-snmp is earlier than 0:5.3.3-24.el5 AND php53-soap is earlier than 0:5.3.3-24.el5 AND php53-xml is earlier than 0:5.3.3-24.el5 AND php53-xmlrpc is earlier than 0:5.3.3-24.el5

Definition Id: oval:org.mitre.oval:def:27173

Oval ID:	oval:org.mitre.oval:def:27173
Title:	ELSA-2014-1327 -- php security update (moderate)
Description:	[5.4.16-23.1] - gd: fix NULL pointer dereference in gdImageCreateFromXpm(). CVE-2014-2497 - gd: fix NUL byte injection in file names. CVE-2014-5120 - fileinfo: fix extensive backtracking in regular expression (incomplete fix for CVE-2013-7345). CVE-2014-3538 - fileinfo: fix mconvert incorrect handling of truncated pascal string size. CVE-2014-3478 - fileinfo: fix cdf_read_property_info (incomplete fix for CVE-2012-1571). CVE-2014-3587 - spl: fix use-after-free in ArrayIterator due to object change during sorting. CVE-2014-4698 - spl: fix use-after-free in SPL Iterators. CVE-2014-4670 - network: fix segfault in dns_get_record (incomplete fix for CVE-2014-4049). CVE-2014-3597
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-1327 CVE-2014-2497 CVE-2014-3478 CVE-2014-3538 CVE-2014-3587 CVE-2014-3597 CVE-2014-4670 CVE-2014-4698 CVE-2014-5120	Version:	3
Platform(s):	Oracle Linux 7	Product(s):	php
Definition Synopsis:
Oracle Linux 7.x Packages match section php is earlier than 0:5.4.16-23.el7_0.1 AND php-bcmath is earlier than 0:5.4.16-23.el7_0.1 AND php-cli is earlier than 0:5.4.16-23.el7_0.1 AND php-common is earlier than 0:5.4.16-23.el7_0.1 AND php-dba is earlier than 0:5.4.16-23.el7_0.1 AND php-devel is earlier than 0:5.4.16-23.el7_0.1 AND php-embedded is earlier than 0:5.4.16-23.el7_0.1 AND php-enchant is earlier than 0:5.4.16-23.el7_0.1 AND php-fpm is earlier than 0:5.4.16-23.el7_0.1 AND php-gd is earlier than 0:5.4.16-23.el7_0.1 AND php-intl is earlier than 0:5.4.16-23.el7_0.1 AND php-ldap is earlier than 0:5.4.16-23.el7_0.1 AND php-mbstring is earlier than 0:5.4.16-23.el7_0.1 AND php-mysql is earlier than 0:5.4.16-23.el7_0.1 AND php-mysqlnd is earlier than 0:5.4.16-23.el7_0.1 AND php-odbc is earlier than 0:5.4.16-23.el7_0.1 AND php-pdo is earlier than 0:5.4.16-23.el7_0.1 AND php-pgsql is earlier than 0:5.4.16-23.el7_0.1 AND php-process is earlier than 0:5.4.16-23.el7_0.1 AND php-pspell is earlier than 0:5.4.16-23.el7_0.1 AND php-recode is earlier than 0:5.4.16-23.el7_0.1 AND php-snmp is earlier than 0:5.4.16-23.el7_0.1 AND php-soap is earlier than 0:5.4.16-23.el7_0.1 AND php-xml is earlier than 0:5.4.16-23.el7_0.1 AND php-xmlrpc is earlier than 0:5.4.16-23.el7_0.1

Definition Id: oval:org.mitre.oval:def:27209

Oval ID:	oval:org.mitre.oval:def:27209
Title:	RHSA-2014:1327: php security update (Moderate)
Description:	PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP's fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. A buffer overflow flaw was found in the way the File Information (fileinfo) extension processed certain Pascal strings. A remote attacker able to make a PHP application using fileinfo convert a specially crafted Pascal string provided by an image file could cause that application to crash. (CVE-2014-3478) Multiple flaws were found in the File Information (fileinfo) extension regular expression rules for detecting various files. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to consume an excessive amount of CPU. (CVE-2014-3538) It was found that the fix for CVE-2012-1571 was incomplete; the File Information (fileinfo) extension did not correctly parse certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. (CVE-2014-3587) It was found that PHP's gd extension did not properly handle file names with a null character. A remote attacker could possibly use this flaw to make a PHP application access unexpected files and bypass intended file system access restrictions. (CVE-2014-5120) A NULL pointer dereference flaw was found in the gdImageCreateFromXpm() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application using gd via a specially crafted X PixMap (XPM) file. (CVE-2014-2497) Multiple buffer over-read flaws were found in the php_parserr() function of PHP. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dns_get_record() function to perform a DNS query. (CVE-2014-3597) Two use-after-free flaws were found in the way PHP handled certain Standard PHP Library (SPL) Iterators and ArrayIterators. A malicious script author could possibly use either of these flaws to disclose certain portions of server memory. (CVE-2014-4670, CVE-2014-4698) The CVE-2014-3478 issue was discovered by Francisco Alonso of Red Hat Product Security, the CVE-2014-3538 issue was discovered by Jan KaluЕѕa of the Red Hat Web Stack Team, and the CVE-2014-3597 issue was discovered by David KutГЎlek of the Red Hat BaseOS QE. All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1327-00 CESA-2014:1327 CVE-2014-2497 CVE-2014-3478 CVE-2014-3538 CVE-2014-3587 CVE-2014-3597 CVE-2014-4670 CVE-2014-4698 CVE-2014-5120	Version:	3
Platform(s):	Red Hat Enterprise Linux 7 CentOS Linux 7	Product(s):	php
Definition Synopsis:
Redhat 7 or Centos 7 release The operating system installed on the system is Red Hat Enterprise Linux 7 AND The operating system installed on the system is CentOS Linux 7.x Packages section php is earlier than 0:5.4.16-23.el7_0.1 AND php-bcmath is earlier than 0:5.4.16-23.el7_0.1 AND php-cli is earlier than 0:5.4.16-23.el7_0.1 AND php-common is earlier than 0:5.4.16-23.el7_0.1 AND php-dba is earlier than 0:5.4.16-23.el7_0.1 AND php-devel is earlier than 0:5.4.16-23.el7_0.1 AND php-embedded is earlier than 0:5.4.16-23.el7_0.1 AND php-enchant is earlier than 0:5.4.16-23.el7_0.1 AND php-fpm is earlier than 0:5.4.16-23.el7_0.1 AND php-gd is earlier than 0:5.4.16-23.el7_0.1 AND php-intl is earlier than 0:5.4.16-23.el7_0.1 AND php-ldap is earlier than 0:5.4.16-23.el7_0.1 AND php-mbstring is earlier than 0:5.4.16-23.el7_0.1 AND php-mysql is earlier than 0:5.4.16-23.el7_0.1 AND php-mysqlnd is earlier than 0:5.4.16-23.el7_0.1 AND php-odbc is earlier than 0:5.4.16-23.el7_0.1 AND php-pdo is earlier than 0:5.4.16-23.el7_0.1 AND php-pgsql is earlier than 0:5.4.16-23.el7_0.1 AND php-process is earlier than 0:5.4.16-23.el7_0.1 AND php-pspell is earlier than 0:5.4.16-23.el7_0.1 AND php-recode is earlier than 0:5.4.16-23.el7_0.1 AND php-snmp is earlier than 0:5.4.16-23.el7_0.1 AND php-soap is earlier than 0:5.4.16-23.el7_0.1 AND php-xml is earlier than 0:5.4.16-23.el7_0.1 AND php-xmlrpc is earlier than 0:5.4.16-23.el7_0.1

