Test ID:	1.3.6.1.4.1.25623.1.0.71823
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-2527-1)
Summary:	The remote host is missing an update for the Debian 'php5' package(s) announced via the DSA-2527-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'php5' package(s) announced via the DSA-2527-1 advisory. Vulnerability Insight: Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2012-2688 A buffer overflow in the scandir() function could lead to denial of service or the execution of arbitrary code. CVE-2012-3450 It was discovered that inconsistent parsing of PDO prepared statements could lead to denial of service. For the stable distribution (squeeze), this problem has been fixed in version 5.3.3-7+squeeze14. For the unstable distribution (sid), this problem has been fixed in version 5.4.4-4. We recommend that you upgrade your php5 packages. Affected Software/OS: 'php5' package(s) on Debian 6. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-2688 http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html BugTraq ID: 54638 http://www.securityfocus.com/bid/54638 Debian Security Information: DSA-2527 (Google Search) http://www.debian.org/security/2012/dsa-2527 http://www.mandriva.com/security/advisories?name=MDVSA-2012:108 RedHat Security Advisories: RHSA-2013:1307 http://rhn.redhat.com/errata/RHSA-2013-1307.html http://www.securitytracker.com/id?1027287 http://secunia.com/advisories/55078 SuSE Security Announcement: SUSE-SU-2012:1033 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00021.html SuSE Security Announcement: SUSE-SU-2012:1034 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00022.html SuSE Security Announcement: openSUSE-SU-2012:0976 (Google Search) https://hermes.opensuse.org/messages/15376003 http://www.ubuntu.com/usn/USN-1569-1 XForce ISS Database: php-phpstreamscandir-unspecified(77155) https://exchange.xforce.ibmcloud.com/vulnerabilities/77155 Common Vulnerability Exposure (CVE) ID: CVE-2012-3450 20120610 [php<=5.4.3] Parsing Bug in PHP PDO prepared statements may lead to access violation http://seclists.org/bugtraq/2012/Jun/60 DSA-2527 MDVSA-2012:108 SUSE-SU-2012:1033 USN-1569-1 [oss-security] 20120802 CVE Request: php5 pdo array overread/crash http://www.openwall.com/lists/oss-security/2012/08/02/3 [oss-security] 20120802 Re: CVE Request: php5 pdo array overread/crash http://www.openwall.com/lists/oss-security/2012/08/02/7 http://www.php.net/ChangeLog-5.php https://bugs.php.net/bug.php?id=61755 https://bugzilla.novell.com/show_bug.cgi?id=769785
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.