Newest Plugins

IBM WebSphere Portal Multiple Vulnerabilities (PI37356, PI37661)


Synopsis:

The web portal software installed on the remote Windows host is
affected by multiple vulnerabilities.

Description:

The IBM WebSphere Portal installed on the remote host is version
6.1.0.x prior to 6.1.0.6 CF27, 6.1.5.x prior to 6.1.5.3 CF27, 7.0.0.x
prior to 7.0.0.2 CF29, 8.0.0.x prior to 8.0.0.1 CF16, or 8.5.0.0 prior
to 8.5.0.0 CF05. It is, therefore, affected by multiple
vulnerabilities :

- An unspecified flaw exists due to improper validation of
user-supplied input. A remote attacker, using specially
crafted requests, can exploit this to cause a denial of
service by consuming all memory resources. Note that
this only affects hosts in which the 'Remote Document
Conversion Service' is enabled. (CVE-2015-1886, PI37356)

- An unspecified cross-site scripting vulnerability exists
due to improper validation of user-supplied input. A
remote attacker, using a specially crafted URL, can
exploit this to execute code in a victim's web browser
within the security context of the hosted site, possibly
resulting in access to the cookie-based authentication
credentials. (CVE-2015-1908, PI37661)

See also :

https://www-304.ibm.com/support/docview.wss?uid=swg21701566

Solution :

Upgrade IBM WebSphere Portal as noted in the referenced IBM advisory.

- Versions 6.1.0.x should upgrade to 6.1.0.6 CF27 and then
apply interim fixes PI37356 and PI37661.

- Versions 6.1.5.x should upgrade to 6.1.5.3 CF27 and then
apply interim fixes PI37356 and PI37661.

- Versions 7.0.0.x should upgrade to 7.0.0.2 CF29 and then
apply interim fixes PI37356 and PI37661.

- Versions 8.0.0.x should upgrade to 8.0.0.1 CF16.

- Versions 8.5.0.x should upgrade to 8.5.0.0 CF05 and then
apply interim fixes PI37356 and PI37661.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Cisco IOS XR Typhoon-based Line Cards and Network Processor (NP) Chip DoS


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

The remote Cisco device is running a version of Cisco IOS XR software
that is affected by an error due to the improper processing of IPv4
packets routed through the bridge-group virtual interface (BVI)
whenever Unicast Reverse Path Forwarding (uRPF), policy-based routing
(PBR), quality of service (QoS), or access control lists (ACLs) are
enabled. A remote, unauthenticated attacker can exploit this error to
cause the device to lock up, forcing it to eventually reload the
network processor chip and line card that are processing traffic.

Note that this issue only affects Cisco ASR 9000 series devices using
Typhoon-based line cards.

See also :

http://www.nessus.org/u?6dfc693f
http://tools.cisco.com/security/center/viewAlert.x?alertId=38182
https://tools.cisco.com/bugsearch/bug/CSCur62957

Solution :

Apply the relevant patch referenced in Cisco bug ID CSCur62957.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

WordPress < 4.1.2 Multiple Vulnerabilities


Synopsis:

The remote web server contains a PHP application that is affected by
multiple vulnerabilities.

Description:

According to its version number, the WordPress application running
on the remote web server is affected by multiple vulnerabilities :

- An unspecified flaw exists that allows an attacker to
upload arbitrary files with invalid or unsafe names.
Note that this only affects versions 4.1 and higher.
(OSVDB 121085)

- A cross-site scripting vulnerability exists due to
improper validation of user-supplied input. A remote
attacker can exploit this to create a specially crafted
request that executes arbitrary script code in a user's
browser session. (OSVDB 121086)

- A limited cross-site scripting vulnerability exists due
to improper validation of user-supplied input. A remote
attacker can exploit this to create a specially crafted
request that executes arbitrary script code in a user's
browser session. Note that this only affects versions
3.9 and higher. (OSVDB 121087)

- An unspecified SQL injection vulnerability exists in
some plugins.

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

https://wordpress.org/news/2015/04/wordpress-4-1-2/
https://codex.wordpress.org/Version_4.1.2

Solution :

Upgrade to WordPress 4.1.2 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Ubuntu 14.04 / 14.10 / 15.04 : wpa vulnerability (USN-2577-1)


Synopsis:

The remote Ubuntu host is missing a security-related patch.

