Test ID:	1.3.6.1.4.1.25623.1.0.891741
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DLA-1741-1)
Summary:	The remote host is missing an update for the Debian 'php5' package(s) announced via the DLA-1741-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'php5' package(s) announced via the DLA-1741-1 advisory. Vulnerability Insight: Several vulnerabilities have been found in php5, a server-side, HTML-embedded scripting language. CVE-2019-9637 rename() across the device may allow unwanted access during processing. CVE-2019-9638 CVE-2019-9639 Uninitialized read in exif_process_IFD_in_MAKERNOTE. CVE-2019-9640 Invalid Read on exif_process_SOFn. CVE-2019-9641 Uninitialized read in exif_process_IFD_in_TIFF. CVE-2019-9022 An issue during parsing of DNS responses allows a hostile DNS server to misuse memcpy, which leads to a read operation past an allocated buffer. For Debian 8 Jessie, these problems have been fixed in version 5.6.40+dfsg-0+deb8u2. We recommend that you upgrade your php5 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: [link moved to references] Affected Software/OS: 'php5' package(s) on Debian 8. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-9022 Debian Security Information: DSA-4398 (Google Search) https://www.debian.org/security/2019/dsa-4398 https://bugs.php.net/bug.php?id=77369 https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html RedHat Security Advisories: RHSA-2019:2519 https://access.redhat.com/errata/RHSA-2019:2519 RedHat Security Advisories: RHSA-2019:3299 https://access.redhat.com/errata/RHSA-2019:3299 SuSE Security Announcement: openSUSE-SU-2019:1572 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html SuSE Security Announcement: openSUSE-SU-2019:1573 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html https://usn.ubuntu.com/3902-1/ https://usn.ubuntu.com/3922-2/ https://usn.ubuntu.com/3922-3/ Common Vulnerability Exposure (CVE) ID: CVE-2019-9637 Debian Security Information: DSA-4403 (Google Search) https://www.debian.org/security/2019/dsa-4403 https://bugs.php.net/bug.php?id=77630 SuSE Security Announcement: openSUSE-SU-2019:1293 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html SuSE Security Announcement: openSUSE-SU-2019:1503 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html https://usn.ubuntu.com/3922-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-9638 https://bugs.php.net/bug.php?id=77563 Common Vulnerability Exposure (CVE) ID: CVE-2019-9639 https://bugs.php.net/bug.php?id=77659 Common Vulnerability Exposure (CVE) ID: CVE-2019-9640 https://bugs.php.net/bug.php?id=77540 Common Vulnerability Exposure (CVE) ID: CVE-2019-9641 https://bugs.php.net/bug.php?id=77509 SuSE Security Announcement: openSUSE-SU-2019:1256 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html
Copyright	Copyright (C) 2019 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.