Test ID:	1.3.6.1.4.1.25623.1.0.122871
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2015-1186)
Summary:	The remote host is missing an update for the 'php55-php' package(s) announced via the ELSA-2015-1186 advisory.
Description:	Summary: The remote host is missing an update for the 'php55-php' package(s) announced via the ELSA-2015-1186 advisory. Vulnerability Insight: [5.5.21-4] - fix more functions accept paths with NUL character #1213407 [5.5.21-3] - core: fix multipart/form-data request can use excessive amount of CPU usage CVE-2015-4024 - fix various functions accept paths with NUL character CVE-2015-4025, CVE-2015-4026, #1213407 - fileinfo: fix denial of service when processing a crafted file #1213442 - ftp: fix integer overflow leading to heap overflow when reading FTP file listing CVE-2015-4022 - phar: fix buffer over-read in metadata parsing CVE-2015-2783 - phar: invalid pointer free() in phar_tar_process_metadata() CVE-2015-3307 - phar: fix buffer overflow in phar_set_inode() CVE-2015-3329 - phar: fix memory corruption in phar_parse_tarfile caused by empty entry file name CVE-2015-4021 - pgsql: fix NULL pointer dereference CVE-2015-1352 - soap: fix type confusion through unserialize #1222538 - apache2handler: fix pipelined request executed in deinitialized interpreter under httpd 2.4 CVE-2015-3330 Affected Software/OS: 'php55-php' package(s) on Oracle Linux 7. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-2783 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html BugTraq ID: 74239 http://www.securityfocus.com/bid/74239 Debian Security Information: DSA-3280 (Google Search) http://www.debian.org/security/2015/dsa-3280 https://security.gentoo.org/glsa/201606-10 HPdes Security Advisory: HPSBUX03337 http://marc.info/?l=bugtraq&m=143403519711434&w=2 HPdes Security Advisory: SSRT102066 RedHat Security Advisories: RHSA-2015:1066 http://rhn.redhat.com/errata/RHSA-2015-1066.html RedHat Security Advisories: RHSA-2015:1135 http://rhn.redhat.com/errata/RHSA-2015-1135.html RedHat Security Advisories: RHSA-2015:1186 http://rhn.redhat.com/errata/RHSA-2015-1186.html RedHat Security Advisories: RHSA-2015:1187 http://rhn.redhat.com/errata/RHSA-2015-1187.html RedHat Security Advisories: RHSA-2015:1218 http://rhn.redhat.com/errata/RHSA-2015-1218.html http://www.securitytracker.com/id/1032146 SuSE Security Announcement: SUSE-SU-2015:0868 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html SuSE Security Announcement: openSUSE-SU-2015:0855 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html http://www.ubuntu.com/usn/USN-2572-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-3307 BugTraq ID: 74703 http://www.securityfocus.com/bid/74703 Common Vulnerability Exposure (CVE) ID: CVE-2015-3329 BugTraq ID: 74240 http://www.securityfocus.com/bid/74240 http://www.securitytracker.com/id/1032145 Common Vulnerability Exposure (CVE) ID: CVE-2015-3330 BugTraq ID: 74204 http://www.securityfocus.com/bid/74204 http://openwall.com/lists/oss-security/2015/04/17/7 http://www.securitytracker.com/id/1033703 Common Vulnerability Exposure (CVE) ID: CVE-2015-3411 BugTraq ID: 75255 http://www.securityfocus.com/bid/75255 http://www.securitytracker.com/id/1032709 Common Vulnerability Exposure (CVE) ID: CVE-2015-3412 BugTraq ID: 75250 http://www.securityfocus.com/bid/75250 Common Vulnerability Exposure (CVE) ID: CVE-2015-4021 BugTraq ID: 74700 http://www.securityfocus.com/bid/74700 http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158616.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159031.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158915.html RedHat Security Advisories: RHSA-2015:1219 http://rhn.redhat.com/errata/RHSA-2015-1219.html http://www.securitytracker.com/id/1032433 SuSE Security Announcement: openSUSE-SU-2015:0993 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-06/msg00002.html Common Vulnerability Exposure (CVE) ID: CVE-2015-4022 BugTraq ID: 74902 http://www.securityfocus.com/bid/74902 Common Vulnerability Exposure (CVE) ID: CVE-2015-4024 BugTraq ID: 74903 http://www.securityfocus.com/bid/74903 http://www.securitytracker.com/id/1032432 Common Vulnerability Exposure (CVE) ID: CVE-2015-4025 BugTraq ID: 74904 http://www.securityfocus.com/bid/74904 http://www.securitytracker.com/id/1032431 Common Vulnerability Exposure (CVE) ID: CVE-2015-4026 BugTraq ID: 75056 http://www.securityfocus.com/bid/75056 Common Vulnerability Exposure (CVE) ID: CVE-2015-4598 BugTraq ID: 75244 http://www.securityfocus.com/bid/75244 Debian Security Information: DSA-3344 (Google Search) http://www.debian.org/security/2015/dsa-3344 http://www.openwall.com/lists/oss-security/2015/06/16/12 Common Vulnerability Exposure (CVE) ID: CVE-2015-4602 BugTraq ID: 75249 http://www.securityfocus.com/bid/75249 Common Vulnerability Exposure (CVE) ID: CVE-2015-4603 BugTraq ID: 75252 http://www.securityfocus.com/bid/75252 Common Vulnerability Exposure (CVE) ID: CVE-2015-4604 BugTraq ID: 75241 http://www.securityfocus.com/bid/75241 Common Vulnerability Exposure (CVE) ID: CVE-2015-4605 BugTraq ID: 75233 http://www.securityfocus.com/bid/75233 Common Vulnerability Exposure (CVE) ID: CVE-2015-4643 BugTraq ID: 75291 http://www.securityfocus.com/bid/75291 http://openwall.com/lists/oss-security/2015/06/18/6 Common Vulnerability Exposure (CVE) ID: CVE-2015-4644 BugTraq ID: 75292 http://www.securityfocus.com/bid/75292
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.