Description:

It was discovered that wpa_supplicant incorrectly handled SSID
information when creating or updating P2P peer entries. A remote
attacker could use this issue to cause wpa_supplicant to crash,
resulting in a denial of service, expose memory contents, or possibly
execute arbitrary code.

Solution :

Update the affected wpasupplicant package.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Ubuntu 15.04 : usb-creator vulnerability (USN-2576-2)


Synopsis:

The remote Ubuntu host is missing a security-related patch.

Description:

USN-2576-1 fixed a vulnerability in usb-creator. This update provides
the corresponding fix for Ubuntu 15.04.

Tavis Ormandy discovered that usb-creator was missing an
authentication check. A local attacker could use this issue to gain
elevated privileges.

Solution :

Update the affected usb-creator-common package.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Ubuntu 12.04 LTS / 14.04 / 14.10 : usb-creator vulnerability (USN-2576-1)


Synopsis:

The remote Ubuntu host is missing a security-related patch.

Description:

Tavis Ormandy discovered that usb-creator was missing an
authentication check. A local attacker could use this issue to gain
elevated privileges.

Solution :

Update the affected usb-creator-common package.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

SuSE 11.3 Security Update : mutt (SAT Patch Number 10435)


Synopsis:

The remote SuSE 11 host is missing a security update.

Description:

The mutt mail client has been updated to fix a heap-based buffer
overflow in mutt_substrdup(). (CVE-2014-9116)

Additionally, a patch has been added to allow users to override the
'From' address when executing mutt in batch mode.

See also :

https://bugzilla.novell.com/show_bug.cgi?id=905481
https://bugzilla.novell.com/show_bug.cgi?id=907453
http://support.novell.com/security/cve/CVE-2014-9116.html

Solution :

Apply SAT patch number 10435.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

RHEL 6 : qemu-kvm-rhev (RHSA-2015:0868)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated qemu-kvm-rhev packages that fix one security issue and one bug
are now available for Red Hat Enterprise Virtualization.

Red Hat Product Security has rated this update as having Important
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

KVM (Kernel-based Virtual Machine) is a full virtualization solution
for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package
provides the user-space component for running virtual machines using
KVM in environments managed by Red Hat Enterprise Virtualization
Manager.

It was found that the Cirrus blit region checks were insufficient. A
privileged guest user could use this flaw to write outside of
VRAM-allocated buffer boundaries in the host's QEMU process address
space with attacker-provided data. (CVE-2014-8106)

This issue was discovered by Paolo Bonzini of Red Hat.

This update also fixes the following bug :

* Previously, the effective downtime during the last phase of a live
migration would sometimes be much higher than the maximum downtime
specified by 'migration_downtime' in vdsm.conf. This problem has been
corrected. The value of 'migration_downtime' is now honored and the
migration is aborted if the downtime cannot be achieved. (BZ#1142756)

All users of qemu-kvm-rhev are advised to upgrade to these updated
packages, which contain a backported patch to correct this issue.
After installing this update, shut down all running virtual machines.
Once all virtual machines have shut down, start them again for this
update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-8106.html
http://rhn.redhat.com/errata/RHSA-2015-0868.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.6
(CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3034)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

Description of changes:

kernel-uek
[2.6.32-400.37.4.el6uek]
- isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug:
20930553] {CVE-2014-9584}
- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID.
(Stephen Smalley) [Orabug: 20930502] {CVE-2014-3215}
- Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs
(Andy Lutomirski) [Orabug: 20930519] {CVE-2014-3215}

See also :

https://oss.oracle.com/pipermail/el-errata/2015-April/005021.html
https://oss.oracle.com/pipermail/el-errata/2015-April/005020.html

Solution :

Update the affected unbreakable enterprise kernel packages.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3033)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

Description of changes:

[2.6.39-400.249.4.el6uek]
- isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug:
20930552] {CVE-2014-9584}
- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID.
(Stephen Smalley) [Orabug: 20930502] {CVE-2014-3215}
- Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs
(Andy Lutomirski) [Orabug: 20930518] {CVE-2014-3215}

