Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title PHP: Multiple vulnerabilities
Informations
Name GLSA-201408-11 First vendor Publication 2014-08-29
Vendor Gentoo Last vendor Modification 2014-08-29
Severity (Vendor) High Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to remote execution of arbitrary code.

Background

PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML.

Description

Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details.

Impact

A context-dependent attacker can cause arbitrary code execution, create a Denial of Service condition, read or write arbitrary files, impersonate other servers, hijack a web session, or have other unspecified impact. Additionally, a local attacker could gain escalated privileges.

Workaround

There is no known workaround at this time.

Resolution

All PHP 5.5 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/php-5.5.16"

All PHP 5.4 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/php-5.4.32"

All PHP 5.3 users should upgrade to the latest version. This release marks the end of life of the PHP 5.3 series. Future releases of this series are not planned. All PHP 5.3 users are encouraged to upgrade to the current stable version of PHP 5.5 or previous stable version of PHP
5.4, which are supported till at least 2016 and 2015 respectively.
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/php-5.3.29"

References

[ 1 ] CVE-2011-4718 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4718
[ 2 ] CVE-2013-1635 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1635
[ 3 ] CVE-2013-1643 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1643
[ 4 ] CVE-2013-1824 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1824
[ 5 ] CVE-2013-2110 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2110
[ 6 ] CVE-2013-3735 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3735
[ 7 ] CVE-2013-4113 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4113
[ 8 ] CVE-2013-4248 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4248
[ 9 ] CVE-2013-4635 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4635
[ 10 ] CVE-2013-4636 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4636
[ 11 ] CVE-2013-6420 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6420
[ 12 ] CVE-2013-6712 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6712
[ 13 ] CVE-2013-7226 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7226
[ 14 ] CVE-2013-7327 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7327
[ 15 ] CVE-2013-7345 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7345
[ 16 ] CVE-2014-0185 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0185
[ 17 ] CVE-2014-0237 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0237
[ 18 ] CVE-2014-0238 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0238
[ 19 ] CVE-2014-1943 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1943
[ 20 ] CVE-2014-2270 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2270
[ 21 ] CVE-2014-2497 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2497
[ 22 ] CVE-2014-3597 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3597
[ 23 ] CVE-2014-3981 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3981
[ 24 ] CVE-2014-4049 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4049
[ 25 ] CVE-2014-4670 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4670
[ 26 ] CVE-2014-5120 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5120

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201408-11.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201408-11.xml

CWE : Common Weakness Enumeration

% Id Name
29 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
21 % CWE-20 Improper Input Validation
8 % CWE-264 Permissions, Privileges, and Access Controls
8 % CWE-189 Numeric Errors (CWE/SANS Top 25)
4 % CWE-787 Out-of-bounds Write (CWE/SANS Top 25)
4 % CWE-755 Improper Handling of Exceptional Conditions
4 % CWE-611 Information Leak Through XML External Entity File Disclosure
4 % CWE-476 NULL Pointer Dereference
4 % CWE-399 Resource Management Errors
4 % CWE-269 Improper Privilege Management
4 % CWE-200 Information Exposure
4 % CWE-59 Improper Link Resolution Before File Access ('Link Following')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:16819
 
Oval ID: oval:org.mitre.oval:def:16819
Title: USN-1872-1 -- PHP vulnerability
Description: PHP could be made to crash or run programs if it received specially crafted input.
Family: unix Class: patch
Reference(s): usn-1872-1
CVE-2013-2110
 Version: 7
Platform(s): Ubuntu 13.04
 Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18102
 
Oval ID: oval:org.mitre.oval:def:18102
Title: USN-1761-1 -- php5 vulnerability
Description: PHP could be made to expose sensitive information over the network.
Family: unix Class: patch
Reference(s): USN-1761-1
CVE-2013-1643
 Version: 7
Platform(s): Ubuntu 12.10
Ubuntu 12.04
Ubuntu 11.10
Ubuntu 10.04
Ubuntu 8.04
 Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18157
 
Oval ID: oval:org.mitre.oval:def:18157
Title: DSA-2639-1 php5 - several vulnerabilities
Description: Several vulnerabilities have been discovered in PHP, the web scripting language.
Family: unix Class: patch
Reference(s): DSA-2639-1
CVE-2013-1635
CVE-2013-1643
 Version: 7
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
 Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18424
 
Oval ID: oval:org.mitre.oval:def:18424
Title: USN-1905-1 -- php5 vulnerabilities
Description: Several security issues were fixed in PHP.
Family: unix Class: patch
Reference(s): USN-1905-1
CVE-2013-4113
CVE-2013-4635
 Version: 7
Platform(s): Ubuntu 13.04
Ubuntu 12.10
Ubuntu 12.04
Ubuntu 10.04
 Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18760
 
Oval ID: oval:org.mitre.oval:def:18760
Title: DSA-2742-1 php5 - interpretation conflict
Description: It was discovered that PHP, a general-purpose scripting language commonly used for web application development, did not properly process embedded NUL characters in the subjectAltName extension of X.509 certificates. Depending on the application and with insufficient CA-level checks, this could be abused for impersonating other users.
Family: unix Class: patch
Reference(s): DSA-2742-1
CVE-2013-4248
 Version: 8
Platform(s): Debian GNU/Linux 6.0
Debian GNU/Linux 7
Debian GNU/kFreeBSD 6.0
Debian GNU/kFreeBSD 7
 Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18927
 
Oval ID: oval:org.mitre.oval:def:18927
Title: USN-1937-1 -- php5 vulnerability
Description: Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet.
Family: unix Class: patch
Reference(s): USN-1937-1
CVE-2013-4248
 Version: 7
Platform(s): Ubuntu 13.04
Ubuntu 12.10
Ubuntu 12.04
Ubuntu 10.04
 Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18965
 
Oval ID: oval:org.mitre.oval:def:18965
Title: DSA-2723-1 php5 - heap corruption
Description: It was discovered that PHP could perform an invalid free request when processing crafted XML documents, corrupting the heap and potentially leading to arbitrary code execution. Depending on the PHP application, this vulnerability could be exploited remotely.
Family: unix Class: patch
Reference(s): DSA-2723-1
CVE-2013-4113
 Version: 8
Platform(s): Debian GNU/Linux 6.0
Debian GNU/Linux 7
Debian GNU/kFreeBSD 6.0
Debian GNU/kFreeBSD 7
 Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20214
 
Oval ID: oval:org.mitre.oval:def:20214
Title: USN-2055-1 -- php5 vulnerabilities
Description: Several security issues were fixed in PHP.
Family: unix Class: patch
Reference(s): USN-2055-1
CVE-2013-6420
CVE-2013-6712
 Version: 5
Platform(s): Ubuntu 13.10
Ubuntu 13.04
Ubuntu 12.10
Ubuntu 12.04
Ubuntu 10.04
 Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20542
 
Oval ID: oval:org.mitre.oval:def:20542
Title: DSA-2816-1 php5 - several
Description: Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development.
Family: unix Class: patch
Reference(s): DSA-2816-1
CVE-2013-6420
CVE-2013-6712
 Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/Linux 7
Debian GNU/kFreeBSD 6.0
Debian GNU/kFreeBSD 7
 Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20931
 
Oval ID: oval:org.mitre.oval:def:20931
Title: RHSA-2013:1049: php security update (Critical)
Description: ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function.
Family: unix Class: patch
Reference(s): RHSA-2013:1049-00
CESA-2013:1049
CVE-2013-4113
 Version: 4
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
CentOS Linux 5
CentOS Linux 6
 Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21035
 
Oval ID: oval:org.mitre.oval:def:21035
Title: RHSA-2013:1050: php53 security update (Critical)
Description: ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function.
Family: unix Class: patch
Reference(s): RHSA-2013:1050-00
CESA-2013:1050
CVE-2013-4113
 Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
 Product(s): php53
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21094
 
