Test ID:	1.3.6.1.4.1.25623.1.1.1.2.2015.212
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DLA-212-1)
Summary:	The remote host is missing an update for the Debian 'php5' package(s) announced via the DLA-212-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'php5' package(s) announced via the DLA-212-1 advisory. Vulnerability Insight: CVE-2014-9705 Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries. CVE-2015-0232 The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image. CVE-2015-2301 Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file. CVE-2015-2331 Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow. CVE-2015-2783 Buffer Over-read in unserialize when parsing Phar CVE-2015-2787 Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231. CVE-2015-3329 Buffer Overflow when parsing tar/zip/phar in phar_set_inode CVE-2015-3330 PHP potential remote code execution with apache 2.4 apache2handler CVE-2015-temp-68819 Denial of service when processing a crafted file with Fileinfo Affected Software/OS: 'php5' package(s) on Debian 6. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-9705 http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html BugTraq ID: 73031 http://www.securityfocus.com/bid/73031 Debian Security Information: DSA-3195 (Google Search) http://www.debian.org/security/2015/dsa-3195 https://security.gentoo.org/glsa/201606-10 HPdes Security Advisory: HPSBMU03380 http://marc.info/?l=bugtraq&m=143748090628601&w=2 HPdes Security Advisory: HPSBMU03409 http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://www.mandriva.com/security/advisories?name=MDVSA-2015:079 https://www.htbridge.com/advisory/HTB23252 http://openwall.com/lists/oss-security/2015/03/15/6 RedHat Security Advisories: RHSA-2015:1053 http://rhn.redhat.com/errata/RHSA-2015-1053.html RedHat Security Advisories: RHSA-2015:1066 http://rhn.redhat.com/errata/RHSA-2015-1066.html RedHat Security Advisories: RHSA-2015:1135 http://rhn.redhat.com/errata/RHSA-2015-1135.html RedHat Security Advisories: RHSA-2015:1218 http://rhn.redhat.com/errata/RHSA-2015-1218.html http://www.securitytracker.com/id/1031948 SuSE Security Announcement: SUSE-SU-2015:0868 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html SuSE Security Announcement: openSUSE-SU-2015:0644 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-04/msg00002.html http://www.ubuntu.com/usn/USN-2535-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-0232 BugTraq ID: 72541 http://www.securityfocus.com/bid/72541 https://security.gentoo.org/glsa/201503-03 http://www.mandriva.com/security/advisories?name=MDVSA-2015:032 SuSE Security Announcement: SUSE-SU-2015:0365 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.html SuSE Security Announcement: openSUSE-SU-2015:0325 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-02/msg00079.html Common Vulnerability Exposure (CVE) ID: CVE-2015-2301 BugTraq ID: 73037 http://www.securityfocus.com/bid/73037 Debian Security Information: DSA-3198 (Google Search) http://www.debian.org/security/2015/dsa-3198 HPdes Security Advisory: HPSBUX03337 http://marc.info/?l=bugtraq&m=143403519711434&w=2 HPdes Security Advisory: SSRT102066 http://www.securitytracker.com/id/1031949 Common Vulnerability Exposure (CVE) ID: CVE-2015-2331 http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154666.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155299.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153983.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154266.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154276.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155622.html http://www.securitytracker.com/id/1031985 SuSE Security Announcement: openSUSE-SU-2015:0615 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-03/msg00083.html Common Vulnerability Exposure (CVE) ID: CVE-2015-2783 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html BugTraq ID: 74239 http://www.securityfocus.com/bid/74239 Debian Security Information: DSA-3280 (Google Search) http://www.debian.org/security/2015/dsa-3280 RedHat Security Advisories: RHSA-2015:1186 http://rhn.redhat.com/errata/RHSA-2015-1186.html RedHat Security Advisories: RHSA-2015:1187 http://rhn.redhat.com/errata/RHSA-2015-1187.html http://www.securitytracker.com/id/1032146 SuSE Security Announcement: openSUSE-SU-2015:0855 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html http://www.ubuntu.com/usn/USN-2572-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-2787 BugTraq ID: 73431 http://www.securityfocus.com/bid/73431 http://www.securitytracker.com/id/1032485 SuSE Security Announcement: openSUSE-SU-2015:0684 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-04/msg00015.html Common Vulnerability Exposure (CVE) ID: CVE-2015-3329 BugTraq ID: 74240 http://www.securityfocus.com/bid/74240 http://www.securitytracker.com/id/1032145 Common Vulnerability Exposure (CVE) ID: CVE-2015-3330 BugTraq ID: 74204 http://www.securityfocus.com/bid/74204 http://openwall.com/lists/oss-security/2015/04/17/7 http://www.securitytracker.com/id/1033703
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.