See also :

https://oss.oracle.com/pipermail/el-errata/2015-April/005019.html
https://oss.oracle.com/pipermail/el-errata/2015-April/005018.html

Solution :

Update the affected unbreakable enterprise kernel packages.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3032)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

Description of changes:

kernel-uek
[3.8.13-68.1.3.el6uek]
- isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug:
20930551] {CVE-2014-9584}
- KEYS: close race between key lookup and freeing (Sasha Levin)
[Orabug: 20930548] {CVE-2014-9529} {CVE-2014-9529}
- mm: memcg: do not allow task about to OOM kill to bypass the limit
(Johannes Weiner) [Orabug: 20930539] {CVE-2014-8171}
- mm: memcg: do not declare OOM from __GFP_NOFAIL allocations (Johannes
Weiner) [Orabug: 20930539] {CVE-2014-8171}
- fs: buffer: move allocation failure loop into the allocator (Johannes
Weiner) [Orabug: 20930539] {CVE-2014-8171}
- mm: memcg: handle non-error OOM situations more gracefully (Johannes
Weiner) [Orabug: 20930539] {CVE-2014-8171}
- mm: memcg: do not trap chargers with full callstack on OOM (Johannes
Weiner) [Orabug: 20930539] {CVE-2014-8171}
- mm: memcg: rework and document OOM waiting and wakeup (Johannes
Weiner) [Orabug: 20930539] {CVE-2014-8171}
- mm: memcg: enable memcg OOM killer only for user faults (Johannes
Weiner) [Orabug: 20930539] {CVE-2014-8171}
- x86: finish user fault error path with fatal signal (Johannes Weiner)
[Orabug: 20930539] {CVE-2014-8171}
- arch: mm: pass userspace fault flag to generic fault handler (Johannes
Weiner) [Orabug: 20930539] {CVE-2014-8171}
- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID.
(Stephen Smalley) [Orabug: 20930501] {CVE-2014-3215}

See also :

https://oss.oracle.com/pipermail/el-errata/2015-April/005017.html
https://oss.oracle.com/pipermail/el-errata/2015-April/005016.html

Solution :

Update the affected unbreakable enterprise kernel packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 21 : php-5.6.8-1.fc21 (2015-6407)


Synopsis:

The remote Fedora host is missing a security update.

Description:

16 Apr 2015, **PHP 5.6.8**

Core :

- Fixed bug #66609 (php crashes with __get() and ++
operator in some cases). (Dmitry, Laruence)

- Fixed bug #68021 (get_browser() browser_name_regex
returns non-utf-8 characters). (Tjerk)

- Fixed bug #68917 (parse_url fails on some partial
urls). (Wei Dai)

- Fixed bug #69134 (Per Directory Values overrides
PHP_INI_SYSTEM configuration options). (Anatol Belski)

- Additional fix for bug #69152 (Type confusion
vulnerability in exception::getTraceAsString). (Stas)

- Fixed bug #69210 (serialize function return corrupted
data when sleep has non-string values). (Juan Basso)

- Fixed bug #69212 (Leaking VIA_HANDLER func when
exception thrown in __call/... arg passing). (Nikita)

- Fixed bug #69221 (Segmentation fault when using a
generator in combination with an Iterator). (Nikita)

- Fixed bug #69337 (php_stream_url_wrap_http_ex()
type-confusion vulnerability). (Stas)

- Fixed bug #69353 (Missing null byte checks for paths
in various PHP extensions). (Stas)

Apache2handler :

- Fixed bug #69218 (potential remote code execution with
apache 2.4 apache2handler). (Gerrit Venema)

cURL :

- Implemented FR#69278 (HTTP2 support). (Masaki Kagaya)

- Fixed bug #68739 (Missing break / control flow).
(Laruence)

- Fixed bug #69316 (Use-after-free in php_curl related
to CURLOPT_FILE/_INFILE/_WRITEHEADER). (Laruence)

Date :

- Fixed bug #69336 (Issues with 'last day of
'). (Derick Rethans)

Enchant :

- Fixed bug #65406 (Enchant broker plugins are in the
wrong place in windows builds). (Anatol)

Ereg :

- Fixed bug #68740 (NULL pointer Dereference). (Laruence)

Fileinfo :