Oval ID: oval:org.mitre.oval:def:21094
Title: RHSA-2013:1814: php security update (Critical)
Description: The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.
Family: unix Class: patch
Reference(s): RHSA-2013:1814-00
CESA-2013:1814
CVE-2011-1398
CVE-2012-2688
CVE-2013-1643
CVE-2013-6420
 Version: 61
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
 Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21114
 
Oval ID: oval:org.mitre.oval:def:21114
Title: RHSA-2013:1307: php53 security, bug fix and enhancement update (Moderate)
Description: The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Family: unix Class: patch
Reference(s): RHSA-2013:1307-01
CESA-2013:1307
CVE-2006-7243
CVE-2011-1398
CVE-2012-0831
CVE-2012-2688
CVE-2013-1643
CVE-2013-4248
 Version: 87
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
 Product(s): php53
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21158
 
Oval ID: oval:org.mitre.oval:def:21158
Title: RHSA-2013:1813: php53 and php security update (Critical)
Description: The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.
Family: unix Class: patch
Reference(s): RHSA-2013:1813-00
CESA-2013:1813
CVE-2013-6420
 Version: 6
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
 Product(s): php53
php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22872
 
Oval ID: oval:org.mitre.oval:def:22872
Title: ELSA-2013:1814: php security update (Critical)
Description: The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.
Family: unix Class: patch
Reference(s): ELSA-2013:1814-00
CVE-2011-1398
CVE-2012-2688
CVE-2013-1643
CVE-2013-6420
 Version: 21
Platform(s): Oracle Linux 5
 Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23203
 
Oval ID: oval:org.mitre.oval:def:23203
Title: DEPRECATED: ELSA-2013:1813: php53 and php security update (Critical)
Description: The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.
Family: unix Class: patch
Reference(s): ELSA-2013:1813-00
CVE-2013-6420
 Version: 7
Platform(s): Oracle Linux 5
Oracle Linux 6
 Product(s): php53
php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23222
 
Oval ID: oval:org.mitre.oval:def:23222
Title: ELSA-2013:1307: php53 security, bug fix and enhancement update (Moderate)
Description: The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Family: unix Class: patch
Reference(s): ELSA-2013:1307-01
CVE-2006-7243
CVE-2011-1398
CVE-2012-0831
CVE-2012-2688
CVE-2013-1643
CVE-2013-4248
 Version: 29
Platform(s): Oracle Linux 5
 Product(s): php53
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23370
 
Oval ID: oval:org.mitre.oval:def:23370
Title: DEPRECATED: ELSA-2013:1049: php security update (Critical)
Description: ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function.
Family: unix Class: patch
Reference(s): ELSA-2013:1049-00
CVE-2013-4113
 Version: 7
Platform(s): Oracle Linux 6
Oracle Linux 5
 Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23414
 
Oval ID: oval:org.mitre.oval:def:23414
Title: ELSA-2013:1050: php53 security update (Critical)
Description: ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function.
Family: unix Class: patch
Reference(s): ELSA-2013:1050-00
CVE-2013-4113
 Version: 6
Platform(s): Oracle Linux 5
 Product(s): php53
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23670
 
Oval ID: oval:org.mitre.oval:def:23670
Title: DSA-2861-1 file - denial of service
Description: It was discovered that file, a file type classification tool, contains a flaw in the handling of <q>indirect</q> magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files.
Family: unix Class: patch
Reference(s): DSA-2861-1
CVE-2014-1943
 Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/Linux 7
Debian GNU/kFreeBSD 6.0
Debian GNU/kFreeBSD 7
 Product(s): file
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23706
 
Oval ID: oval:org.mitre.oval:def:23706
Title: DSA-2868-1 php5 - denial of service
Description: It was discovered that file, a file type classification tool, contains a flaw in the handling of <q>indirect</q> magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files.
Family: unix Class: patch
Reference(s): DSA-2868-1
CVE-2014-1943
 Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/Linux 7
Debian GNU/kFreeBSD 6.0
Debian GNU/kFreeBSD 7
 Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23708
 
Oval ID: oval:org.mitre.oval:def:23708
Title: DSA-2873-1 file - several
Description: Several vulnerabilities have been found in file, a file type classification tool.
Family: unix Class: patch
Reference(s): DSA-2873-1
CVE-2014-2270
CVE-2013-7345
 Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/Linux 7
Debian GNU/kFreeBSD 6.0
Debian GNU/kFreeBSD 7
 Product(s): file
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24044
 
Oval ID: oval:org.mitre.oval:def:24044
Title: USN-2123-1 -- file vulnerabilities
Description: File could be made to crash if it processed a specially crafted file.
Family: unix Class: patch
Reference(s): USN-2123-1
CVE-2012-1571
CVE-2014-1943
 Version: 5
Platform(s): Ubuntu 13.10
Ubuntu 12.10
Ubuntu 12.04
Ubuntu 10.04
 Product(s): file
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24124
 
Oval ID: oval:org.mitre.oval:def:24124
Title: ELSA-2013:1049: php security update (Critical)
Description: ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function.
Family: unix Class: patch
Reference(s): ELSA-2013:1049-00
CVE-2013-4113
 Version: 6
Platform(s): Oracle Linux 6
Oracle Linux 5
 Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24153
 
Oval ID: oval:org.mitre.oval:def:24153
Title: ELSA-2013:1813: php53 and php security update (Critical)
Description: The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.
Family: unix Class: patch
Reference(s): ELSA-2013:1813-00
CVE-2013-6420
 Version: 6
Platform(s): Oracle Linux 5
Oracle Linux 6
 Product(s): php53
php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24159
 
Oval ID: oval:org.mitre.oval:def:24159
Title: USN-2254-1 -- php5 vulnerabilities
Description: Several security issues were fixed in PHP.
Family: unix Class: patch
Reference(s): USN-2254-1
CVE-2014-0185
CVE-2014-0237
CVE-2014-0238
CVE-2014-4049
 Version: 3
Platform(s): Ubuntu 14.04
Ubuntu 13.10
Ubuntu 12.04
Ubuntu 10.04
 Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24248
 
Oval ID: oval:org.mitre.oval:def:24248
Title: USN-2163-1 -- php5 vulnerability
Description: PHP could be made to crash if it processed a specially crafted file.
Family: unix Class: patch
Reference(s): USN-2163-1
CVE-2014-2270
 Version: 5
Platform(s): Ubuntu 13.10
Ubuntu 12.10
Ubuntu 12.04
Ubuntu 10.04
 Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24326
 
Oval ID: oval:org.mitre.oval:def:24326
Title: USN-2162-1 -- file vulnerability
Description: File could be made to crash if it processed a specially crafted file.
Family: unix Class: patch
Reference(s): USN-2162-1
CVE-2014-2270
 Version: 5
Platform(s): Ubuntu 13.10
Ubuntu 12.10
Ubuntu 12.04
Ubuntu 10.04
 Product(s): file
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24786
 
Oval ID: oval:org.mitre.oval:def:24786
Title: DSA-2943-1 php5 - security update
Description: Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development.
Family: unix Class: patch
Reference(s): DSA-2943-1
CVE-2014-0185
CVE-2014-0237
CVE-2014-0238
CVE-2014-2270
 Version: 3
Platform(s): Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
 Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24930
 
Oval ID: oval:org.mitre.oval:def:24930
Title: USN-2254-2 -- php5 updates
Description: An improvement was made for PHP FPM environments.
Family: unix Class: patch
Reference(s): USN-2254-2
CVE-2014-0185
CVE-2014-0237
CVE-2014-0238
CVE-2014-4049
 Version: 3
Platform(s): Ubuntu 14.04
Ubuntu 13.10
 Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24951
 