Definition Id: oval:org.mitre.oval:def:27280

Oval ID:	oval:org.mitre.oval:def:27280
Title:	ELSA-2014-1326 -- php53 and php security update (moderate)
Description:	[5.3.3-27.2] - spl: fix use-after-free in ArrayIterator due to object change during sorting. CVE-2014-4698 - spl: fix use-after-free in SPL Iterators. CVE-2014-4670 - gd: fix NULL pointer dereference in gdImageCreateFromXpm. CVE-2014-2497 - fileinfo: fix incomplete fix for CVE-2012-1571 in cdf_read_property_info. CVE-2014-3587 - core: fix incomplete fix for CVE-2014-4049 DNS TXT record parsing. CVE-2014-3597
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-1326 CVE-2014-2497 CVE-2014-3587 CVE-2014-3597 CVE-2014-4670 CVE-2014-4698	Version:	3
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	php53 php
Definition Synopsis:
Oracle Linux 5 release section Oracle Linux 5.x Packages match section php53 is earlier than 0:5.3.3-24.el5 AND php53-bcmath is earlier than 0:5.3.3-24.el5 AND php53-cli is earlier than 0:5.3.3-24.el5 AND php53-common is earlier than 0:5.3.3-24.el5 AND php53-dba is earlier than 0:5.3.3-24.el5 AND php53-devel is earlier than 0:5.3.3-24.el5 AND php53-gd is earlier than 0:5.3.3-24.el5 AND php53-imap is earlier than 0:5.3.3-24.el5 AND php53-intl is earlier than 0:5.3.3-24.el5 AND php53-ldap is earlier than 0:5.3.3-24.el5 AND php53-mbstring is earlier than 0:5.3.3-24.el5 AND php53-mysql is earlier than 0:5.3.3-24.el5 AND php53-odbc is earlier than 0:5.3.3-24.el5 AND php53-pdo is earlier than 0:5.3.3-24.el5 AND php53-pgsql is earlier than 0:5.3.3-24.el5 AND php53-process is earlier than 0:5.3.3-24.el5 AND php53-pspell is earlier than 0:5.3.3-24.el5 AND php53-snmp is earlier than 0:5.3.3-24.el5 AND php53-soap is earlier than 0:5.3.3-24.el5 AND php53-xml is earlier than 0:5.3.3-24.el5 AND php53-xmlrpc is earlier than 0:5.3.3-24.el5 AND Oracle Linux 6 release section Oracle Linux 6.x Packages match section php is earlier than 0:5.3.3-27.el6_5.2 AND php-bcmath is earlier than 0:5.3.3-27.el6_5.2 AND php-cli is earlier than 0:5.3.3-27.el6_5.2 AND php-common is earlier than 0:5.3.3-27.el6_5.2 AND php-dba is earlier than 0:5.3.3-27.el6_5.2 AND php-devel is earlier than 0:5.3.3-27.el6_5.2 AND php-embedded is earlier than 0:5.3.3-27.el6_5.2 AND php-enchant is earlier than 0:5.3.3-27.el6_5.2 AND php-fpm is earlier than 0:5.3.3-27.el6_5.2 AND php-gd is earlier than 0:5.3.3-27.el6_5.2 AND php-imap is earlier than 0:5.3.3-27.el6_5.2 AND php-intl is earlier than 0:5.3.3-27.el6_5.2 AND php-ldap is earlier than 0:5.3.3-27.el6_5.2 AND php-mbstring is earlier than 0:5.3.3-27.el6_5.2 AND php-mysql is earlier than 0:5.3.3-27.el6_5.2 AND php-odbc is earlier than 0:5.3.3-27.el6_5.2 AND php-pdo is earlier than 0:5.3.3-27.el6_5.2 AND php-pgsql is earlier than 0:5.3.3-27.el6_5.2 AND php-process is earlier than 0:5.3.3-27.el6_5.2 AND php-pspell is earlier than 0:5.3.3-27.el6_5.2 AND php-recode is earlier than 0:5.3.3-27.el6_5.2 AND php-snmp is earlier than 0:5.3.3-27.el6_5.2 AND php-soap is earlier than 0:5.3.3-27.el6_5.2 AND php-tidy is earlier than 0:5.3.3-27.el6_5.2 AND php-xml is earlier than 0:5.3.3-27.el6_5.2 AND php-xmlrpc is earlier than 0:5.3.3-27.el6_5.2 AND php-zts is earlier than 0:5.3.3-27.el6_5.2

Definition Id: oval:org.mitre.oval:def:27986

Oval ID:	oval:org.mitre.oval:def:27986
Title:	DSA-3021-2 -- file regression update
Description:	Multiple security issues have been found in file, a tool to determine a file type. These vulnerabilities allow remote attackers to cause a denial of service, via resource consumption or application crash.
Family:	unix	Class:	patch
Reference(s):	DSA-3021-2 CVE-2014-0207 CVE-2014-0237 CVE-2014-0238 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3538 CVE-2014-3587	Version:	3
Platform(s):	Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0	Product(s):	file
Definition Synopsis:
Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND file is earlier than 0:5.11-2+deb7u4

Definition Id: oval:org.mitre.oval:def:28064

Oval ID:	oval:org.mitre.oval:def:28064
Title:	DSA-3008-2 -- php5 regression update
Description:	Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development.
Family:	unix	Class:	patch
Reference(s):	DSA-3008-2 CVE-2014-3538 CVE-2014-3587 CVE-2014-3597 CVE-2014-4670	Version:	3
Platform(s):	Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0	Product(s):	php5
Definition Synopsis:
Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND php5 is earlier than 0:5.4.4-14+deb7u13

Definition Id: oval:org.mitre.oval:def:29238

Oval ID:	oval:org.mitre.oval:def:29238
Title:	DSA-2422-2 -- file -- missing bounds checks
Description:	The file type identification tool, file, and its associated library, libmagic, do not properly process malformed files in the Composite Document File (CDF) format, leading to crashes.
Family:	unix	Class:	patch
Reference(s):	DSA-2422-2 CVE-2012-1571	Version:	3
Platform(s):	Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0	Product(s):	file
Definition Synopsis:
Debian 6.0 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND file is earlier than 0:5.04-5+squeeze2

