Detections
Analytics
SuSE 10 Security Update : PHP5 (ZYPP Patch Number 6536)
high Nessus Plugin ID 49828
Language:
Synopsis
The remote SuSE 10 host is missing a security-related patch.Description
Multiple issues have been fixed in php5 :- php_openssl_apply_verification_policy() fails to verify certificate. (CVE-2009-3291)
- 'missing sainity checks around exif'. (CVE-2009-3292)
- unspecified vulnerability in the imagecolortransparent(). (CVE-2009-3293)
- denial of service in exif module (CVE-2009-2687) Additionally we fixed :
- xmlparse was broken
- read_exif_data() only returns the first letter of UTF-16 strings
Solution
Apply ZYPP patch number 6536.See Also
http://support.novell.com/security/cve/CVE-2009-2687.html
http://support.novell.com/security/cve/CVE-2009-3291.html
Plugin Details
Severity: High
ID: 49828
File Name: suse_apache2-mod_php5-6536.nasl
Version: 1.7
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 10/11/2010
Updated: 1/14/2021
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/o:suse:suse_linux
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Patch Publication Date: 10/6/2009
Reference Information
CVE: CVE-2009-2687, CVE-2009-3291, CVE-2009-3292, CVE-2009-3293
CWE: 20