Oval ID: oval:org.mitre.oval:def:24951
Title: DSA-2961-1 php5 - security update
Description: It was discovered that PHP, a general-purpose scripting language commonly used for web application development, is vulnerable to a heap-based buffer overflow in the DNS TXT record parsing. A malicious server or man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application uses dns_get_record() to perform a DNS query.
Family: unix Class: patch
Reference(s): DSA-2961-1
CVE-2014-4049
 Version: 3
Platform(s): Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
 Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25081
 
Oval ID: oval:org.mitre.oval:def:25081
Title: SUSE-SU-2014:0062-1 -- Security update for PHP5
Description: This update fixes the following issues: * memory corruption in openssl_parse_x509 (CVE-2013-6420) * man-in-the-middle attacks by specially crafting certificates (CVE-2013-4248)
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0062-1
CVE-2013-6420
CVE-2013-4248
 Version: 3
Platform(s): SUSE Linux Enterprise Server 11
 Product(s): PHP5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25162
 
Oval ID: oval:org.mitre.oval:def:25162
Title: SUSE-SU-2014:0670-1 -- Security update for file
Description: The command line tool file(1) and its library libmagic have been updated to fix the following issues: * file(1) crashed when parsing some PE executables. (CVE-2014-2270, bnc#866750) * file(1) did not set return code on non-existing files. (bnc#863450) Security Issue reference: * CVE-2014-2270 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270>
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0670-1
CVE-2014-2270
 Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
 Product(s): file
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25298
 
Oval ID: oval:org.mitre.oval:def:25298
Title: SUSE-SU-2013:1285-1 -- Security update for PHP5
Description: The following security issues have been fixed: * CVE-2013-4635 (bnc#828020): o Integer overflow in SdnToJewish() * CVE-2013-1635 and CVE-2013-1643 (bnc#807707): o reading system files via untrusted SOAP input o soap.wsdl_cache_dir function did not honour PHP open_basedir * CVE-2013-4113 (bnc#829207): o heap corruption due to badly formed xml
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1285-1
CVE-2013-4635
CVE-2013-1635
CVE-2013-1643
CVE-2013-4113
 Version: 3
Platform(s): SUSE Linux Enterprise Server 10
 Product(s): PHP5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25595
 
Oval ID: oval:org.mitre.oval:def:25595
Title: SUSE-SU-2014:0064-1 -- Security update for PHP5
Description: This update fixes the following issues: * memory corruption in openssl_parse_x509 (CVE-2013-6420) * Heap buffer over-read in DateInterval (CVE-2013-6712) * man-in-the-middle attacks by specially crafting certificates (CVE-2013-4248)
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0064-1
CVE-2013-6420
CVE-2013-6712
CVE-2013-4248
 Version: 3
Platform(s): SUSE Linux Enterprise Server 11
 Product(s): PHP5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25611
 
Oval ID: oval:org.mitre.oval:def:25611
Title: SUSE-SU-2014:0063-1 -- Security update for PHP5
Description: This update fixes the following issues: * memory corruption in openssl_parse_x509 (CVE-2013-6420) * Heap buffer over-read in DateInterval (CVE-2013-6712) * man-in-the-middle attacks by specially crafting certificates (CVE-2013-4248)
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0063-1
CVE-2013-6420
CVE-2013-6712
CVE-2013-4248
 Version: 3
Platform(s): SUSE Linux Enterprise Server 11
 Product(s): PHP5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25747
 
Oval ID: oval:org.mitre.oval:def:25747
Title: SUSE-SU-2013:1316-1 -- Security update for PHP5
Description: The following security issues have been fixed: * CVE-2013-4635 (bnc#828020): o Integer overflow in SdnToJewish() * CVE-2013-4113 (bnc#829207): o heap corruption due to badly formed xml Security Issues: * CVE-2013-4113 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4113 > * CVE-2013-4635 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4635 >
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1316-1
CVE-2013-4635
CVE-2013-4113
 Version: 3
Platform(s): SUSE Linux Enterprise Server 11
 Product(s): PHP5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25802
 
Oval ID: oval:org.mitre.oval:def:25802
Title: SUSE-SU-2013:1317-1 -- Security update for PHP5
Description: The following security issues have been fixed: * CVE-2013-4635 (bnc#828020): o Integer overflow in SdnToJewish() * CVE-2013-1635 and CVE-2013-1643 (bnc#807707): o reading system files via untrusted SOAP input o soap.wsdl_cache_dir function did not honour PHP open_basedir * CVE-2013-4113 (bnc#829207): o heap corruption due to badly formed xml Security Issues: * CVE-2013-4635 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4635 > * CVE-2013-4113 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4113 > * CVE-2013-1635 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1635 > * CVE-2013-1643 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1643 >
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1317-1
CVE-2013-4635
CVE-2013-1635
CVE-2013-1643
CVE-2013-4113
 Version: 3
Platform(s): SUSE Linux Enterprise Server 11
 Product(s): PHP5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25839
 
Oval ID: oval:org.mitre.oval:def:25839
Title: SUSE-SU-2014:0868-1 -- Security update for PHP5
Description: PHP5 has been updated to fix two security vulnerabilities.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0868-1
CVE-2014-4049
CVE-2014-2497
 Version: 3
Platform(s): SUSE Linux Enterprise Server 11
 Product(s): PHP5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25866
 
Oval ID: oval:org.mitre.oval:def:25866
Title: SUSE-SU-2013:1285-2 -- Security update for PHP5
Description: The following security issues have been fixed: * CVE-2013-4635 (bnc#828020): o Integer overflow in SdnToJewish() * CVE-2013-1635 and CVE-2013-1643 (bnc#807707): o reading system files via untrusted SOAP input o soap.wsdl_cache_dir function did not honour PHP open_basedir * CVE-2013-4113 (bnc#829207): o heap corruption due to badly formed xml
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1285-2
CVE-2013-4635
CVE-2013-1635
CVE-2013-1643
CVE-2013-4113
 Version: 3
Platform(s): SUSE Linux Enterprise Server 11
 Product(s): PHP5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26232
 
Oval ID: oval:org.mitre.oval:def:26232
Title: SUSE-SU-2014:0873-1 -- Security update for PHP5
Description: PHP5 has been updated to fix four security vulnerabilities.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0873-1
CVE-2014-4049
CVE-2014-2497
CVE-2013-6420
CVE-2013-4248
 Version: 3
Platform(s): SUSE Linux Enterprise Server 10
 Product(s): PHP5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26303
 
Oval ID: oval:org.mitre.oval:def:26303
Title: SUSE-SU-2014:0873-2 -- Security update for PHP5
Description: PHP5 has been updated to fix four security vulnerabilities.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0873-2
CVE-2014-4049
CVE-2013-6420
CVE-2013-4248
CVE-2014-2497
 Version: 3
Platform(s): SUSE Linux Enterprise Server 11
 Product(s): PHP5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26348
 
Oval ID: oval:org.mitre.oval:def:26348
Title: SUSE-SU-2014:0869-1 -- Security update for php53
Description: hp53 was updated to fix the following security vulnerabilities.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0869-1
CVE-2014-4049
CVE-2014-0238
CVE-2014-0237
CVE-2014-2497
 Version: 3
Platform(s): SUSE Linux Enterprise Server 11
 Product(s): php53
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26428
 
Oval ID: oval:org.mitre.oval:def:26428
Title: HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other Vulnerabilities
Description: The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Family: unix Class: vulnerability
Reference(s): CVE-2013-4248
 Version: 4
Platform(s): HP-UX 11
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26440
 