CPE : Common Platform Enumeration

Type	Description	Count
Application	Christos Zoulas File cpe:2.3:a:christos_zoulas:file:5.18:::::::* cpe:2.3:a:christos_zoulas:file:5.17:::::::* cpe:2.3:a:christos_zoulas:file:5.16:::::::* cpe:2.3:a:christos_zoulas:file:5.15:::::::* cpe:2.3:a:christos_zoulas:file:5.14:::::::* cpe:2.3:a:christos_zoulas:file:5.13:::::::* cpe:2.3:a:christos_zoulas:file:5.12:::::::* cpe:2.3:a:christos_zoulas:file:5.11:::::::* cpe:2.3:a:christos_zoulas:file:5.10:::::::* cpe:2.3:a:christos_zoulas:file:5.09:::::::* cpe:2.3:a:christos_zoulas:file:5.08:::::::* cpe:2.3:a:christos_zoulas:file:5.07:::::::* cpe:2.3:a:christos_zoulas:file:5.06:::::::* cpe:2.3:a:christos_zoulas:file:5.05:::::::* cpe:2.3:a:christos_zoulas:file:5.04:::::::* cpe:2.3:a:christos_zoulas:file:5.03:::::::* cpe:2.3:a:christos_zoulas:file:5.02:::::::* cpe:2.3:a:christos_zoulas:file:5.01:::::::* cpe:2.3:a:christos_zoulas:file:5.00:::::::* cpe:2.3:a:christos_zoulas:file:4.26:::::::* cpe:2.3:a:christos_zoulas:file:4.25:::::::* cpe:2.3:a:christos_zoulas:file:4.24:::::::* cpe:2.3:a:christos_zoulas:file:4.23:::::::* cpe:2.3:a:christos_zoulas:file:4.21:::::::* cpe:2.3:a:christos_zoulas:file:4.20:::::::* cpe:2.3:a:christos_zoulas:file:4.19:::::::* cpe:2.3:a:christos_zoulas:file:4.17:::::::* cpe:2.3:a:christos_zoulas:file:4.16:::::::* cpe:2.3:a:christos_zoulas:file:4.15:::::::* cpe:2.3:a:christos_zoulas:file:4.14:::::::* cpe:2.3:a:christos_zoulas:file:4.13:::::::* cpe:2.3:a:christos_zoulas:file:4.12:::::::* cpe:2.3:a:christos_zoulas:file:4.11:::::::* cpe:2.3:a:christos_zoulas:file:4.09:::::::* cpe:2.3:a:christos_zoulas:file:4.08:::::::* cpe:2.3:a:christos_zoulas:file:4.07:::::::* cpe:2.3:a:christos_zoulas:file:4.06:::::::* cpe:2.3:a:christos_zoulas:file:4.04:::::::* cpe:2.3:a:christos_zoulas:file:4.03:::::::* cpe:2.3:a:christos_zoulas:file:4.02:::::::* cpe:2.3:a:christos_zoulas:file:4.01:::::::* cpe:2.3:a:christos_zoulas:file:3.41:::::::* cpe:2.3:a:christos_zoulas:file:3.40:::::::* cpe:2.3:a:christos_zoulas:file:3.39:::::::* cpe:2.3:a:christos_zoulas:file:3.38:::::::* cpe:2.3:a:christos_zoulas:file:3.37:::::::* cpe:2.3:a:christos_zoulas:file:3.36:::::::* cpe:2.3:a:christos_zoulas:file:3.34:::::::* cpe:2.3:a:christos_zoulas:file:3.33:::::::* cpe:2.3:a:christos_zoulas:file:3.32:::::::* cpe:2.3:a:christos_zoulas:file:3.31:::::::* cpe:2.3:a:christos_zoulas:file:3.30:::::::* cpe:2.3:a:christos_zoulas:file::::::::	53
Application	Php cpe:2.3:a:php:php:5.5.9:-:::::: cpe:2.3:a:php:php:5.5.9:rc1:::::: cpe:2.3:a:php:php:5.5.8:-:::::: cpe:2.3:a:php:php:5.5.8:rc1:::::: cpe:2.3:a:php:php:5.5.7:-:::::: cpe:2.3:a:php:php:5.5.7:rc1:::::: cpe:2.3:a:php:php:5.5.6:-:::::: cpe:2.3:a:php:php:5.5.6:rc1:::::: cpe:2.3:a:php:php:5.5.5:-:::::: cpe:2.3:a:php:php:5.5.5:rc1:::::: cpe:2.3:a:php:php:5.5.4:-:::::: cpe:2.3:a:php:php:5.5.4:rc1:::::: cpe:2.3:a:php:php:5.5.3:::::::* cpe:2.3:a:php:php:5.5.2:-:::::: cpe:2.3:a:php:php:5.5.2:rc1:::::: cpe:2.3:a:php:php:5.5.15:-:::::: cpe:2.3:a:php:php:5.5.15:rc1:::::: cpe:2.3:a:php:php:5.5.14:-:::::: cpe:2.3:a:php:php:5.5.14:rc1:::::: cpe:2.3:a:php:php:5.5.13:-:::::: cpe:2.3:a:php:php:5.5.13:rc1:::::: cpe:2.3:a:php:php:5.5.12:-:::::: cpe:2.3:a:php:php:5.5.12:rc1:::::: cpe:2.3:a:php:php:5.5.11:-:::::: cpe:2.3:a:php:php:5.5.11:rc1:::::: cpe:2.3:a:php:php:5.5.10:-:::::: cpe:2.3:a:php:php:5.5.10:rc1:::::: cpe:2.3:a:php:php:5.5.1:::::::* cpe:2.3:a:php:php:5.5.0:alpha1:::::: cpe:2.3:a:php:php:5.5.0:beta4:::::: cpe:2.3:a:php:php:5.5.0:alpha6:::::: cpe:2.3:a:php:php:5.5.0:alpha2:::::: cpe:2.3:a:php:php:5.5.0:alpha5:::::: cpe:2.3:a:php:php:5.5.0:beta3:::::: cpe:2.3:a:php:php:5.5.0:beta2:::::: cpe:2.3:a:php:php:5.5.0:rc1:::::: cpe:2.3:a:php:php:5.5.0:alpha4:::::: cpe:2.3:a:php:php:5.5.0:beta1:::::: cpe:2.3:a:php:php:5.5.0:alpha3:::::: cpe:2.3:a:php:php:5.5.0:rc2:::::: cpe:2.3:a:php:php:5.5.0:-:::::: cpe:2.3:a:php:php:5.5.0:rc3:::::: cpe:2.3:a:php:php:5.4.9:-:::::: cpe:2.3:a:php:php:5.4.9:rc1:::::: cpe:2.3:a:php:php:5.4.8:-:::::: cpe:2.3:a:php:php:5.4.8:rc1:::::: cpe:2.3:a:php:php:5.4.7:-:::::: cpe:2.3:a:php:php:5.4.7:rc1:::::: cpe:2.3:a:php:php:5.4.6:-:::::: cpe:2.3:a:php:php:5.4.6:rc1:::::: cpe:2.3:a:php:php:5.4.5:-:::::: cpe:2.3:a:php:php:5.4.5:rc1:::::: cpe:2.3:a:php:php:5.4.45:::::::* cpe:2.3:a:php:php:5.4.44:::::::* cpe:2.3:a:php:php:5.4.43:::::::* cpe:2.3:a:php:php:5.4.42:::::::* cpe:2.3:a:php:php:5.4.41:::::::* cpe:2.3:a:php:php:5.4.40:::::::* cpe:2.3:a:php:php:5.4.4:-:::::: cpe:2.3:a:php:php:5.4.4:rc1:::::: cpe:2.3:a:php:php:5.4.4:rc2:::::: cpe:2.3:a:php:php:5.4.39:::::::