Test Kennung:	1.3.6.1.4.1.25623.1.0.842844
Kategorie:	Ubuntu Local Security Checks
Titel:	Ubuntu Update for php7.0 USN-3045-1
Zusammenfassung:	The remote host is missing an update for the 'php7.0'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'php7.0' package(s) announced via the referenced advisory. Vulnerability Insight: It was discovered that PHP incorrectly handled certain SplMinHeap::compare operations. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-4116) It was discovered that PHP incorrectly handled recursive method calls. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8873) It was discovered that PHP incorrectly validated certain Exception objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8876) It was discovered that PHP header() function performed insufficient filtering for Internet Explorer. A remote attacker could possibly use this issue to perform an XSS attack. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8935) It was discovered that PHP incorrectly handled certain locale operations. An attacker could use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5093) It was discovered that the PHP php_html_entities() function incorrectly handled certain string lengths. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5094, CVE-2016-5095) It was discovered that the PHP fread() function incorrectly handled certain lengths. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5096) It was discovered that the PHP FastCGI Process Manager (FPM) SAPI incorrectly handled memory in the access logging feature. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly expose sensitive information. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5114) It was discovered that PHP would not protect applications from contents of the HTTP_PROXY environment variable when based on the contents of the Proxy header from HTTP requests. A remote attacker could possibly use this issue in combination with scripts that honour the HT ... Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: php7.0 on Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, Ubuntu 12.04 LTS Solution: Please Install the Updated Packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-4116 https://www.htbridge.com/advisory/HTB23262 SuSE Security Announcement: openSUSE-SU-2016:1524 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-06/msg00027.html Common Vulnerability Exposure (CVE) ID: CVE-2015-8873 RedHat Security Advisories: RHSA-2016:2750 http://rhn.redhat.com/errata/RHSA-2016-2750.html Common Vulnerability Exposure (CVE) ID: CVE-2015-8876 Common Vulnerability Exposure (CVE) ID: CVE-2015-8935 http://www.openwall.com/lists/oss-security/2016/06/20/3 SuSE Security Announcement: SUSE-SU-2016:2013 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00025.html SuSE Security Announcement: openSUSE-SU-2016:1761 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html SuSE Security Announcement: openSUSE-SU-2016:1922 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html Common Vulnerability Exposure (CVE) ID: CVE-2016-5093 BugTraq ID: 90946 http://www.securityfocus.com/bid/90946 Debian Security Information: DSA-3602 (Google Search) http://www.debian.org/security/2016/dsa-3602 http://www.openwall.com/lists/oss-security/2016/05/26/3 Common Vulnerability Exposure (CVE) ID: CVE-2016-5094 BugTraq ID: 90857 http://www.securityfocus.com/bid/90857 Common Vulnerability Exposure (CVE) ID: CVE-2016-5095 BugTraq ID: 92144 http://www.securityfocus.com/bid/92144 Common Vulnerability Exposure (CVE) ID: CVE-2016-5096 BugTraq ID: 90861 http://www.securityfocus.com/bid/90861 Common Vulnerability Exposure (CVE) ID: CVE-2016-5114 http://www.search-lab.hu/about-us/news/111-some-unusual-vulnerabilities-in-the-php-engine http://www.openwall.com/lists/oss-security/2016/05/29/1 Common Vulnerability Exposure (CVE) ID: CVE-2016-5385 BugTraq ID: 91821 http://www.securityfocus.com/bid/91821 CERT/CC vulnerability note: VU#797896 http://www.kb.cert.org/vuls/id/797896 Debian Security Information: DSA-3631 (Google Search) http://www.debian.org/security/2016/dsa-3631 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF/ https://security.gentoo.org/glsa/201611-22 https://httpoxy.org/ RedHat Security Advisories: RHSA-2016:1609 http://rhn.redhat.com/errata/RHSA-2016-1609.html RedHat Security Advisories: RHSA-2016:1610 http://rhn.redhat.com/errata/RHSA-2016-1610.html RedHat Security Advisories: RHSA-2016:1611 http://rhn.redhat.com/errata/RHSA-2016-1611.html RedHat Security Advisories: RHSA-2016:1612 http://rhn.redhat.com/errata/RHSA-2016-1612.html RedHat Security Advisories: RHSA-2016:1613 http://rhn.redhat.com/errata/RHSA-2016-1613.html http://www.securitytracker.com/id/1036335 Common Vulnerability Exposure (CVE) ID: CVE-2016-5399 BugTraq ID: 92051 http://www.securityfocus.com/bid/92051 Bugtraq: 20160721 CVE-2016-5399: php: out-of-bounds write in bzread() (Google Search) http://www.securityfocus.com/archive/1/538966/100/0/threaded https://www.exploit-db.com/exploits/40155/ http://seclists.org/fulldisclosure/2016/Jul/72 http://packetstormsecurity.com/files/137998/PHP-7.0.8-5.6.23-5.5.37-bzread-OOB-Write.html http://www.openwall.com/lists/oss-security/2016/07/21/1 RedHat Security Advisories: RHSA-2016:2598 http://rhn.redhat.com/errata/RHSA-2016-2598.html http://www.securitytracker.com/id/1036430 Common Vulnerability Exposure (CVE) ID: CVE-2016-5768 http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html BugTraq ID: 91396 http://www.securityfocus.com/bid/91396 Debian Security Information: DSA-3618 (Google Search) http://www.debian.org/security/2016/dsa-3618 http://www.openwall.com/lists/oss-security/2016/06/23/4 Common Vulnerability Exposure (CVE) ID: CVE-2016-5769 BugTraq ID: 91399 http://www.securityfocus.com/bid/91399 Common Vulnerability Exposure (CVE) ID: CVE-2016-5771 BugTraq ID: 91401 http://www.securityfocus.com/bid/91401 Common Vulnerability Exposure (CVE) ID: CVE-2016-5773 BugTraq ID: 91397 http://www.securityfocus.com/bid/91397 Common Vulnerability Exposure (CVE) ID: CVE-2016-5772 BugTraq ID: 91398 http://www.securityfocus.com/bid/91398 Common Vulnerability Exposure (CVE) ID: CVE-2016-6288 BugTraq ID: 92111 http://www.securityfocus.com/bid/92111 http://openwall.com/lists/oss-security/2016/07/24/2 Common Vulnerability Exposure (CVE) ID: CVE-2016-6289 BugTraq ID: 92074 http://www.securityfocus.com/bid/92074 http://fortiguard.com/advisory/fortinet-discovers-php-stack-based-buffer-overflow-vulnerabilities Common Vulnerability Exposure (CVE) ID: CVE-2016-6290 BugTraq ID: 92097 http://www.securityfocus.com/bid/92097 Common Vulnerability Exposure (CVE) ID: CVE-2016-6291 BugTraq ID: 92073 http://www.securityfocus.com/bid/92073 Common Vulnerability Exposure (CVE) ID: CVE-2016-6292 BugTraq ID: 92078 http://www.securityfocus.com/bid/92078 Common Vulnerability Exposure (CVE) ID: CVE-2016-6294 BugTraq ID: 92115 http://www.securityfocus.com/bid/92115 Common Vulnerability Exposure (CVE) ID: CVE-2016-6295 BugTraq ID: 92094 http://www.securityfocus.com/bid/92094 Common Vulnerability Exposure (CVE) ID: CVE-2016-6296 BugTraq ID: 92095 http://www.securityfocus.com/bid/92095 https://lists.debian.org/debian-lts-announce/2019/11/msg00029.html http://www.ubuntu.com/usn/USN-3059-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-6297 BugTraq ID: 92099 http://www.securityfocus.com/bid/92099
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.