Oval ID: oval:org.mitre.oval:def:26440
Title: DEPRECATED: ELSA-2013-1813 -- php53 and php security update (critical)
Description: [5.3.3-27] - add security fix for CVE-2013-6420
Family: unix Class: patch
Reference(s): ELSA-2013-1813
CVE-2013-6420
 Version: 4
Platform(s): Oracle Linux 5
Oracle Linux 6
 Product(s): php53
php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26689
 
Oval ID: oval:org.mitre.oval:def:26689
Title: DSA-3008-1 php5 - security update
Description: Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development.
Family: unix Class: patch
Reference(s): DSA-3008-1
CVE-2014-3538
CVE-2014-3587
CVE-2014-3597
CVE-2014-4670
CVE-2013-7345
CVE-2014-4049
 Version: 3
Platform(s): Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
 Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26714
 
Oval ID: oval:org.mitre.oval:def:26714
Title: DEPRECATED: ELSA-2013-1814 -- php security update (critical)
Description: [5.1.6-43] - drop unneeded patch [5.1.6-42] - add security fixes for CVE-2012-2688, CVE-2011-1398, CVE-2013-1643, CVE-2013-6420
Family: unix Class: patch
Reference(s): ELSA-2013-1814
CVE-2011-1398
CVE-2012-2688
CVE-2013-1643
CVE-2013-6420
 Version: 4
Platform(s): Oracle Linux 5
 Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26755
 
Oval ID: oval:org.mitre.oval:def:26755
Title: USN-2344-1 -- php5 vulnerabilities
Description: php5 could be made to crash or run programs if it received specially crafted network traffic.
Family: unix Class: patch
Reference(s): USN-2344-1
CVE-2014-3587
CVE-2014-3597
 Version: 3
Platform(s): Ubuntu 14.04
Ubuntu 12.04
Ubuntu 10.04
 Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26896
 
Oval ID: oval:org.mitre.oval:def:26896
Title: SUSE-SU-2014:1141-1 -- Security update for php53
Description: This php53 update fixes the following security issues: * Insecure temporary file used for cache data was fixed by switching to a different root only directory /var/cache/php-pear. (CVE-2014-5459) * An incomplete fix for CVE-2014-4049. (CVE-2014-3597) Security Issues: * CVE-2014-5459 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5459> * CVE-2014-4049 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049>
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1141-1
CVE-2014-5459
CVE-2014-4049
CVE-2014-3597
 Version: 3
Platform(s): SUSE Linux Enterprise Server 11
 Product(s): php53
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26966
 
Oval ID: oval:org.mitre.oval:def:26966
Title: HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other Vulnerabilities
Description: acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file.
Family: unix Class: vulnerability
Reference(s): CVE-2014-3981
 Version: 4
Platform(s): HP-UX 11
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27044
 
Oval ID: oval:org.mitre.oval:def:27044
Title: RHSA-2013:1615 -- php security, bug fix, and enhancement update (Moderate)
Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2006-7243) A flaw was found in PHP&#39;s SSL client&#39;s hostname identity check when handling certificates that contain hostnames with NULL bytes. If an attacker was able to get a carefully crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate to conduct man-in-the-middle attacks to spoof SSL servers. (CVE-2013-4248) It was found that the PHP SOAP parser allowed the expansion of external XML entities during SOAP message parsing. A remote attacker could possibly use this flaw to read arbitrary files that are accessible to a PHP application using a SOAP extension. (CVE-2013-1643) This update fixes the following bugs: * Previously, when the allow_call_time_pass_reference setting was disabled, a virtual host on the Apache server could terminate with a segmentation fault when attempting to process certain PHP content. This bug has been fixed and virtual hosts no longer crash when allow_call_time_pass_reference is off. (BZ#892158, BZ#910466) * Prior to this update, if an error occurred during the operation of the fclose(), file_put_contents(), or copy() function, the function did not report it. This could have led to data loss. With this update, the aforementioned functions have been modified to properly report any errors. (BZ#947429) * The internal buffer for the SQLSTATE error code can store maximum of 5 characters. Previously, when certain calls exceeded this limit, a buffer overflow occurred. With this update, messages longer than 5 characters are automatically replaced with the default &quot;HY000&quot; string, thus preventing the overflow. (BZ#969110) In addition, this update adds the following enhancement: * This update adds the following rpm macros to the php package: %__php, %php_inidir, %php_incldir. (BZ#953814) Users of php are advised to upgrade to these updated packages, which fix these bugs and add this enhancement. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2013:1615
CESA-2013:1615
CVE-2006-7243
CVE-2013-1643
CVE-2013-4248
 Version: 3
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
 Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27121
 
Oval ID: oval:org.mitre.oval:def:27121
Title: ELSA-2014-1606 -- file security and bug fix update
Description: [5.04-21] - fix typographical error in changelog [5.04-20] - fix #1037279 - better patch for the bug from previous release [5.04-19] - fix #1037279 - display 'from' field on 32bit ppc core [5.04-18] - fix #664513 - trim white-spaces during ISO9660 detection [5.04-17] - fix CVE-2014-3479 (cdf_check_stream_offset boundary check) - fix CVE-2014-3480 (cdf_count_chain insufficient boundary check) - fix CVE-2014-0237 (cdf_unpack_summary_info() excessive looping DoS) - fix CVE-2014-0238 (CDF property info parsing nelements infinite loop) - fix CVE-2014-2270 (out-of-bounds access in search rules with offsets) - fix CVE-2014-1943 (unrestricted recursion in handling of indirect type rules) - fix CVE-2012-1571 (out of bounds read in CDF parser) [5.04-16] - fix #873997 - improve Minix detection pattern to fix false positives - fix #884396 - improve PBM pattern to fix misdetection with x86 boot sector - fix #980941 - improve Bio-Rad pattern to fix false positives - fix #849621 - tweak strength of XML, Latex and Python patterns to execute them in the proper order - fix #1067771 - detect qcow version 3 images - fix #1064463 - treat RRDTool files as binary files
Family: unix Class: patch
Reference(s): ELSA-2014-1606
CVE-2014-0237
CVE-2014-0238
CVE-2014-3479
CVE-2014-3480
CVE-2012-1571
CVE-2014-1943
CVE-2014-2270
 Version: 4
Platform(s): Oracle Linux 6
 Product(s): file
file-devel
file-libs
file-static
python-magic
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27173
 
Oval ID: oval:org.mitre.oval:def:27173
Title: ELSA-2014-1327 -- php security update (moderate)
Description: [5.4.16-23.1] - gd: fix NULL pointer dereference in gdImageCreateFromXpm(). CVE-2014-2497 - gd: fix NUL byte injection in file names. CVE-2014-5120 - fileinfo: fix extensive backtracking in regular expression (incomplete fix for CVE-2013-7345). CVE-2014-3538 - fileinfo: fix mconvert incorrect handling of truncated pascal string size. CVE-2014-3478 - fileinfo: fix cdf_read_property_info (incomplete fix for CVE-2012-1571). CVE-2014-3587 - spl: fix use-after-free in ArrayIterator due to object change during sorting. CVE-2014-4698 - spl: fix use-after-free in SPL Iterators. CVE-2014-4670 - network: fix segfault in dns_get_record (incomplete fix for CVE-2014-4049). CVE-2014-3597
Family: unix Class: patch
Reference(s): ELSA-2014-1327
CVE-2014-2497
CVE-2014-3478
CVE-2014-3538
CVE-2014-3587
CVE-2014-3597
CVE-2014-4670
CVE-2014-4698
CVE-2014-5120
 Version: 3
Platform(s): Oracle Linux 7
 Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27197
 
