Detections
Analytics

SuSE 11.3 Security Update : php53 (SAT Patch Number 9718)

medium Nessus Plugin ID 77742

Language:

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

This php53 update fixes the following security issues :

 - Insecure temporary file used for cache data was fixed by switching to a different root only directory /var/cache/php-pear. (CVE-2014-5459)

 - An incomplete fix for CVE-2014-4049. (CVE-2014-3597)

Solution

Apply SAT patch number 9718.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=893849

https://bugzilla.novell.com/show_bug.cgi?id=893853

http://support.novell.com/security/cve/CVE-2014-3597.html

http://support.novell.com/security/cve/CVE-2014-4049.html

http://support.novell.com/security/cve/CVE-2014-5459.html

Plugin Details

Severity: Medium

ID: 77742

File Name: suse_11_apache2-mod_php53-140910.nasl

Version: 1.3

Type: local

Agent: unix

Published: 9/18/2014

Updated: 1/19/2021

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:php53-iconv, p-cpe:/a:novell:suse_linux:11:php53, p-cpe:/a:novell:suse_linux:11:php53-pear, p-cpe:/a:novell:suse_linux:11:php53-zip, p-cpe:/a:novell:suse_linux:11:php53-gettext, p-cpe:/a:novell:suse_linux:11:php53-json, p-cpe:/a:novell:suse_linux:11:php53-mbstring, p-cpe:/a:novell:suse_linux:11:php53-ftp, p-cpe:/a:novell:suse_linux:11:php53-mcrypt, p-cpe:/a:novell:suse_linux:11:php53-pgsql, p-cpe:/a:novell:suse_linux:11:php53-shmop, p-cpe:/a:novell:suse_linux:11:php53-sysvshm, p-cpe:/a:novell:suse_linux:11:php53-wddx, p-cpe:/a:novell:suse_linux:11:php53-soap, p-cpe:/a:novell:suse_linux:11:php53-intl, p-cpe:/a:novell:suse_linux:11:php53-dba, p-cpe:/a:novell:suse_linux:11:php53-suhosin, p-cpe:/a:novell:suse_linux:11:php53-calendar, p-cpe:/a:novell:suse_linux:11:php53-mysql, p-cpe:/a:novell:suse_linux:11:php53-curl, cpe:/o:novell:suse_linux:11, p-cpe:/a:novell:suse_linux:11:php53-xsl, p-cpe:/a:novell:suse_linux:11:php53-gd, p-cpe:/a:novell:suse_linux:11:php53-pcntl, p-cpe:/a:novell:suse_linux:11:php53-gmp, p-cpe:/a:novell:suse_linux:11:php53-openssl, p-cpe:/a:novell:suse_linux:11:php53-zlib, p-cpe:/a:novell:suse_linux:11:php53-tokenizer, p-cpe:/a:novell:suse_linux:11:php53-ldap, p-cpe:/a:novell:suse_linux:11:php53-ctype, p-cpe:/a:novell:suse_linux:11:php53-fastcgi, p-cpe:/a:novell:suse_linux:11:php53-pspell, p-cpe:/a:novell:suse_linux:11:php53-fileinfo, p-cpe:/a:novell:suse_linux:11:php53-sysvsem, p-cpe:/a:novell:suse_linux:11:php53-xmlreader, p-cpe:/a:novell:suse_linux:11:php53-xmlwriter, p-cpe:/a:novell:suse_linux:11:php53-exif, p-cpe:/a:novell:suse_linux:11:apache2-mod_php53, p-cpe:/a:novell:suse_linux:11:php53-pdo, p-cpe:/a:novell:suse_linux:11:php53-odbc, p-cpe:/a:novell:suse_linux:11:php53-dom, p-cpe:/a:novell:suse_linux:11:php53-snmp, p-cpe:/a:novell:suse_linux:11:php53-sysvmsg, p-cpe:/a:novell:suse_linux:11:php53-bcmath, p-cpe:/a:novell:suse_linux:11:php53-xmlrpc, p-cpe:/a:novell:suse_linux:11:php53-bz2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 9/10/2014

Reference Information

CVE: CVE-2014-3597, CVE-2014-4049, CVE-2014-5459