Test ID:	1.3.6.1.4.1.25623.1.0.704552
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-4552-1)
Summary:	The remote host is missing an update for the Debian 'php7.0' package(s) announced via the DSA-4552-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'php7.0' package(s) announced via the DSA-4552-1 advisory. Vulnerability Insight: Emil Lerner and Andrew Danau discovered that insufficient validation in the path handling code of PHP FPM could result in the execution of arbitrary code in some setups. For the oldstable distribution (stretch), this problem has been fixed in version 7.0.33-0+deb9u6. We recommend that you upgrade your php7.0 packages. For the detailed security status of php7.0 please refer to its security tracker page at: [link moved to references] Affected Software/OS: 'php7.0' package(s) on Debian 9. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-11043 Bugtraq: 20200129 APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra (Google Search) https://seclists.org/bugtraq/2020/Jan/44 Debian Security Information: DSA-4552 (Google Search) https://www.debian.org/security/2019/dsa-4552 Debian Security Information: DSA-4553 (Google Search) https://www.debian.org/security/2019/dsa-4553 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3W23TP6X4H7LB645FYZLUPNIRD5W3EPU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T62LF4ZWVV7OMMIZFO6IFO5QLZKK7YRD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FSNBUSPKMLUHHOADROKNG5GDWDCRHT5M/ http://seclists.org/fulldisclosure/2020/Jan/40 http://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.html https://github.com/neex/phuip-fpizdam RedHat Security Advisories: RHSA-2019:3286 https://access.redhat.com/errata/RHSA-2019:3286 RedHat Security Advisories: RHSA-2019:3287 https://access.redhat.com/errata/RHSA-2019:3287 RedHat Security Advisories: RHSA-2019:3299 https://access.redhat.com/errata/RHSA-2019:3299 RedHat Security Advisories: RHSA-2019:3300 https://access.redhat.com/errata/RHSA-2019:3300 RedHat Security Advisories: RHSA-2019:3724 https://access.redhat.com/errata/RHSA-2019:3724 RedHat Security Advisories: RHSA-2019:3735 https://access.redhat.com/errata/RHSA-2019:3735 RedHat Security Advisories: RHSA-2019:3736 https://access.redhat.com/errata/RHSA-2019:3736 RedHat Security Advisories: RHSA-2020:0322 https://access.redhat.com/errata/RHSA-2020:0322 SuSE Security Announcement: openSUSE-SU-2019:2441 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00011.html SuSE Security Announcement: openSUSE-SU-2019:2457 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00014.html https://usn.ubuntu.com/4166-1/ https://usn.ubuntu.com/4166-2/
Copyright	Copyright (C) 2019 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.