Oval ID: oval:org.mitre.oval:def:27197
Title: ELSA-2014-1012 -- php53 and php security update (moderate)
Description: [5.3.3-27.1] - core: type confusion issue in phpinfo(). CVE-2014-4721 - date: fix heap-based buffer over-read in DateInterval. CVE-2013-6712 - core: fix heap-based buffer overflow in DNS TXT record parsing. CVE-2014-4049 - core: unserialize() SPL ArrayObject / SPLObjectStorage type confusion flaw. CVE-2014-3515 - fileinfo: out-of-bounds memory access in fileinfo. CVE-2014-2270 - fileinfo: unrestricted recursion in handling of indirect type rules. CVE-2014-1943 - fileinfo: out of bounds read in CDF parser. CVE-2012-1571 - fileinfo: cdf_check_stream_offset boundary check. CVE-2014-3479 - fileinfo: cdf_count_chain insufficient boundary check. CVE-2014-3480 - fileinfo: cdf_unpack_summary_info() excessive looping DoS. CVE-2014-0237 - fileinfo: CDF property info parsing nelements infinite loop. CVE-2014-0238
Family: unix Class: patch
Reference(s): ELSA-2014-1012
CVE-2014-0237
CVE-2014-0238
CVE-2014-3479
CVE-2014-3480
CVE-2014-3515
CVE-2014-4049
CVE-2014-4721
CVE-2012-1571
CVE-2013-6712
CVE-2014-1943
CVE-2014-2270
 Version: 3
Platform(s): Oracle Linux 5
Oracle Linux 6
 Product(s): php53
php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27209
 
Oval ID: oval:org.mitre.oval:def:27209
Title: RHSA-2014:1327: php security update (Moderate)
Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP's fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. A buffer overflow flaw was found in the way the File Information (fileinfo) extension processed certain Pascal strings. A remote attacker able to make a PHP application using fileinfo convert a specially crafted Pascal string provided by an image file could cause that application to crash. (CVE-2014-3478) Multiple flaws were found in the File Information (fileinfo) extension regular expression rules for detecting various files. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to consume an excessive amount of CPU. (CVE-2014-3538) It was found that the fix for CVE-2012-1571 was incomplete; the File Information (fileinfo) extension did not correctly parse certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. (CVE-2014-3587) It was found that PHP's gd extension did not properly handle file names with a null character. A remote attacker could possibly use this flaw to make a PHP application access unexpected files and bypass intended file system access restrictions. (CVE-2014-5120) A NULL pointer dereference flaw was found in the gdImageCreateFromXpm() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application using gd via a specially crafted X PixMap (XPM) file. (CVE-2014-2497) Multiple buffer over-read flaws were found in the php_parserr() function of PHP. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dns_get_record() function to perform a DNS query. (CVE-2014-3597) Two use-after-free flaws were found in the way PHP handled certain Standard PHP Library (SPL) Iterators and ArrayIterators. A malicious script author could possibly use either of these flaws to disclose certain portions of server memory. (CVE-2014-4670, CVE-2014-4698) The CVE-2014-3478 issue was discovered by Francisco Alonso of Red Hat Product Security, the CVE-2014-3538 issue was discovered by Jan KaluЕѕa of the Red Hat Web Stack Team, and the CVE-2014-3597 issue was discovered by David KutГЎlek of the Red Hat BaseOS QE. All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:1327-00
CESA-2014:1327
CVE-2014-2497
CVE-2014-3478
CVE-2014-3538
CVE-2014-3587
CVE-2014-3597
CVE-2014-4670
CVE-2014-4698
CVE-2014-5120
 Version: 3
Platform(s): Red Hat Enterprise Linux 7
CentOS Linux 7
 Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27418
 
Oval ID: oval:org.mitre.oval:def:27418
Title: DEPRECATED: ELSA-2013-1307 -- php53 security, bug fix and enhancement update (moderate)
Description: [5.3.3-21] - add security fix for CVE-2013-4248
Family: unix Class: patch
Reference(s): ELSA-2013-1307
CVE-2011-1398
CVE-2012-0831
CVE-2012-2688
CVE-2006-7243
CVE-2013-1643
CVE-2013-4248
 Version: 4
Platform(s): Oracle Linux 5
 Product(s): php53
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27441
 
Oval ID: oval:org.mitre.oval:def:27441
Title: DEPRECATED: ELSA-2013-1049 -- php security update (critical)
Description: [5.3.3-23] - add security fix for CVE-2013-4113
Family: unix Class: patch
Reference(s): ELSA-2013-1049
CVE-2013-4113
 Version: 4
Platform(s): Oracle Linux 5
Oracle Linux 6
 Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27442
 
Oval ID: oval:org.mitre.oval:def:27442
Title: ELSA-2013-1615 -- php security, bug fix, and enhancement update (moderate)
Description: [5.3.3-26] - add security fix for CVE-2013-4248 [5.3.3-25] - rename patch to math CVE-2010-3709 name - add security fixes for CVE-2006-7243, CVE-2013-1643 [5.3.3-24] - fix buffer overflow in _pdo_pgsql_error (#969110) - fix double free when destroy_zend_class fails (#910466) - fix segfault in error_handler with allow_call_time_pass_reference = Off (#892158) - fix copy doesn't report failure on partial copy (#947428) - add rpm macros for packagers: %php_inidir, %php_incldir and %__php (#953814)
Family: unix Class: patch
Reference(s): ELSA-2013-1615
CVE-2006-7243
CVE-2013-1643
CVE-2013-4248
 Version: 3
Platform(s): Oracle Linux 6
 Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27533
 
Oval ID: oval:org.mitre.oval:def:27533
Title: DEPRECATED: ELSA-2013-1050 -- php53 security update (critical)
Description: [5.3.3-13.1] - add security fix for CVE-2013-4113
Family: unix Class: patch
Reference(s): ELSA-2013-1050
CVE-2013-4113
 Version: 4
Platform(s): Oracle Linux 5
 Product(s): php53
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28064
 
Oval ID: oval:org.mitre.oval:def:28064
Title: DSA-3008-2 -- php5 regression update
Description: Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development.
Family: unix Class: patch
Reference(s): DSA-3008-2
CVE-2014-3538
CVE-2014-3587
CVE-2014-3597
CVE-2014-4670
 Version: 3
Platform(s): Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
 Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29235
 
Oval ID: oval:org.mitre.oval:def:29235
Title: DSA-2873-2 -- file -- several vulnerabilities
Description: Several vulnerabilities have been found in file, a file type classification tool.
Family: unix Class: patch
Reference(s): DSA-2873-2
CVE-2014-2270
CVE-2013-7345
 Version: 3
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
 Product(s): file
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2
Application 49
Application 10
Application 15
Application 573
Os 100
Os 12
Os 3
Os 5
Os 1
Os 2
Os 2
Os 6
Os 2
Os 3
Os 4
Os 2
Os 3
Os 1

ExploitDB Exploits

id Description
2013-12-17 PHP openssl_x509_parse() - Memory Corruption Vulnerability

Information Assurance Vulnerability Management (IAVM)

Date Description
2014-07-03 IAVM : 2014-B-0086 - Multiple Vulnerabilities in PHP
Severity : Category I - VMSKEY : V0052897
2014-05-08 IAVM : 2014-B-0053 - PHP Privilege Escalation Vulnerability
Severity : Category I - VMSKEY : V0050233
2014-02-27 IAVM : 2014-B-0021 - Multiple Vulnerabilities in PHP
Severity : Category I - VMSKEY : V0044541
2014-02-27 IAVM : 2014-A-0030 - Apple Mac OS X Security Update 2014-001
Severity : Category I - VMSKEY : V0044547
2013-09-19 IAVM : 2013-A-0179 - Apple Mac OS X Security Update 2013-004
Severity : Category I - VMSKEY : V0040373
2013-08-22 IAVM : 2013-B-0093 - Multiple Vulnerabilities in PHP
Severity : Category I - VMSKEY : V0040108