* cpe:2.3:a:php:php:5.4.38:::::::* cpe:2.3:a:php:php:5.4.37:::::::* cpe:2.3:a:php:php:5.4.36:::::::* cpe:2.3:a:php:php:5.4.35:::::::* cpe:2.3:a:php:php:5.4.34:::::::* cpe:2.3:a:php:php:5.4.33:-:::::: cpe:2.3:a:php:php:5.4.33:rc1:::::: cpe:2.3:a:php:php:5.4.32:-:::::: cpe:2.3:a:php:php:5.4.32:rc1:::::: cpe:2.3:a:php:php:5.4.31:-:::::: cpe:2.3:a:php:php:5.4.31:rc1:::::: cpe:2.3:a:php:php:5.4.30:-:::::: cpe:2.3:a:php:php:5.4.30:rc1:::::: cpe:2.3:a:php:php:5.4.3:::::::* cpe:2.3:a:php:php:5.4.29:-:::::: cpe:2.3:a:php:php:5.4.29:rc1:::::: cpe:2.3:a:php:php:5.4.28:-:::::: cpe:2.3:a:php:php:5.4.28:rc1:::::: cpe:2.3:a:php:php:5.4.27:-:::::: cpe:2.3:a:php:php:5.4.27:rc1:::::: cpe:2.3:a:php:php:5.4.26:-:::::: cpe:2.3:a:php:php:5.4.26:rc1:::::: cpe:2.3:a:php:php:5.4.25:-:::::: cpe:2.3:a:php:php:5.4.25:rc1:::::: cpe:2.3:a:php:php:5.4.24:-:::::: cpe:2.3:a:php:php:5.4.24:rc1:::::: cpe:2.3:a:php:php:5.4.23:-:::::: cpe:2.3:a:php:php:5.4.23:rc1:::::: cpe:2.3:a:php:php:5.4.22:-:::::: cpe:2.3:a:php:php:5.4.22:rc1:::::: cpe:2.3:a:php:php:5.4.21:-:::::: cpe:2.3:a:php:php:5.4.21:rc1:::::: cpe:2.3:a:php:php:5.4.20:-:::::: cpe:2.3:a:php:php:5.4.20:rc1:::::: cpe:2.3:a:php:php:5.4.2:::::::* cpe:2.3:a:php:php:5.4.19:::::::* cpe:2.3:a:php:php:5.4.18:-:::::: cpe:2.3:a:php:php:5.4.18:rc1:::::: cpe:2.3:a:php:php:5.4.18:rc2:::::: cpe:2.3:a:php:php:5.4.17:-:::::: cpe:2.3:a:php:php:5.4.17:rc1:::::: cpe:2.3:a:php:php:5.4.16:rc1:::::: cpe:2.3:a:php:php:5.4.16:-:::::: cpe:2.3:a:php:php:5.4.15:rc1:::::: cpe:2.3:a:php:php:5.4.15:-:::::: cpe:2.3:a:php:php:5.4.14:rc1:::::: cpe:2.3:a:php:php:5.4.14:-:::::: cpe:2.3:a:php:php:5.4.13:rc1:::::: cpe:2.3:a:php:php:5.4.13:-:::::: cpe:2.3:a:php:php:5.4.12:rc2:::::: cpe:2.3:a:php:php:5.4.12:rc1:::::: cpe:2.3:a:php:php:5.4.12:-:::::: cpe:2.3:a:php:php:5.4.11:-:::::: cpe:2.3:a:php:php:5.4.11:rc1:::::: cpe:2.3:a:php:php:5.4.10:-:::::: cpe:2.3:a:php:php:5.4.10:rc1:::::: cpe:2.3:a:php:php:5.4.1:::::::* cpe:2.3:a:php:php:5.4.1:rc1:::::: cpe:2.3:a:php:php:5.4.1:rc2:::::: cpe:2.3:a:php:php:5.4.0:beta2:::::: cpe:2.3:a:php:php:5.4.0:beta2:32-bit:::::* cpe:2.3:a:php:php:5.4.0:rc2:::::: cpe:2.3:a:php:php:5.4.0:-:::::: cpe:2.3:a:php:php:5.4.0:alpha1:::::: cpe:2.3:a:php:php:5.4.0:alpha2:::::: cpe:2.3:a:php:php:5.4.0:alpha3:::::: cpe:2.3:a:php:php:5.4.0:beta1:::::: cpe:2.3:a:php:php:5.4.0:rc1:::::: cpe:2.3:a:php:php:5.4.0:rc3:::::: cpe:2.3:a:php:php:5.4.0:rc4:::::: cpe:2.3:a:php:php:5.4.0:rc5:::::: cpe:2.3:a:php:php:5.4.0:rc6:::::: cpe:2.3:a:php:php:5.4.0:rc7:::::: cpe:2.3:a:php:php:5.4.0:rc8:::::: cpe:2.3:a:php:php:5.3.9:-:::::: cpe:2.3:a:php:php:5.3.9:rc1:::::: cpe:2.3:a:php:php:5.3.9:rc2:::::: cpe:2.3:a:php:php:5.3.9:rc3:::::: cpe:2.3:a:php:php:5.3.9:rc4:::::: cpe:2.3:a:php:php:5.3.8:::::::* cpe:2.3:a:php:php:5.3.7:-:::::: cpe:2.3:a:php:php:5.3.7:rc1:::::: cpe:2.3:a:php:php:5.3.7:rc2:::::: cpe:2.3:a:php:php:5.3.7:rc3:::::: cpe:2.3:a:php:php:5.3.7:rc4:::::: cpe:2.3:a:php:php:5.3.7:rc5:::::: cpe:2.3:a:php:php:5.3.6:::::::* cpe:2.3:a:php:php:5.3.6:rc1:::::: cpe:2.3:a:php:php:5.3.6:rc2:::::: cpe:2.3:a:php:php:5.3.6:rc3:::::: cpe:2.3:a:php:php:5.3.5:::::::* cpe:2.3:a:php:php:5.3.4:-:::::: cpe:2.3:a:php:php:5.3.4:rc1:::::: cpe:2.3:a:php:php:5.3.4:rc2:::::: cpe:2.3:a:php:php:5.3.3:-:::::: cpe:2.3:a:php:php:5.3.3:rc1:::::: cpe:2.3:a:php:php:5.3.3:rc2:::::: cpe:2.3:a:php:php:5.3.3:rc3:::::: cpe:2.3:a:php:php:5.3.29:-:::::: cpe:2.3:a:php:php:5.3.29:rc1:::::: cpe:2.3:a:php:php:5.3.28:::::::* cpe:2.3:a:php:php:5.3.27:-:::::: cpe:2.3:a:php:php:5.3.27:rc1:::::: cpe:2.3:a:php:php:5.3.26:-:::::: cpe:2.3:a:php:php:5.3.26:rc1:::::: cpe:2.3:a:php:php:5.3.25:-:::::: cpe:2.3:a:php:php:5.3.25:rc1:::::: cpe:2.3:a:php:php:5.3.24:-:::::: cpe:2.3:a:php:php:5.3.24:rc1:::::: cpe:2.3:a:php:php:5.3.23:-:::::: cpe:2.3:a:php:php:5.3.23:rc1:::::: cpe:2.3:a:php:php:5.3.22:-:::::: cpe:2.3:a:php:php:5.3.22:rc1:::::: cpe:2.3:a:php:php:5.3.22:rc2:::::: cpe:2.3:a:php:php:5.3.21:-:::::: cpe:2.3:a:php:php:5.3.21:rc1:::::: cpe:2.3:a:php:php:5.3.20:-:::::: cpe:2.3:a:php:php:5.3.20:rc1:::::: cpe:2.3:a:php:php:5.3.2:-:::::: cpe:2.3:a:php:php:5.3.2:rc1:::::: cpe:2.3:a:php:php:5.3.2:rc2:::::: cpe:2.3:a:php:php:5.3.2:rc3:::::: cpe:2.3:a:php:php:5.3.19:-:::::: cpe:2.3:a:php:php:5.3.19:rc1:::::: cpe:2.3:a:php:php:5.3.18:-:::::: cpe:2.3:a:php:php:5.3.18:rc1:::::: cpe:2.3:a:php:php:5.3.17:::::::* cpe:2.3:a:php:php:5.3.16:::::::* cpe:2.3:a:php:php:5.3.15:-:::::: cpe:2.3:a:php:php:5.3.15:rc1:::::: cpe:2.3:a:php:php:5.3.14:-:::::: cpe:2.3:a:php:php:5.3.14:rc1:::::: cpe:2.3:a:php:php:5.3.14:rc2:::::: cpe:2.3:a:php:php:5.3.13:::::::* cpe:2.3:a:php:php:5.3.12:::::::* cpe:2.3:a:php:php:5.3.11:-:::::: cpe:2.3:a:php:php:5.3.11:rc1:::::: cpe:2.3:a:php:php:5.3.11:rc2:::::: cpe:2.3:a:php:php:5.3.10:::::::* cpe:2.3:a:php:php:5.3.1:-:::::: cpe:2.3:a:php:php:5.3.1:rc1:::::: cpe:2.3:a:php:php:5.3.1:rc2:::::: cpe:2.3:a:php:php:5.3.1:rc3:::::: cpe:2.3:a:php:php:5.3.1:rc4:::::: cpe:2.3:a:php:php:5.3.0:-:::::: cpe:2.3:a:php:php:5.3.0:alpha1:::::: cpe:2.3:a:php:php:5.3.0:alpha2:::::: cpe:2.3:a:php:php:5.3.0:alpha3:::::: cpe:2.3:a:php:php:5.3.0:beta1:::::: cpe:2.3:a:php:php:5.3.0:rc1:::::: cpe:2.3:a:php:php:5.3.0:rc2:::::: cpe:2.3:a:php:php:5.3.0:rc3:::::: cpe:2.3:a:php:php:5.3.0:rc4:::::: cpe:2.3:a:php:php:5.2.9:-:::::: cpe:2.3:a:php:php:5.2.9:rc1:::::: cpe:2.3:a:php:php:5.2.9:rc2:::::: cpe:2.3:a:php:php:5.2.9:rc3:::::: cpe:2.3:a:php:php:5.2.8:::::::* cpe:2.3:a:php:php:5.2.7:-:::::: cpe:2.3:a:php:php:5.2.7:rc1:::::: cpe:2.3:a:php:php:5.2.7:rc2:::::: cpe:2.3:a:php:php:5.2.7:rc3:::::: cpe:2.3:a:php:php:5.2.7:rc4:::::: cpe:2.3:a:php:php:5.2.7:rc5:::::: cpe:2.3:a:php:php:5.2.6:-:::::: cpe:2.3:a:php:php:5.2.6:rc1:::::: cpe:2.3:a:php:php:5.2.6:rc2:::::: cpe:2.3:a:php:php:5.2.6:rc3:::::: cpe:2.3:a:php:php:5.2.6:rc4:::::: cpe:2.3:a:php:php:5.2.6:rc5:::::: cpe:2.3:a:php:php:5.2.5:-:::::: cpe:2.3:a:php:php:5.2.5:rc1:::::: cpe:2.3:a:php:php:5.2.5:rc2:::::: cpe:2.3:a:php:php:5.2.4::windows::::: cpe:2.3:a:php:php:5.2.4:-:::::: cpe:2.3:a:php:php:5.2.4:rc1:::::: cpe:2.3:a:php:php:5.2.4:rc2:::::: cpe:2.3:a:php:php:5.2.4:rc3:::::: cpe:2.3:a:php:php:5.2.3:-:::::: cpe:2.3:a:php:php:5.2.3:rc1:::::: cpe:2.3:a:php:php:5.2.2:-:::::: cpe:2.3:a:php:php:5.2.2:rc1:::::: cpe:2.3:a:php:php:5.2.2:rc2:::::: cpe:2.3:a:php:php:5.2.17:::::::* cpe:2.3:a:php:php:5.2.16:::::::* cpe:2.3:a:php:php:5.2.15:-:::::: cpe:2.3:a:php:php:5.2.15:rc1:::::: cpe:2.3:a:php:php:5.2.15:rc2:::::: cpe:2.3:a:php:php:5.2.14:-:::::: cpe:2.3:a:php:php:5.2.14:rc1:::::: cpe:2.3:a:php:php:5.2.14:rc2:::::: cpe:2.3:a:php:php:5.2.14:rc3:::::: cpe:2.3:a:php:php:5.2.13:-:::::: cpe:2.3:a:php:php:5.2.13:rc1:::::: cpe:2.3:a:php:php:5.2.13:rc2:::::: cpe:2.3:a:php:php:5.2.12:-:::::: cpe:2.3:a:php:php:5.2.12:rc1:::::: cpe:2.3:a:php:php:5.2.12:rc2:::::: cpe:2.3:a:php:php:5.2.12:rc3:::::: cpe:2.3:a:php:php:5.2.12:rc4:::::: cpe:2.3:a:php:php:5.2.11:-:::::: cpe:2.3:a:php:php:5.2.11:rc1:::::: cpe:2.3:a:php:php:5.2.11:rc2:::::: cpe:2.3:a:php:php:5.2.11:rc3:::::: cpe:2.3:a:php:php:5.2.10:-:::::: cpe:2.3:a:php:php:5.2.10:rc1:::::: cpe:2.3:a:php:php:5.2.10:rc2:::::: cpe:2.3:a:php:php:5.2.1:-:::::: cpe:2.3:a:php:php:5.2.1:rc1:::::: cpe:2.3:a:php:php:5.2.1:rc2:::::: cpe:2.3:a:php:php:5.2.1:rc3:::::: cpe:2.3:a:php:php:5.2.1:rc4:::::: cpe:2.3:a:php:php:5.2.0:::::::* cpe:2.3:a:php:php:5.2.0:rc1:::::: cpe:2.3:a:php:php:5.2.0:rc2:::::: cpe:2.3:a:php:php:5.2.0:rc3:::::: cpe:2.3:a:php:php:5.2.0:rc4:::::: cpe:2.3:a:php:php:5.2.0:rc5:::::: cpe:2.3:a:php:php:5.2.0:rc6:::::: cpe:2.3:a:php:php:5.1.6:::::::* cpe:2.3:a:php:php:5.1.5:-:::::: cpe:2.3:a:php:php:5.1.5:rc1:::::: cpe:2.3:a:php:php:5.1.4:::::::* cpe:2.3:a:php:php:5.1.3:::::::* cpe:2.3:a:php:php:5.1.3:rc1:::::: cpe:2.3:a:php:php:5.1.3:rc2:::::: cpe:2.3:a:php:php:5.1.3:rc3:::::: cpe:2.3:a:php:php:5.1.2:-:::::: cpe:2.3:a:php:php:5.1.2:rc1:::::: cpe:2.3:a:php:php:5.1.2:rc2:::::: cpe:2.3:a:php:php:5.1.1:::::::* cpe:2.3:a:php:php:5.1.0:-:::::: cpe:2.3:a:php:php:5.1.0:beta1:::::: cpe:2.3:a:php:php:5.1.0:beta2:::::: cpe:2.3:a:php:php:5.1.0:beta3:::::: cpe:2.3:a:php:php:5.1.0:rc1:::::: cpe:2.3:a:php:php:5.1.0:rc2:::::: cpe:2.3:a:php:php:5.1.0:rc2-pre:::::: cpe:2.3:a:php:php:5.1.0:rc3:::::: cpe:2.3:a:php:php:5.1.0:rc4:::::: cpe:2.3:a:php:php:5.1.0:rc5:::::: cpe:2.3:a:php:php:5.1.0:rc6:::::: cpe:2.3:a:php:php:5.0.5:-:::::: cpe:2.3:a:php:php:5.0.5:rc1:::::: cpe:2.3:a:php:php:5.0.5:rc2:::::: cpe:2.3:a:php:php:5.0.4:-:::::: cpe:2.3:a:php:php:5.0.4:rc1:::::: cpe:2.3:a:php:php:5.0.4:rc2:::::: cpe:2.3:a:php:php:5.0.3:-:::::: cpe:2.3:a:php:php:5.0.3:rc1:::::: cpe:2.3:a:php:php:5.0.3:rc2:::::: cpe:2.3:a:php:php:5.0.2:-:::::: cpe:2.3:a:php:php:5.0.2:rc1:::::: cpe:2.3:a:php:php:5.0.1:-:::::: cpe:2.3:a:php:php:5.0.1:beta1:::::: cpe:2.3:a:php:php:5.0.1:rc1:::::: cpe:2.3:a:php:php:5.0.1:rc2:::::: cpe:2.3:a:php:php:5.0.0:beta3:::::: cpe:2.3:a:php:php:5.0.0:rc3:::::: cpe:2.3:a:php:php:5.0.0:beta1:::::: cpe:2.3:a:php:php:5.0.0:beta4:::::: cpe:2.3:a:php:php:5.0.0:rc1:::::: cpe:2.3:a:php:php:5.0.0:beta2:::::: cpe:2.3:a:php:php:5.0.0:rc2:::::: cpe:2.3:a:php:php:5.0.0:-:::::: cpe:2.3:a:php:php:5.0:rc1:::::: cpe:2.3:a:php:php:5.0:rc3:::