Anfälligkeitssuche        Suche in 211766 CVE Beschreibungen
und 97459 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.4.2017.1717.1
Kategorie:SuSE Local Security Checks
Titel:SUSE: Security Advisory (SUSE-SU-2017:1717-1)
Zusammenfassung:The remote host is missing an update for the 'php7' package(s) announced via the SUSE-SU-2017:1717-1 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'php7' package(s) announced via the SUSE-SU-2017:1717-1 advisory.

Vulnerability Insight:
This update for php7 fixes the following security issues:
- CVE-2017-9224: stack out-of-bounds read occurs in match_at() could lead
to Denial of service (bsc#1040891)
- CVE-2017-9226: heap out-of-bounds write orread occurs in
next_state_val() could lead to Denial of service(bsc#1040889)
- CVE-2017-9227: stack out-of-bounds read in mbc_enc_len() could lead to
Denial of service (bsc#1040883)
- CVE-2017-6441: The _zval_get_long_func_ex in Zend/zend_operators.c in
PHP allowed attackers to cause a denial of service (NULL pointer
dereference and application crash) via crafted use of 'declare(ticks='
in a PHP script (bsc#1032155).
- CVE-2016-6294: The locale_accept_from_http function in
ext/intl/locale/locale_methods.c did not properly restrict calls to the
ICU uloc_acceptLanguageFromHTTP function, which allowed remote attackers
to cause a denial of service (out-of-bounds read) or possibly have
unspecified other impact via a call with a long argument (bsc#1035111).

Affected Software/OS:
'php7' package(s) on SUSE Linux Enterprise Software Development Kit 12-SP2, SUSE Linux Enterprise Module for Web Scripting 12

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-6294
http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html
BugTraq ID: 92115
http://www.securityfocus.com/bid/92115
Debian Security Information: DSA-3631 (Google Search)
http://www.debian.org/security/2016/dsa-3631
https://security.gentoo.org/glsa/201611-22
http://openwall.com/lists/oss-security/2016/07/24/2
RedHat Security Advisories: RHSA-2016:2750
http://rhn.redhat.com/errata/RHSA-2016-2750.html
http://www.securitytracker.com/id/1036430
Common Vulnerability Exposure (CVE) ID: CVE-2017-6441
https://bugs.php.net/bug.php?id=74146
https://github.com/php/php-src/pull/2396
Common Vulnerability Exposure (CVE) ID: CVE-2017-9224
BugTraq ID: 101244
http://www.securityfocus.com/bid/101244
RedHat Security Advisories: RHSA-2018:1296
https://access.redhat.com/errata/RHSA-2018:1296
Common Vulnerability Exposure (CVE) ID: CVE-2017-9226
Common Vulnerability Exposure (CVE) ID: CVE-2017-9227
BugTraq ID: 100538
http://www.securityfocus.com/bid/100538
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Dies ist nur einer von 97459 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2021 E-Soft Inc. Alle Rechte vorbehalten.