Snort® IPS/IDS

Date Description
2020-01-14 PHP malformed quoted printable denial of service attempt
RuleID : 52454 - Revision : 1 - Type : SERVER-WEBAPP
2019-11-19 PHP tag depth heap memory corruption attempt
RuleID : 51930 - Revision : 1 - Type : SERVER-WEBAPP
2017-09-19 PHP malformed quoted printable denial of service attempt
RuleID : 44001 - Revision : 2 - Type : SERVER-WEBAPP
2016-03-29 PHP libmagic PE out of bounds memory access attempt
RuleID : 38347 - Revision : 1 - Type : FILE-EXECUTABLE
2015-10-20 PHP CDF file handling infinite loop dos attempt
RuleID : 36059 - Revision : 3 - Type : SERVER-WEBAPP
2014-11-16 PHP DNS parsing heap overflow attempt
RuleID : 31460 - Revision : 3 - Type : SERVER-WEBAPP
2014-04-17 PHP DateInterval heap buffer overread denial of service attempt
RuleID : 30200 - Revision : 3 - Type : SERVER-WEBAPP
2014-04-17 PHP DateInterval heap buffer overread denial of service attempt
RuleID : 30199 - Revision : 3 - Type : SERVER-WEBAPP

Nessus® Vulnerability Scanner

Date Description
2017-07-31 Name : The remote device is affected by multiple vulnerabilities.
File : juniper_jsa10804.nasl - Type : ACT_GATHER_INFO
2016-08-29 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-1638-1.nasl - Type : ACT_GATHER_INFO
2016-08-12 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_70140f20600711e6a6c314dae9d210b8.nasl - Type : ACT_GATHER_INFO
2016-07-18 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201607-04.nasl - Type : ACT_GATHER_INFO
2016-06-01 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2987-1.nasl - Type : ACT_GATHER_INFO
2015-12-22 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20151119_file_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2015-12-02 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-2155.nasl - Type : ACT_GATHER_INFO
2015-11-24 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-2155.nasl - Type : ACT_GATHER_INFO
2015-11-20 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-2155.nasl - Type : ACT_GATHER_INFO
2015-10-06 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2015-636.nasl - Type : ACT_GATHER_INFO
2015-09-18 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15879.nasl - Type : ACT_GATHER_INFO
2015-09-18 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL16954.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2013-1316-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-0064-1.nasl - Type : ACT_GATHER_INFO
2015-05-15 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15169.nasl - Type : ACT_GATHER_INFO
2015-04-10 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_10_10_3.nasl - Type : ACT_GATHER_INFO
2015-04-10 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_SecUpd2015-004.nasl - Type : ACT_GATHER_INFO
2015-04-09 Name : The remote Debian host is missing a security update.
File : debian_DLA-189.nasl - Type : ACT_GATHER_INFO
2015-04-08 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3215.nasl - Type : ACT_GATHER_INFO
2015-03-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-080.nasl - Type : ACT_GATHER_INFO
2015-03-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-153.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-145.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-27.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-67.nasl - Type : ACT_GATHER_INFO
2015-03-24 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201503-08.nasl - Type : ACT_GATHER_INFO
2015-01-21 Name : The remote Fedora host is missing a security update.
File : fedora_2015-0503.nasl - Type : ACT_GATHER_INFO
2015-01-20 Name : The remote Fedora host is missing a security update.
File : fedora_2015-0432.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_php_20140401.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_php_20140522.nasl - Type : ACT_GATHER_INFO
2014-12-02 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15876.nasl - Type : ACT_GATHER_INFO
2014-11-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1061.nasl - Type : ACT_GATHER_INFO
2014-11-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1062.nasl - Type : ACT_GATHER_INFO
2014-11-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-1307.nasl - Type : ACT_GATHER_INFO
2014-11-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-1615.nasl - Type : ACT_GATHER_INFO
2014-11-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1606.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1824.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1825.nasl - Type : ACT_GATHER_INFO
2014-11-05 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3064.nasl - Type : ACT_GATHER_INFO
2014-11-04 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20141014_file_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-10-17 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1606.nasl - Type : ACT_GATHER_INFO
2014-10-14 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1606.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-332.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-333.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-342.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-343.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-361.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-362.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-367.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-372.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-382.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-393.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-415.nasl - Type : ACT_GATHER_INFO
2014-10-08 Name : The remote web server is affected by multiple vulnerabilities.
File : hpsmh_7_4.nasl - Type : ACT_GATHER_INFO
2014-10-01 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1326.nasl - Type : ACT_GATHER_INFO
2014-10-01 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1327.nasl - Type : ACT_GATHER_INFO
2014-10-01 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1326.nasl - Type : ACT_GATHER_INFO
2014-10-01 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1327.nasl - Type : ACT_GATHER_INFO
2014-10-01 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1327.nasl - Type : ACT_GATHER_INFO
2014-09-30 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1326.nasl - Type : ACT_GATHER_INFO
2014-09-18 Name : The remote host is missing a Mac OS X update that fixes multiple vulnerabilit...
File : macosx_10_9_5.nasl - Type : ACT_GATHER_INFO
2014-09-17 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-546.nasl - Type : ACT_GATHER_INFO
2014-09-12 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-172.nasl - Type : ACT_GATHER_INFO
2014-09-10 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3021.nasl - Type : ACT_GATHER_INFO
2014-09-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2344-1.nasl - Type : ACT_GATHER_INFO
2014-09-05 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2014-247-01.nasl - Type : ACT_GATHER_INFO
2014-09-03 Name : The remote Fedora host is missing a security update.
File : fedora_2014-9679.nasl - Type : ACT_GATHER_INFO
2014-09-03 Name : The remote Fedora host is missing a security update.
File : fedora_2014-9684.nasl - Type : ACT_GATHER_INFO
2014-08-30 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201408-08.nasl - Type : ACT_GATHER_INFO
2014-08-30 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201408-11.nasl - Type : ACT_GATHER_INFO
2014-08-27 Name : The remote web server uses a version of PHP that is affected by multiple vuln...
File : php_5_4_32.nasl - Type : ACT_GATHER_INFO
2014-08-27 Name : The remote web server uses a version of PHP that is affected by multiple vuln...
File : php_5_5_16.nasl - Type : ACT_GATHER_INFO
2014-08-22 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3008.nasl - Type : ACT_GATHER_INFO
2014-08-20 Name : The remote web server uses a version of PHP that is affected by multiple vuln...
File : php_5_3_29.nasl - Type : ACT_GATHER_INFO
2014-08-19 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_d2a892b9260511e49da000a0986f28c4.nasl - Type : ACT_GATHER_INFO
2014-08-15 Name : The remote Fedora host is missing a security update.
File : fedora_2014-8458.nasl - Type : ACT_GATHER_INFO
2014-08-07 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1012.nasl - Type : ACT_GATHER_INFO
2014-08-07 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1013.nasl - Type : ACT_GATHER_INFO
2014-08-07 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-149.nasl - Type : ACT_GATHER_INFO
2014-08-07 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1012.nasl - Type : ACT_GATHER_INFO
2014-08-07 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1013.nasl - Type : ACT_GATHER_INFO
2014-08-07 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140806_php53_and_php_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-08-06 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1012.nasl - Type : ACT_GATHER_INFO
2014-08-06 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1013.nasl - Type : ACT_GATHER_INFO
2014-08-01 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-146.nasl - Type : ACT_GATHER_INFO