::: cpe:2.3:a:php:php:5.0:rc2:::::: cpe:2.3:a:php:php:5:::::::* cpe:2.3:a:php:php:4.4.9:-:::::: cpe:2.3:a:php:php:4.4.9:rc1:::::: cpe:2.3:a:php:php:4.4.8:-:::::: cpe:2.3:a:php:php:4.4.8:rc1:::::: cpe:2.3:a:php:php:4.4.7:-:::::: cpe:2.3:a:php:php:4.4.7:rc1:::::: cpe:2.3:a:php:php:4.4.6:-:::::: cpe:2.3:a:php:php:4.4.6:rc1:::::: cpe:2.3:a:php:php:4.4.5:-:::::: cpe:2.3:a:php:php:4.4.5:rc1:::::: cpe:2.3:a:php:php:4.4.5:rc2:::::: cpe:2.3:a:php:php:4.4.4:-:::::: cpe:2.3:a:php:php:4.4.4:rc1:::::: cpe:2.3:a:php:php:4.4.3:-:::::: cpe:2.3:a:php:php:4.4.3:rc1:::::: cpe:2.3:a:php:php:4.4.3:rc2:::::: cpe:2.3:a:php:php:4.4.2:-:::::: cpe:2.3:a:php:php:4.4.2:rc1:::::: cpe:2.3:a:php:php:4.4.2:rc2:::::: cpe:2.3:a:php:php:4.4.1:-:::::: cpe:2.3:a:php:php:4.4.1:rc1:::::: cpe:2.3:a:php:php:4.4.0:-:::::: cpe:2.3:a:php:php:4.4.0:rc1:::::: cpe:2.3:a:php:php:4.4.0:rc2:::::: cpe:2.3:a:php:php:4.3.9:::::::* cpe:2.3:a:php:php:4.3.9:rc1:::::: cpe:2.3:a:php:php:4.3.9:rc2:::::: cpe:2.3:a:php:php:4.3.9:rc3:::::: cpe:2.3:a:php:php:4.3.8:::::::* cpe:2.3:a:php:php:4.3.7:-:::::: cpe:2.3:a:php:php:4.3.7:rc1:::::: cpe:2.3:a:php:php:4.3.6:-:::::: cpe:2.3:a:php:php:4.3.6:rc1:::::: cpe:2.3:a:php:php:4.3.6:rc2:::::: cpe:2.3:a:php:php:4.3.6:rc3:::::: cpe:2.3:a:php:php:4.3.5:-:::::: cpe:2.3:a:php:php:4.3.5:rc1:::::: cpe:2.3:a:php:php:4.3.5:rc2:::::: cpe:2.3:a:php:php:4.3.5:rc3:::::: cpe:2.3:a:php:php:4.3.5:rc4:::::: cpe:2.3:a:php:php:4.3.4:-:::::: cpe:2.3:a:php:php:4.3.4:rc1:::::: cpe:2.3:a:php:php:4.3.4:rc2:::::: cpe:2.3:a:php:php:4.3.4:rc3:::::: cpe:2.3:a:php:php:4.3.3:-:::::: cpe:2.3:a:php:php:4.3.3:rc1:::::: cpe:2.3:a:php:php:4.3.3:rc2:::::: cpe:2.3:a:php:php:4.3.3:rc3:::::: cpe:2.3:a:php:php:4.3.3:rc4:::::: cpe:2.3:a:php:php:4.3.2:-:::::: cpe:2.3:a:php:php:4.3.2:rc1:::::: cpe:2.3:a:php:php:4.3.2:rc2:::::: cpe:2.3:a:php:php:4.3.2:rc3:::::: cpe:2.3:a:php:php:4.3.2:rc4:::::: cpe:2.3:a:php:php:4.3.11:-:::::: cpe:2.3:a:php:php:4.3.11:rc1:::::: cpe:2.3:a:php:php:4.3.11:rc2:::::: cpe:2.3:a:php:php:4.3.10:-:::::: cpe:2.3:a:php:php:4.3.10:rc1:::::: cpe:2.3:a:php:php:4.3.10:rc2:::::: cpe:2.3:a:php:php:4.3.1:::::::* cpe:2.3:a:php:php:4.3.0:-:::::: cpe:2.3:a:php:php:4.3.0:alpha1:::::: cpe:2.3:a:php:php:4.3.0:alpha2:::::: cpe:2.3:a:php:php:4.3.0:alpha3:::::: cpe:2.3:a:php:php:4.3.0:dev:::::: cpe:2.3:a:php:php:4.3.0:pre1:::::: cpe:2.3:a:php:php:4.3.0:pre2:::::: cpe:2.3:a:php:php:4.3.0:rc1:::::: cpe:2.3:a:php:php:4.3.0:rc2:::::: cpe:2.3:a:php:php:4.3.0:rc3:::::: cpe:2.3:a:php:php:4.3.0:rc4:::::: cpe:2.3:a:php:php:4.2.3:-:::::: cpe:2.3:a:php:php:4.2.3:rc1:::::: cpe:2.3:a:php:php:4.2.3:rc2:::::: cpe:2.3:a:php:php:4.2.2:::::::* cpe:2.3:a:php:php:4.2.1:-:::::: cpe:2.3:a:php:php:4.2.1:rc1:::::: cpe:2.3:a:php:php:4.2.1:rc2:::::: cpe:2.3:a:php:php:4.2.0:-:::::: cpe:2.3:a:php:php:4.2.0:rc1:::::: cpe:2.3:a:php:php:4.2.0:rc2:::::: cpe:2.3:a:php:php:4.2.0:rc3:::::: cpe:2.3:a:php:php:4.2.0:rc4:::::: cpe:2.3:a:php:php:4.2::dev::::: cpe:2.3:a:php:php:4.1.2:::::::* cpe:2.3:a:php:php:4.1.1:::::::* cpe:2.3:a:php:php:4.1.0:-:::::: cpe:2.3:a:php:php:4.1.0:rc1:::::: cpe:2.3:a:php:php:4.1.0:rc2:::::: cpe:2.3:a:php:php:4.1.0:rc3:::::: cpe:2.3:a:php:php:4.1.0:rc4:::::: cpe:2.3:a:php:php:4.1.0:rc5:::::: cpe:2.3:a:php:php:4.0.7:rc3:::::: cpe:2.3:a:php:php:4.0.7:rc2:::::: cpe:2.3:a:php:php:4.0.7:rc4:::::: cpe:2.3:a:php:php:4.0.7:rc1:::::: cpe:2.3:a:php:php:4.0.7:-:::::: cpe:2.3:a:php:php:4.0.6:-:::::: cpe:2.3:a:php:php:4.0.6:rc1:::::: cpe:2.3:a:php:php:4.0.6:rc2:::::: cpe:2.3:a:php:php:4.0.6:rc3:::::: cpe:2.3:a:php:php:4.0.6:rc4:::::: cpe:2.3:a:php:php:4.0.5:-:::::: cpe:2.3:a:php:php:4.0.5:rc1:::::: cpe:2.3:a:php:php:4.0.5:rc2:::::: cpe:2.3:a:php:php:4.0.5:rc3:::::: cpe:2.3:a:php:php:4.0.5:rc4:::::: cpe:2.3:a:php:php:4.0.5:rc5:::::: cpe:2.3:a:php:php:4.0.5:rc6:::::: cpe:2.3:a:php:php:4.0.5:rc7:::::: cpe:2.3:a:php:php:4.0.5:rc8:::::: cpe:2.3:a:php:php:4.0.4pl1:::::::* cpe:2.3:a:php:php:4.0.4:patch1:::::: cpe:2.3:a:php:php:4.0.4:-:::::: cpe:2.3:a:php:php:4.0.4:rc1:::::: cpe:2.3:a:php:php:4.0.4:rc2:::::: cpe:2.3:a:php:php:4.0.4:rc3:::::: cpe:2.3:a:php:php:4.0.4:rc4:::::: cpe:2.3:a:php:php:4.0.4:rc5:::::: cpe:2.3:a:php:php:4.0.4:rc6:::::: cpe:2.3:a:php:php:4.0.3:::::::* cpe:2.3:a:php:php:4.0.3:patch1:::::: cpe:2.3:a:php:php:4.0.3:rc1:::::: cpe:2.3:a:php:php:4.0.3:rc2:::::: cpe:2.3:a:php:php:4.0.2:::::::* cpe:2.3:a:php:php:4.0.2:rc1:::::: cpe:2.3:a:php:php:4.0.1:patch2:::::: cpe:2.3:a:php:php:4.0.1:patch1:::::: cpe:2.3:a:php:php:4.0.1:-:::::: cpe:2.3:a:php:php:4.0.1:rc:::::: cpe:2.3:a:php:php:4.0.1:rc2:::::: cpe:2.3:a:php:php:4.0