SuSE 11.3 Security Update : php53 (SAT Patch Number 10313)

high Nessus Plugin ID 81507

Language:

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

PHP 5.3 was updated to fix three security issues :

- Use-after-free vulnerability allowed remote attackers to execute arbitrary code via a crafted unserialize call that leveraged improper handling of duplicate keys within the serialized properties of an object.
(bnc#910659). (CVE-2014-8142)

- Use-after-free vulnerability allowed remote attackers to execute arbitrary code via a crafted unserialize call that leveraged improper handling of duplicate numerical keys within the serialized properties of an object.
NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142. (bnc#910659). (CVE-2015-0231)

- The exif_process_unicode function allowed remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image.
(bnc#914690). (CVE-2015-0232)

Additionally a fix was included that protects against a possible NULL pointer use. (bnc#910659)

This non-security issue has been fixed :

- Don't ignore default_socket_timeout on outgoing SSL connection (bnc#907519)

Solution

Apply SAT patch number 10313.

Plugin Details

Severity: High

ID: 81507

File Name: suse_11_apache2-mod_php53-150212.nasl

Version: 1.10

Type: local

Agent: unix

Family: SuSE Local Security Checks

Published: 2/25/2015

Updated: 1/6/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:php53-sysvshm, p-cpe:/a:novell:suse_linux:11:php53-tokenizer, p-cpe:/a:novell:suse_linux:11:php53-wddx, p-cpe:/a:novell:suse_linux:11:php53-xmlreader, p-cpe:/a:novell:suse_linux:11:php53-xmlrpc, p-cpe:/a:novell:suse_linux:11:php53-xmlwriter, p-cpe:/a:novell:suse_linux:11:php53-xsl, p-cpe:/a:novell:suse_linux:11:php53-zip, p-cpe:/a:novell:suse_linux:11:php53-zlib, cpe:/o:novell:suse_linux:11, p-cpe:/a:novell:suse_linux:11:apache2-mod_php53, p-cpe:/a:novell:suse_linux:11:php53, p-cpe:/a:novell:suse_linux:11:php53-bcmath, p-cpe:/a:novell:suse_linux:11:php53-bz2, p-cpe:/a:novell:suse_linux:11:php53-calendar, p-cpe:/a:novell:suse_linux:11:php53-ctype, p-cpe:/a:novell:suse_linux:11:php53-curl, p-cpe:/a:novell:suse_linux:11:php53-dba, p-cpe:/a:novell:suse_linux:11:php53-dom, p-cpe:/a:novell:suse_linux:11:php53-exif, p-cpe:/a:novell:suse_linux:11:php53-fastcgi, p-cpe:/a:novell:suse_linux:11:php53-fileinfo, p-cpe:/a:novell:suse_linux:11:php53-ftp, p-cpe:/a:novell:suse_linux:11:php53-gd, p-cpe:/a:novell:suse_linux:11:php53-gettext, p-cpe:/a:novell:suse_linux:11:php53-gmp, p-cpe:/a:novell:suse_linux:11:php53-iconv, p-cpe:/a:novell:suse_linux:11:php53-intl, p-cpe:/a:novell:suse_linux:11:php53-json, p-cpe:/a:novell:suse_linux:11:php53-ldap, p-cpe:/a:novell:suse_linux:11:php53-mbstring, p-cpe:/a:novell:suse_linux:11:php53-mcrypt, p-cpe:/a:novell:suse_linux:11:php53-mysql, p-cpe:/a:novell:suse_linux:11:php53-odbc, p-cpe:/a:novell:suse_linux:11:php53-openssl, p-cpe:/a:novell:suse_linux:11:php53-pcntl, p-cpe:/a:novell:suse_linux:11:php53-pdo, p-cpe:/a:novell:suse_linux:11:php53-pear, p-cpe:/a:novell:suse_linux:11:php53-pgsql, p-cpe:/a:novell:suse_linux:11:php53-pspell, p-cpe:/a:novell:suse_linux:11:php53-shmop, p-cpe:/a:novell:suse_linux:11:php53-snmp, p-cpe:/a:novell:suse_linux:11:php53-soap, p-cpe:/a:novell:suse_linux:11:php53-suhosin, p-cpe:/a:novell:suse_linux:11:php53-sysvmsg, p-cpe:/a:novell:suse_linux:11:php53-sysvsem

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2/12/2015

Reference Information

CVE: CVE-2014-8142, CVE-2015-0231, CVE-2015-0232

Detections

Analytics