Test ID:	1.3.6.1.4.1.25623.1.0.123874
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2012-1046)
Summary:	The remote host is missing an update for the 'php' package(s) announced via the ELSA-2012-1046 advisory.
Description:	Summary: The remote host is missing an update for the 'php' package(s) announced via the ELSA-2012-1046 advisory. Vulnerability Insight: [5.3.3-14] - add security fix for CVE-2010-2950 [5.3.3-13] - fix tests for CVE-2012-2143, CVE-2012-0789 [5.3.3-12] - add fix for CVE-2012-2336 [5.3.3-11] - add security fixes for CVE-2012-0781, CVE-2011-4153, CVE-2012-0057, CVE-2012-0789, CVE-2012-1172, CVE-2012-2143, CVE-2012-2386 [5.3.3-9] - correct detection of = in CVE-2012-1823 fix (#818607) [5.3.3-8] - add security fix for CVE-2012-1823 (#818607) [5.3.3-7] - add security fix for CVE-2012-0830 (#786744) [5.3.3-6] - merge Joe's changes: - improve CVE-2011-1466 fix to cover CAL_GREGORIAN, CAL_JEWISH - add security fixes for CVE-2011-2483, CVE-2011-0708, CVE-2011-1148, CVE-2011-1466, CVE-2011-1468, CVE-2011-1469, CVE-2011-1470, CVE-2011-1471, CVE-2011-1938, and CVE-2011-2202 (#740732) [5.3.3-5] - remove extra php.ini-prod/devel files caused by %patch -b [5.3.3-4] - add security fixes for CVE-2011-4885, CVE-2011-4566 (#769755) Affected Software/OS: 'php' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2950 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html HPdes Security Advisory: HPSBMA02662 http://marc.info/?l=bugtraq&m=130331363227777&w=2 HPdes Security Advisory: SSRT100409 http://www.mandriva.com/security/advisories?name=MDVSA-2010:254 http://php-security.org/2010/05/14/mops-2010-024-php-phar_stream_flush-format-string-vulnerability/index.html SuSE Security Announcement: SUSE-SR:2010:017 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html Common Vulnerability Exposure (CVE) ID: CVE-2011-4153 Bugtraq: 20120114 PHP 5.3.8 Multiple vulnerabilities (Google Search) http://archives.neohapsis.com/archives/bugtraq/2012-01/0092.html http://www.exploit-db.com/exploits/18370/ HPdes Security Advisory: HPSBMU02786 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 HPdes Security Advisory: HPSBUX02791 http://marc.info/?l=bugtraq&m=134012830914727&w=2 HPdes Security Advisory: SSRT100856 HPdes Security Advisory: SSRT100877 http://cxsecurity.com/research/103 http://secunia.com/advisories/48668 SuSE Security Announcement: SUSE-SU-2012:0411 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html SuSE Security Announcement: SUSE-SU-2012:0472 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html SuSE Security Announcement: openSUSE-SU-2012:0426 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html Common Vulnerability Exposure (CVE) ID: CVE-2012-0057 Debian Security Information: DSA-2399 (Google Search) http://www.debian.org/security/2012/dsa-2399 http://openwall.com/lists/oss-security/2012/01/13/4 http://openwall.com/lists/oss-security/2012/01/13/10 http://openwall.com/lists/oss-security/2012/01/13/5 http://openwall.com/lists/oss-security/2012/01/13/6 http://openwall.com/lists/oss-security/2012/01/13/7 http://openwall.com/lists/oss-security/2012/01/14/1 http://openwall.com/lists/oss-security/2012/01/14/2 http://openwall.com/lists/oss-security/2012/01/14/3 http://openwall.com/lists/oss-security/2012/01/15/2 http://openwall.com/lists/oss-security/2012/01/15/1 http://openwall.com/lists/oss-security/2012/01/15/10 http://openwall.com/lists/oss-security/2012/01/18/3 XForce ISS Database: php-libxslt-security-bypass(72908) https://exchange.xforce.ibmcloud.com/vulnerabilities/72908 Common Vulnerability Exposure (CVE) ID: CVE-2012-0781 Common Vulnerability Exposure (CVE) ID: CVE-2012-0789 Common Vulnerability Exposure (CVE) ID: CVE-2012-1172 http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html Debian Security Information: DSA-2465 (Google Search) http://www.debian.org/security/2012/dsa-2465 http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080070.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080041.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080037.html http://isisblogs.poly.edu/2011/08/11/php-not-properly-checking-params/ https://bugs.php.net/bug.php?id=48597 https://bugs.php.net/bug.php?id=49683 https://nealpoole.com/blog/2011/10/directory-traversal-via-php-multi-file-uploads/ https://students.mimuw.edu.pl/~ai292615/php_multipleupload_overwrite.pdf http://openwall.com/lists/oss-security/2012/03/13/4 SuSE Security Announcement: SUSE-SU-2012:0598 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html SuSE Security Announcement: SUSE-SU-2012:0604 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html Common Vulnerability Exposure (CVE) ID: CVE-2012-2143 Debian Security Information: DSA-2491 (Google Search) http://www.debian.org/security/2012/dsa-2491 http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082258.html http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082294.html http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082292.html FreeBSD Security Advisory: FreeBSD-SA-12:02 http://security.freebsd.org/advisories/FreeBSD-SA-12:02.crypt.asc http://www.mandriva.com/security/advisories?name=MDVSA-2012:092 RedHat Security Advisories: RHSA-2012:1037 http://rhn.redhat.com/errata/RHSA-2012-1037.html http://www.securitytracker.com/id?1026995 http://secunia.com/advisories/49304 http://secunia.com/advisories/50718 SuSE Security Announcement: SUSE-SU-2012:0840 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html SuSE Security Announcement: openSUSE-SU-2012:1251 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html SuSE Security Announcement: openSUSE-SU-2012:1288 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html SuSE Security Announcement: openSUSE-SU-2012:1299 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html Common Vulnerability Exposure (CVE) ID: CVE-2012-2336 49014 http://secunia.com/advisories/49014 HPSBMU02900 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862 SSRT100992 SUSE-SU-2012:0721 http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00004.html SUSE-SU-2012:0840 http://www.php.net/ChangeLog-5.php#5.4.3 http://www.php.net/archive/2012.php#id2012-05-08-1 https://bugs.php.net/bug.php?id=61910 https://bugs.php.net/patch-display.php?bug_id=61910&patch=CVE-2012-1823.patch&revision=1336251592&display=1 Common Vulnerability Exposure (CVE) ID: CVE-2012-2386 APPLE-SA-2012-09-19-2 [oss-security] 20120522 Re: CVE request: PHP Phar - arbitrary code execution http://openwall.com/lists/oss-security/2012/05/22/10 http://0x1byte.blogspot.com/2011/04/php-phar-extension-heap-overflow.html http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=158d8a6b088662ce9d31e0c777c6ebe90efdc854 http://support.apple.com/kb/HT5501 http://www.php.net/ChangeLog-5.php https://bugs.php.net/bug.php?id=61065 https://bugzilla.redhat.com/show_bug.cgi?id=823594
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.