.0:::::::* cpe:2.3:a:php:php:4.0:beta1:::::: cpe:2.3:a:php:php:4.0:beta2:::::: cpe:2.3:a:php:php:4.0:beta3:::::: cpe:2.3:a:php:php:4.0:beta4:::::: cpe:2.3:a:php:php:4.0:beta_4_patch1:::::: cpe:2.3:a:php:php:4.0:rc1:::::: cpe:2.3:a:php:php:4.0:rc2:::::: cpe:2.3:a:php:php:4.0:-:::::: cpe:2.3:a:php:php:4:::::::* cpe:2.3:a:php:php:3.0.9:::::::* cpe:2.3:a:php:php:3.0.8:::::::* cpe:2.3:a:php:php:3.0.7:::::::* cpe:2.3:a:php:php:3.0.6:::::::* cpe:2.3:a:php:php:3.0.5:::::::* cpe:2.3:a:php:php:3.0.4:::::::* cpe:2.3:a:php:php:3.0.3:::::::* cpe:2.3:a:php:php:3.0.2:::::::* cpe:2.3:a:php:php:3.0.18:::::::* cpe:2.3:a:php:php:3.0.17:::::::* cpe:2.3:a:php:php:3.0.16:::::::* cpe:2.3:a:php:php:3.0.15:::::::* cpe:2.3:a:php:php:3.0.14:::::::* cpe:2.3:a:php:php:3.0.13:::::::* cpe:2.3:a:php:php:3.0.12:::::::* cpe:2.3:a:php:php:3.0.11:::::::* cpe:2.3:a:php:php:3.0.10:::::::* cpe:2.3:a:php:php:3.0.1:::::::* cpe:2.3:a:php:php:3.0:::::::* cpe:2.3:a:php:php:2.0b10:::::::* cpe:2.3:a:php:php:2.0.2:::::::* cpe:2.3:a:php:php:2.0.1:::::::* cpe:2.3:a:php:php:2.0.0:-:::::: cpe:2.3:a:php:php:2.0.0:alpha1:::::: cpe:2.3:a:php:php:2.0.0:alpha2:::::: cpe:2.3:a:php:php:2.0.0:beta1:::::: cpe:2.3:a:php:php:2.0.0:rc1:::::: cpe:2.3:a:php:php:2.0:::::::* cpe:2.3:a:php:php:1.5:::::::* cpe:2.3:a:php:php:1.4:::::::* cpe:2.3:a:php:php:1.3.5:::::::* cpe:2.3:a:php:php:1.3.1:::::::* cpe:2.3:a:php:php:1.3:-:::::: cpe:2.3:a:php:php:1.3:beta2:::::: cpe:2.3:a:php:php:1.3:beta3:::::: cpe:2.3:a:php:php:1.3:beta6:::::: cpe:2.3:a:php:php:1.2.5:::::::* cpe:2.3:a:php:php:1.2.4:::::::* cpe:2.3:a:php:php:1.2.3:::::::* cpe:2.3:a:php:php:1.2.2:::::::* cpe:2.3:a:php:php:1.2.1:::::::* cpe:2.3:a:php:php:1.2.0:::::::* cpe:2.3:a:php:php:1.2:::::::* cpe:2.3:a:php:php:1.1.1:::::::* cpe:2.3:a:php:php:1.1.0:::::::* cpe:2.3:a:php:php:1.1:::::::* cpe:2.3:a:php:php:1.0.4:::::::* cpe:2.3:a:php:php:1.0.3:::::::* cpe:2.3:a:php:php:1.0.2:::::::* cpe:2.3:a:php:php:1.0.1:::::::* cpe:2.3:a:php:php:1.0.0:-:::::: cpe:2.3:a:php:php:1.0.0:rc1:::::: cpe:2.3:a:php:php:1.0:beta1:::::: cpe:2.3:a:php:php:1.0:beta2:::::: cpe:2.3:a:php:php:1.0:beta3:::::: cpe:2.3:a:php:php:1.0:rc1:::::: cpe:2.3:a:php:php:1.0:rc2:::::: cpe:2.3:a:php:php:0.91:::::::* cpe:2.3:a:php:php:0.90:::::::* cpe:2.3:a:php:php:0.9.4:::::::* cpe:2.3:a:php:php:0.9.3:::::::* cpe:2.3:a:php:php:0.9.2:::::::* cpe:2.3:a:php:php:0.9.1:::::::* cpe:2.3:a:php:php:0.9.0:::::::* cpe:2.3:a:php:php:0.9:::::::* cpe:2.3:a:php:php:0.7:::::::* cpe:2.3:a:php:php:0.6:::::::* cpe:2.3:a:php:php:0.5.3:::::::* cpe:2.3:a:php:php:0.5.2:::::::* cpe:2.3:a:php:php:0.5:::::::* cpe:2.3:a:php:php:0.4:::::::* cpe:2.3:a:php:php:0.3:::::::* cpe:2.3:a:php:php:0.2.4:::::::* cpe:2.3:a:php:php:0.2.3:::::::* cpe:2.3:a:php:php:0.2.2:::::::* cpe:2.3:a:php:php:0.2.1:::::::* cpe:2.3:a:php:php:0.2.0:::::::* cpe:2.3:a:php:php:0.2:::::::* cpe:2.3:a:php:php:0.11:::::::* cpe:2.3:a:php:php:0.10:::::::* cpe:2.3:a:php:php:0.1.1:::::::* cpe:2.3:a:php:php:0.1:::::::* cpe:2.3:a:php:php:::::::: cpe:2.3:a:php:php:-:::::::*	557
Application	Tim Robbins Libmagic cpe:2.3:a:tim_robbins:libmagic::::::::	1
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm::: cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm::: cpe:2.3:o:canonical:ubuntu_linux:12.04::::-:::	4
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:8.0:::::::* cpe:2.3:o:debian:debian_linux:7.0:::::::*	2
Os	Oracle Solaris cpe:2.3:o:oracle:solaris:11.2:::::::*	1
Os	Redhat Enterprise Linux Desktop cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*	2
Os	Redhat Enterprise Linux Eus cpe:2.3:o:redhat:enterprise_linux_eus:7.7:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:7.6:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:7.3:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:6.5:::::::*	6
Os	Redhat Enterprise Linux Server cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*	2
Os	Redhat Enterprise Linux Server Aus cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:::::::*	3
Os	Redhat Enterprise Linux Server Tus cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::* cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:::::::*	4
Os	Redhat Enterprise Linux Workstation cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*	2
Os	Suse Linux Enterprise Server cpe:2.3:o:suse:linux_enterprise_server:11:sp3::::vmware::* cpe:2.3:o:suse:linux_enterprise_server:11:sp2:::ltss:::* cpe:2.3:o:suse:linux_enterprise_server:11:sp3::::-::*	3
Os	Suse Linux Enterprise Software Development Kit cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3::::::	1

