Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2015.1253.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2015:1253-1)
Summary:The remote host is missing an update for the 'php5' package(s) announced via the SUSE-SU-2015:1253-1 advisory.
Description:Summary:
The remote host is missing an update for the 'php5' package(s) announced via the SUSE-SU-2015:1253-1 advisory.

Vulnerability Insight:
This security update of PHP fixes the following issues:
Security issues fixed:
* CVE-2015-4024 [bnc#931421]: Fixed multipart/form-data remote DOS
Vulnerability.
* CVE-2015-4026 [bnc#931776]: pcntl_exec() did not check path validity.
* CVE-2015-4022 [bnc#931772]: Fixed and overflow in ftp_genlist() that
resulted in a heap overflow.
* CVE-2015-4021 [bnc#931769]: Fixed memory corruption in
phar_parse_tarfile when entry filename starts with NULL.
* CVE-2015-4148 [bnc#933227]: Fixed SoapClient's do_soap_call() type
confusion after unserialize() information disclosure.
* CVE-2015-4602 [bnc#935224]: Fixed an incomplete Class unserialization
type confusion.
* CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 [bnc#935226]: Fixed type
confusion issues in unserialize() with various SOAP methods.
* CVE-2015-4603 [bnc#935234]: Fixed exception::getTraceAsString type
confusion issue after unserialize.
* CVE-2015-4644 [bnc#935274]: Fixed a crash in php_pgsql_meta_data.
* CVE-2015-4643 [bnc#935275]: Fixed an integer overflow in ftp_genlist()
that could result in a heap overflow.
* CVE-2015-3411, CVE-2015-3412, CVE-2015-4598 [bnc#935227], [bnc#935232]:
Added missing null byte checks for paths in various PHP extensions.
Bugs fixed:
* configure php-fpm with --localstatedir=/var [bnc#927147]
* fix timezone map [bnc#919080]

Affected Software/OS:
'php5' package(s) on SUSE Linux Enterprise Module for Web Scripting 12, SUSE Linux Enterprise Software Development Kit 12.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-3411
BugTraq ID: 75255
http://www.securityfocus.com/bid/75255
RedHat Security Advisories: RHSA-2015:1135
http://rhn.redhat.com/errata/RHSA-2015-1135.html
RedHat Security Advisories: RHSA-2015:1186
http://rhn.redhat.com/errata/RHSA-2015-1186.html
RedHat Security Advisories: RHSA-2015:1187
http://rhn.redhat.com/errata/RHSA-2015-1187.html
RedHat Security Advisories: RHSA-2015:1218
http://rhn.redhat.com/errata/RHSA-2015-1218.html
http://www.securitytracker.com/id/1032709
Common Vulnerability Exposure (CVE) ID: CVE-2015-3412
BugTraq ID: 75250
http://www.securityfocus.com/bid/75250
Common Vulnerability Exposure (CVE) ID: CVE-2015-4021
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
BugTraq ID: 74700
http://www.securityfocus.com/bid/74700
Debian Security Information: DSA-3280 (Google Search)
http://www.debian.org/security/2015/dsa-3280
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158616.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159031.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158915.html
https://security.gentoo.org/glsa/201606-10
RedHat Security Advisories: RHSA-2015:1219
http://rhn.redhat.com/errata/RHSA-2015-1219.html
http://www.securitytracker.com/id/1032433
SuSE Security Announcement: openSUSE-SU-2015:0993 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-06/msg00002.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-4022
BugTraq ID: 74902
http://www.securityfocus.com/bid/74902
Common Vulnerability Exposure (CVE) ID: CVE-2015-4024
BugTraq ID: 74903
http://www.securityfocus.com/bid/74903
http://www.securitytracker.com/id/1032432
Common Vulnerability Exposure (CVE) ID: CVE-2015-4026
BugTraq ID: 75056
http://www.securityfocus.com/bid/75056
http://www.securitytracker.com/id/1032431
Common Vulnerability Exposure (CVE) ID: CVE-2015-4148
BugTraq ID: 75103
http://www.securityfocus.com/bid/75103
http://openwall.com/lists/oss-security/2015/06/01/4
RedHat Security Advisories: RHSA-2015:1053
http://rhn.redhat.com/errata/RHSA-2015-1053.html
RedHat Security Advisories: RHSA-2015:1066
http://rhn.redhat.com/errata/RHSA-2015-1066.html
http://www.securitytracker.com/id/1032459
SuSE Security Announcement: openSUSE-SU-2015:1057 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-06/msg00028.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-4598
BugTraq ID: 75244
http://www.securityfocus.com/bid/75244
Debian Security Information: DSA-3344 (Google Search)
http://www.debian.org/security/2015/dsa-3344
http://www.openwall.com/lists/oss-security/2015/06/16/12
Common Vulnerability Exposure (CVE) ID: CVE-2015-4599
BugTraq ID: 75251
http://www.securityfocus.com/bid/75251
Common Vulnerability Exposure (CVE) ID: CVE-2015-4600
BugTraq ID: 74413
http://www.securityfocus.com/bid/74413
Common Vulnerability Exposure (CVE) ID: CVE-2015-4601
BugTraq ID: 75246
http://www.securityfocus.com/bid/75246
Common Vulnerability Exposure (CVE) ID: CVE-2015-4602
BugTraq ID: 75249
http://www.securityfocus.com/bid/75249
Common Vulnerability Exposure (CVE) ID: CVE-2015-4603
BugTraq ID: 75252
http://www.securityfocus.com/bid/75252
Common Vulnerability Exposure (CVE) ID: CVE-2015-4643
BugTraq ID: 75291
http://www.securityfocus.com/bid/75291
http://openwall.com/lists/oss-security/2015/06/18/6
Common Vulnerability Exposure (CVE) ID: CVE-2015-4644
BugTraq ID: 75292
http://www.securityfocus.com/bid/75292
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.