2014-07-25 Name : The remote web server uses a version of PHP that is affected by multiple vuln...
File : php_5_5_15.nasl - Type : ACT_GATHER_INFO
2014-07-16 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2278-1.nasl - Type : ACT_GATHER_INFO
2014-07-14 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2014-192-01.nasl - Type : ACT_GATHER_INFO
2014-07-11 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-133.nasl - Type : ACT_GATHER_INFO
2014-07-10 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-130.nasl - Type : ACT_GATHER_INFO
2014-07-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2276-1.nasl - Type : ACT_GATHER_INFO
2014-07-08 Name : The remote Fedora host is missing a security update.
File : fedora_2014-7782.nasl - Type : ACT_GATHER_INFO
2014-07-06 Name : The remote Fedora host is missing a security update.
File : fedora_2014-7992.nasl - Type : ACT_GATHER_INFO
2014-07-04 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_apache2-mod_php53-140627.nasl - Type : ACT_GATHER_INFO
2014-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2014-7765.nasl - Type : ACT_GATHER_INFO
2014-06-27 Name : The remote web server is running a version of PHP that is affected by multipl...
File : php_5_4_30.nasl - Type : ACT_GATHER_INFO
2014-06-27 Name : The remote web server is running a version of PHP that is affected by multipl...
File : php_5_5_14.nasl - Type : ACT_GATHER_INFO
2014-06-26 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-443.nasl - Type : ACT_GATHER_INFO
2014-06-26 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2254-2.nasl - Type : ACT_GATHER_INFO
2014-06-24 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2254-1.nasl - Type : ACT_GATHER_INFO
2014-06-18 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2014-6901.nasl - Type : ACT_GATHER_INFO
2014-06-18 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2014-6904.nasl - Type : ACT_GATHER_INFO
2014-06-17 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2961.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-1032.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-604.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-209.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-255.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-270.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-419.nasl - Type : ACT_GATHER_INFO
2014-06-11 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-115.nasl - Type : ACT_GATHER_INFO
2014-06-11 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-116.nasl - Type : ACT_GATHER_INFO
2014-06-10 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2014-160-01.nasl - Type : ACT_GATHER_INFO
2014-06-03 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2943.nasl - Type : ACT_GATHER_INFO
2014-06-03 Name : The remote web server uses a version of PHP that is affected by multiple vuln...
File : php_5_4_29.nasl - Type : ACT_GATHER_INFO
2014-06-03 Name : The remote web server uses a version of PHP that is affected by multiple vuln...
File : php_5_5_13.nasl - Type : ACT_GATHER_INFO
2014-05-19 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_file-140331.nasl - Type : ACT_GATHER_INFO
2014-05-16 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-087.nasl - Type : ACT_GATHER_INFO
2014-05-12 Name : The remote Fedora host is missing a security update.
File : fedora_2014-5984.nasl - Type : ACT_GATHER_INFO
2014-05-06 Name : The remote Fedora host is missing a security update.
File : fedora_2014-5960.nasl - Type : ACT_GATHER_INFO
2014-05-05 Name : The remote web server uses a version of PHP that is potentially affected by a...
File : php_5_4_28.nasl - Type : ACT_GATHER_INFO
2014-05-05 Name : The remote web server uses a version of PHP that is potentially affected by a...
File : php_5_5_12.nasl - Type : ACT_GATHER_INFO
2014-04-23 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-323.nasl - Type : ACT_GATHER_INFO
2014-04-22 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2014-111-02.nasl - Type : ACT_GATHER_INFO
2014-04-16 Name : The remote Fedora host is missing a security update.
File : fedora_2014-4735.nasl - Type : ACT_GATHER_INFO
2014-04-16 Name : The remote Fedora host is missing a security update.
File : fedora_2014-4767.nasl - Type : ACT_GATHER_INFO
2014-04-11 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-075.nasl - Type : ACT_GATHER_INFO
2014-04-10 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-073.nasl - Type : ACT_GATHER_INFO
2014-04-08 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2162-1.nasl - Type : ACT_GATHER_INFO
2014-04-08 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2163-1.nasl - Type : ACT_GATHER_INFO
2014-03-31 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_7e61a839b71411e38195001966155bea.nasl - Type : ACT_GATHER_INFO
2014-03-28 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-313.nasl - Type : ACT_GATHER_INFO
2014-03-28 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-314.nasl - Type : ACT_GATHER_INFO
2014-03-27 Name : The remote Fedora host is missing a security update.
File : fedora_2014-3589.nasl - Type : ACT_GATHER_INFO
2014-03-27 Name : The remote Fedora host is missing a security update.
File : fedora_2014-4340.nasl - Type : ACT_GATHER_INFO
2014-03-18 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-304.nasl - Type : ACT_GATHER_INFO
2014-03-17 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2014-074-01.nasl - Type : ACT_GATHER_INFO
2014-03-17 Name : The remote Fedora host is missing a security update.
File : fedora_2014-3537.nasl - Type : ACT_GATHER_INFO
2014-03-17 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-059.nasl - Type : ACT_GATHER_INFO
2014-03-14 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201403-03.nasl - Type : ACT_GATHER_INFO
2014-03-14 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-051.nasl - Type : ACT_GATHER_INFO
2014-03-13 Name : The remote Fedora host is missing a security update.
File : fedora_2014-3606.nasl - Type : ACT_GATHER_INFO
2014-03-12 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2873.nasl - Type : ACT_GATHER_INFO
2014-03-10 Name : The remote Fedora host is missing a security update.
File : fedora_2014-3534.nasl - Type : ACT_GATHER_INFO
2014-03-07 Name : The remote web server uses a version of PHP that is potentially affected by m...
File : php_5_4_26.nasl - Type : ACT_GATHER_INFO
2014-03-07 Name : The remote web server uses a version of PHP that is potentially affected by m...
File : php_5_5_10.nasl - Type : ACT_GATHER_INFO
2014-03-04 Name : The remote Fedora host is missing a security update.
File : fedora_2014-2876.nasl - Type : ACT_GATHER_INFO
2014-03-04 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_815dbcf9a2d611e38088002590860428.nasl - Type : ACT_GATHER_INFO
2014-03-04 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2126-1.nasl - Type : ACT_GATHER_INFO
2014-03-03 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2868.nasl - Type : ACT_GATHER_INFO
2014-02-27 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2123-1.nasl - Type : ACT_GATHER_INFO
2014-02-25 Name : The remote host is missing a Mac OS X update that fixes a certificate validat...
File : macosx_10_9_2.nasl - Type : ACT_GATHER_INFO
2014-02-25 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_SecUpd2014-001.nasl - Type : ACT_GATHER_INFO
2014-02-24 Name : The remote Fedora host is missing a security update.
File : fedora_2014-2739.nasl - Type : ACT_GATHER_INFO
2014-02-17 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2861.nasl - Type : ACT_GATHER_INFO
2014-02-14 Name : The remote web server uses a version of PHP that is potentially affected by m...
File : php_5_5_9.nasl - Type : ACT_GATHER_INFO
2014-02-13 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-027.nasl - Type : ACT_GATHER_INFO
2014-01-22 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-014.nasl - Type : ACT_GATHER_INFO
2014-01-15 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_apache2-mod_php5-131220.nasl - Type : ACT_GATHER_INFO
2014-01-15 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_apache2-mod_php53-131218.nasl - Type : ACT_GATHER_INFO
2014-01-14 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2014-013-03.nasl - Type : ACT_GATHER_INFO
2014-01-13 Name : The remote web server uses a version of PHP that is potentially affected by m...
File : php_5_4_24.nasl - Type : ACT_GATHER_INFO
2014-01-13 Name : The remote web server uses a version of PHP that is potentially affected by m...
File : php_5_5_8.nasl - Type : ACT_GATHER_INFO
2013-12-23 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2013-262.nasl - Type : ACT_GATHER_INFO
2013-12-23 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2013-263.nasl - Type : ACT_GATHER_INFO
2013-12-23 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2013-264.nasl - Type : ACT_GATHER_INFO
2013-12-20 Name : The remote Fedora host is missing a security update.
File : fedora_2013-23164.nasl - Type : ACT_GATHER_INFO
2013-12-20 Name : The remote Fedora host is missing a security update.
File : fedora_2013-23215.nasl - Type : ACT_GATHER_INFO