OpenVAS Exploits

Date	Description
2012-09-26	Name : Gentoo Security Advisory GLSA 201209-14 (file) File : nvt/glsa_201209_14.nasl
2012-08-03	Name : Mandriva Update for file MDVSA-2012:035 (file) File : nvt/gb_mandriva_MDVSA_2012_035.nasl
2012-05-31	Name : Debian Security Advisory DSA 2422-2 (file) File : nvt/deb_2422_2.nasl
2012-03-12	Name : Debian Security Advisory DSA 2422-1 (file) File : nvt/deb_2422_1.nasl

Information Assurance Vulnerability Management (IAVM)

Date	Description
2014-07-03	IAVM : 2014-B-0086 - Multiple Vulnerabilities in PHP Severity : Category I - VMSKEY : V0052897

Snort® IPS/IDS

Date	Description
2016-03-14	PHP fileinfo cdf_read_property_info denial of service attempt RuleID : 36262 - Revision : 3 - Type : SERVER-WEBAPP
2016-03-14	PHP fileinfo cdf_read_property_info denial of service attempt RuleID : 36261 - Revision : 3 - Type : SERVER-WEBAPP

Nessus® Vulnerability Scanner

Date	Description
2016-10-05	Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-1156.nasl - Type : ACT_GATHER_INFO
2016-09-19	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-2328-1.nasl - Type : ACT_GATHER_INFO
2016-09-08	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-2210-1.nasl - Type : ACT_GATHER_INFO
2016-08-29	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1638-1.nasl - Type : ACT_GATHER_INFO
2016-08-12	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_70140f20600711e6a6c314dae9d210b8.nasl - Type : ACT_GATHER_INFO
2016-07-18	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201607-04.nasl - Type : ACT_GATHER_INFO
2016-06-09	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20160510_file_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2016-06-01	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2987-1.nasl - Type : ACT_GATHER_INFO
2016-05-17	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2016-0760.nasl - Type : ACT_GATHER_INFO
2016-05-16	Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2016-0050.nasl - Type : ACT_GATHER_INFO
2016-05-16	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2016-0760.nasl - Type : ACT_GATHER_INFO
2016-05-12	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-0760.nasl - Type : ACT_GATHER_INFO
2016-01-22	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL16875.nasl - Type : ACT_GATHER_INFO
2015-12-22	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20151119_file_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2015-12-02	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-2155.nasl - Type : ACT_GATHER_INFO
2015-11-24	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-2155.nasl - Type : ACT_GATHER_INFO
2015-11-20	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-2155.nasl - Type : ACT_GATHER_INFO
2015-04-10	Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_SecUpd2015-004.nasl - Type : ACT_GATHER_INFO
2015-04-10	Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_10_10_3.nasl - Type : ACT_GATHER_INFO
2015-04-09	Name : The remote Debian host is missing a security update. File : debian_DLA-189.nasl - Type : ACT_GATHER_INFO
2015-04-08	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3215.nasl - Type : ACT_GATHER_INFO
2015-03-30	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-153.nasl - Type : ACT_GATHER_INFO
2015-03-30	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-080.nasl - Type : ACT_GATHER_INFO
2015-03-26	Name : The remote Debian host is missing a security update. File : debian_DLA-67.nasl - Type : ACT_GATHER_INFO
2015-03-26	Name : The remote Debian host is missing a security update. File : debian_DLA-50.nasl - Type : ACT_GATHER_INFO
2015-03-26	Name : The remote Debian host is missing a security update. File : debian_DLA-27.nasl - Type : ACT_GATHER_INFO
2015-03-26	Name : The remote Debian host is missing a security update. File : debian_DLA-145.nasl - Type : ACT_GATHER_INFO
2015-01-21	Name : The remote Fedora host is missing a security update. File : fedora_2015-0503.nasl - Type : ACT_GATHER_INFO
2015-01-20	Name : The remote Fedora host is missing a security update. File : fedora_2015-0432.nasl - Type : ACT_GATHER_INFO
2014-11-12	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1606.nasl - Type : ACT_GATHER_INFO
2014-10-17	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1606.nasl - Type : ACT_GATHER_INFO
2014-10-14	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1606.nasl - Type : ACT_GATHER_INFO
2014-10-12	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-415.nasl - Type : ACT_GATHER_INFO
2014-10-12	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-398.nasl - Type : ACT_GATHER_INFO
2014-10-12	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-382.nasl - Type : ACT_GATHER_INFO
2014-10-12	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-372.nasl - Type : ACT_GATHER_INFO
2014-10-12	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-367.nasl - Type : ACT_GATHER_INFO
2014-10-03	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2369-1.nasl - Type : ACT_GATHER_INFO
2014-10-01	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1326.nasl - Type : ACT_GATHER_INFO
2014-10-01	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1327.nasl - Type : ACT_GATHER_INFO
2014-10-01	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1327.nasl - Type : ACT_GATHER_INFO
2014-10-01	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1327.nasl - Type : ACT_GATHER_INFO
2014-10-01	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1326.nasl - Type : ACT_GATHER_INFO
2014-09-30	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1326.nasl - Type : ACT_GATHER_INFO
2014-09-18	Name : The remote host is missing a Mac OS X update that fixes multiple vulnerabilit... File : macosx_10_9_5.nasl - Type : ACT_GATHER_INFO
2014-09-17	Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-546.nasl - Type : ACT_GATHER_INFO
2014-09-12	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-172.nasl - Type : ACT_GATHER_INFO
2014-09-12	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-167.nasl - Type : ACT_GATHER_INFO
2014-09-10	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2344-1.nasl - Type : ACT_GATHER_INFO
2014-09-10	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3021.nasl - Type : ACT_GATHER_INFO
2014-09-05	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2014-247-01.nasl - Type : ACT_GATHER_INFO
2014-09-03	Name : The remote Fedora host is missing a security update. File : fedora_2014-9684.nasl - Type : ACT_GATHER_INFO
2014-09-03	Name : The remote Fedora host is missing a security update. File : fedora_2014-9679.nasl - Type : ACT_GATHER_INFO
2014-08-30	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201408-11.nasl - Type : ACT_GATHER_INFO
2014-08-27	Name : The remote web server uses a version of PHP that is affected by multiple vuln... File : php_5_5_16.nasl - Type : ACT_GATHER_INFO
2014-08-27	Name : The remote web server uses a version of PHP that is affected by multiple vuln... File : php_5_4_32.nasl - Type : ACT_GATHER_INFO
2014-08-22	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3008.nasl - Type : ACT_GATHER_INFO
2014-08-15	Name : The remote Fedora host is missing a security update. File : fedora_2014-8458.nasl - Type : ACT_GATHER_INFO
2014-08-07	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-149.nasl - Type : ACT_GATHER_INFO
2014-08-07	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1012.nasl - Type : ACT_GATHER_INFO
2014-08-06	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1012.nasl - Type : ACT_GATHER_INFO
2014-08-01	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-146.nasl - Type : ACT_GATHER_INFO
2014-07-25	Name : The remote web server uses a version of PHP that is affected by multiple vuln... File : php_5_5_15.nasl - Type : ACT_GATHER_INFO
2014-07-24	Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-464.nasl - Type : ACT_GATHER_INFO
2014-07-16	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2278-1.nasl - Type : ACT_GATHER_INFO
2014-07-11	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-133.nasl - Type : ACT_GATHER_INFO
2014-07-10	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2276-1.nasl - Type : ACT_GATHER_INFO
2014-07-10	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-131.nasl - Type : ACT_GATHER_INFO
2014-07-10	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-130.nasl - Type : ACT_GATHER_INFO
2014-07-09	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2974.nasl - Type : ACT_GATHER_INFO
2014-07-08	Name : The remote Fedora host is missing a security update. File : fedora_2014-7782.nasl - Type : ACT_GATHER_INFO
2014-07-06	Name : The remote Fedora host is missing a security update. File : fedora_2014-7992.nasl - Type : ACT_GATHER_INFO
2014-07-01	Name : The remote Fedora host is missing a security update. File : fedora_2014-7765.nasl - Type : ACT_GATHER_INFO
2014-06-27	Name : The remote web server is running a version of PHP that is affected by multipl... File : php_5_5_14.nasl - Type : ACT_GATHER_INFO
2014-06-27	Name : The remote web server is running a version of PHP that is affected by multipl... File : php_5_4_30.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-419.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-221.nasl - Type : ACT_GATHER_INFO
2014-02-27	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2123-1.nasl - Type : ACT_GATHER_INFO
2012-09-27	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201209-14.nasl - Type : ACT_GATHER_INFO
2012-03-26	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-035.nasl - Type : ACT_GATHER_INFO
2012-03-01	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2422.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-10-02 13:27:20	Multiple Updates
2014-09-30 17:22:41	First insertion

Global Informations

Type	Count
CWE ID(s)	7
Oval ID(s)	16
CPE ID(s)	641
Openvas Exploit(s)	4
IAVM(s)	1
Snort® Rule(s)	2
Nessus® Exploit(s)	81

	Related
6.8	CVE-2014-3597
6.4	CVE-2014-5120
5	CVE-2014-3538
5	CVE-2014-3478
4.6	CVE-2014-4698
4.6	CVE-2014-4670
4.3	CVE-2014-3587
4.3	CVE-2014-2497
4.3	CVE-2012-1571
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 9 more Alert(s)