2013-12-16 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_47b4e713651311e3868f0025905a4771.nasl - Type : ACT_GATHER_INFO
2013-12-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2816.nasl - Type : ACT_GATHER_INFO
2013-12-14 Name : The remote web server uses a version of PHP that is potentially affected by m...
File : php_5_3_28.nasl - Type : ACT_GATHER_INFO
2013-12-14 Name : The remote web server uses a version of PHP that is potentially affected by a...
File : php_5_4_23.nasl - Type : ACT_GATHER_INFO
2013-12-14 Name : The remote web server uses a version of PHP that is potentially affected by a...
File : php_5_5_7.nasl - Type : ACT_GATHER_INFO
2013-12-13 Name : The remote Fedora host is missing a security update.
File : fedora_2013-23208.nasl - Type : ACT_GATHER_INFO
2013-12-13 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2055-1.nasl - Type : ACT_GATHER_INFO
2013-12-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-1813.nasl - Type : ACT_GATHER_INFO
2013-12-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-1814.nasl - Type : ACT_GATHER_INFO
2013-12-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-1814.nasl - Type : ACT_GATHER_INFO
2013-12-12 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20131211_php53_and_php_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-12-12 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20131211_php_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-12-11 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-1813.nasl - Type : ACT_GATHER_INFO
2013-12-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1813.nasl - Type : ACT_GATHER_INFO
2013-12-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1814.nasl - Type : ACT_GATHER_INFO
2013-12-04 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20131121_php_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-11-27 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-1615.nasl - Type : ACT_GATHER_INFO
2013-11-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1615.nasl - Type : ACT_GATHER_INFO
2013-10-11 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130930_php53_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-10-03 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-1307.nasl - Type : ACT_GATHER_INFO
2013-10-01 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2013-224.nasl - Type : ACT_GATHER_INFO
2013-10-01 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1307.nasl - Type : ACT_GATHER_INFO
2013-09-13 Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_10_8_5.nasl - Type : ACT_GATHER_INFO
2013-09-13 Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_SecUpd2013-004.nasl - Type : ACT_GATHER_INFO
2013-09-09 Name : The remote Fedora host is missing a security update.
File : fedora_2013-14985.nasl - Type : ACT_GATHER_INFO
2013-09-06 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1937-1.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2013-205.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2013-206.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2013-211.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2013-212.nasl - Type : ACT_GATHER_INFO
2013-09-02 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2013-242-02.nasl - Type : ACT_GATHER_INFO
2013-08-28 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-221.nasl - Type : ACT_GATHER_INFO
2013-08-27 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2742.nasl - Type : ACT_GATHER_INFO
2013-08-25 Name : The remote Fedora host is missing a security update.
File : fedora_2013-14998.nasl - Type : ACT_GATHER_INFO
2013-08-21 Name : The remote web server uses a version of PHP that is potentially affected by m...
File : php_5_4_18.nasl - Type : ACT_GATHER_INFO
2013-08-21 Name : The remote web server uses a version of PHP that is potentially affected by m...
File : php_5_5_2.nasl - Type : ACT_GATHER_INFO
2013-08-14 Name : The remote web server uses a version of PHP that is potentially affected by a...
File : php_5_5_1.nasl - Type : ACT_GATHER_INFO
2013-08-10 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_apache2-mod_php5-130718.nasl - Type : ACT_GATHER_INFO
2013-08-10 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_apache2-mod_php53-130717.nasl - Type : ACT_GATHER_INFO
2013-08-10 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_apache2-mod_php53-130718.nasl - Type : ACT_GATHER_INFO
2013-08-01 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_apache2-mod_php5-8647.nasl - Type : ACT_GATHER_INFO
2013-07-23 Name : The remote Fedora host is missing a security update.
File : fedora_2013-12315.nasl - Type : ACT_GATHER_INFO
2013-07-23 Name : The remote Fedora host is missing a security update.
File : fedora_2013-12354.nasl - Type : ACT_GATHER_INFO
2013-07-23 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-1063.nasl - Type : ACT_GATHER_INFO
2013-07-19 Name : The remote Fedora host is missing a security update.
File : fedora_2013-12977.nasl - Type : ACT_GATHER_INFO
2013-07-18 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2723.nasl - Type : ACT_GATHER_INFO
2013-07-17 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2013-197-01.nasl - Type : ACT_GATHER_INFO
2013-07-17 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_31b145f2d9d349a9802311cf742205dc.nasl - Type : ACT_GATHER_INFO
2013-07-17 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_5def3175f3f94476ba40b46627cc638c.nasl - Type : ACT_GATHER_INFO
2013-07-17 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1905-1.nasl - Type : ACT_GATHER_INFO
2013-07-14 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-1049.nasl - Type : ACT_GATHER_INFO
2013-07-14 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-1050.nasl - Type : ACT_GATHER_INFO
2013-07-14 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-195.nasl - Type : ACT_GATHER_INFO
2013-07-14 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-1049.nasl - Type : ACT_GATHER_INFO
2013-07-14 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-1050.nasl - Type : ACT_GATHER_INFO
2013-07-14 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1049.nasl - Type : ACT_GATHER_INFO
2013-07-14 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1050.nasl - Type : ACT_GATHER_INFO
2013-07-14 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130712_php53_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-07-14 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130712_php_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2013-10206.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Fedora host is missing a security update.
File : fedora_2013-10233.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Fedora host is missing a security update.
File : fedora_2013-10255.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote web server uses a version of PHP that is potentially affected by m...
File : php_5_3_27.nasl - Type : ACT_GATHER_INFO
2013-06-12 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1872-1.nasl - Type : ACT_GATHER_INFO
2013-06-11 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2013-161-01.nasl - Type : ACT_GATHER_INFO
2013-06-08 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_59e7163ccf8411e2907b0025905a4770.nasl - Type : ACT_GATHER_INFO
2013-06-07 Name : The remote web server uses a version of PHP that is potentially affected by m...
File : php_5_3_26.nasl - Type : ACT_GATHER_INFO
2013-06-07 Name : The remote web server uses a version of PHP that is potentially affected by m...
File : php_5_4_16.nasl - Type : ACT_GATHER_INFO
2013-05-24 Name : The remote web server uses a version of PHP that is potentially affected by a...
File : php_5_3_23.nasl - Type : ACT_GATHER_INFO
2013-05-24 Name : The remote web server uses a version of PHP that is potentially affected by a...
File : php_5_4_13.nasl - Type : ACT_GATHER_INFO
2013-04-20 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-114.nasl - Type : ACT_GATHER_INFO
2013-04-03 Name : The remote Fedora host is missing a security update.
File : fedora_2013-3891.nasl - Type : ACT_GATHER_INFO
2013-04-03 Name : The remote Fedora host is missing a security update.
File : fedora_2013-3927.nasl - Type : ACT_GATHER_INFO
2013-03-24 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2013-081-01.nasl - Type : ACT_GATHER_INFO
2013-03-20 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_1d23109a900511e29602d43d7e0c7c02.nasl - Type : ACT_GATHER_INFO
2013-03-14 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1761-1.nasl - Type : ACT_GATHER_INFO
2013-03-06 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2639.nasl - Type : ACT_GATHER_INFO
2013-03-04 Name : The remote web server uses a version of PHP that is potentially affected by m...
File : php_5_3_22.nasl - Type : ACT_GATHER_INFO
2013-03-04 Name : The remote web server uses a version of PHP that is potentially affected by m...
File : php_5_4_12.nasl - Type : ACT_GATHER_INFO
2013-03-01 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-016.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-08-31 13:25:14
  • Multiple Updates
2014-08-29 13:22:43
  • First insertion