- Fixed bug #68819 (Fileinfo on specific file causes
spurious OOM and/or segfault). (Anatol Belski)

Filter :

- Fixed bug #69202: (FILTER_FLAG_STRIP_BACKTICK ignored
unless other flags are used). (Jeff Welch)

- Fixed bug #69203 (FILTER_FLAG_STRIP_HIGH doesn't strip
ASCII 127). (Jeff Welch)

OPCache :

- Fixed bug #69297 (function_exists strange behavior with
OPCache on disabled function). (Laruence)

- Fixed bug #69281 (opcache_is_script_cached no longer
works). (danack)

- Fixed bug #68677 (Use After Free). (CVE-2015-1351)
(Laruence)

OpenSSL

- Fixed bugs #68853, #65137 (Buffered crypto stream data
breaks IO polling in stream_select() contexts) (Chris
Wright)

- Fixed bug #69197 (openssl_pkcs7_sign handles default
value incorrectly) (Daniel Lowrey)

- Fixed bug #69215 (Crypto servers should send client CA
list) (Daniel Lowrey)

- Add a check for RAND_egd to allow compiling against
LibreSSL (Leigh)

Phar :

- Fixed bug #64343 (PharData::extractTo fails for tarball
created by BSD tar). (Mike)

- Fixed bug #64931 (phar_add_file is too restrictive on
filename). (Mike)

- Fixed bug #65467 (Call to undefined method
cli_arg_typ_string). (Mike)

- Fixed bug #67761 (Phar::mapPhar fails for Phars inside
a path containing '.tar'). (Mike)

- Fixed bug #69324 (Buffer Over-read in unserialize when
parsing Phar). (Stas)

- Fixed bug #69441 (Buffer Overflow when parsing
tar/zip/phar in phar_set_inode). (Stas)

Postgres :

- Fixed bug #68741 (NULL pointer dereference).
(CVE-2015-1352) (Laruence)

SPL :

- Fixed bug #69227 (Use after free in zval_scan caused by
spl_object_storage_get_gc). (adam dot scarr at 99designs
dot com)

SOAP :

- Fixed bug #69293 (NEW segfault when using
SoapClient::__setSoapHeader (bisected, regression)).
(Laruence)

Sqlite3 :

- Fixed bug #68760 (SQLITE segfaults if custom collator
throws an exception). (Dan Ackroyd)

- Fixed bug #69287 (Upgrade bundled libsqlite to
3.8.8.3). (Anatol)

- Fixed bug #66550 (SQLite prepared statement
use-after-free). (Sean Heelan)

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1185900
https://bugzilla.redhat.com/show_bug.cgi?id=1185904
https://bugzilla.redhat.com/show_bug.cgi?id=1213407
https://bugzilla.redhat.com/show_bug.cgi?id=1213411
https://bugzilla.redhat.com/show_bug.cgi?id=1213416
https://bugzilla.redhat.com/show_bug.cgi?id=1213442
https://bugzilla.redhat.com/show_bug.cgi?id=1213446
http://www.nessus.org/u?7e19a0be

Solution :

Update the affected php package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 22 : ruby-2.2.2-11.fc22 (2015-6238)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Fixes CVE-2015-1855 ruby: OpenSSL extension hostname matching
implementation violates RFC 6125

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1209982
http://www.nessus.org/u?a650d63a

Solution :

Update the affected ruby package.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 22 : spatialite-tools-4.2.0-10.fc22 / sqlite-3.8.9-1.fc22 (2015-6157)


Synopsis:

The remote Fedora host is missing one or more security updates.

Description:

Update of sqlite to latest upstream version, with spatialite-tools
rebuild.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1212353
https://bugzilla.redhat.com/show_bug.cgi?id=1212356
https://bugzilla.redhat.com/show_bug.cgi?id=1212357
http://www.nessus.org/u?a2627c86
http://www.nessus.org/u?dad8b27d

Solution :

Update the affected spatialite-tools and / or sqlite packages.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 22 : qt-4.8.6-28.fc22 (2015-6123)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Security fix for CVE-2015-1859, CVE-2015-1858, CVE-2015-1860

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1210673
https://bugzilla.redhat.com/show_bug.cgi?id=1210674
https://bugzilla.redhat.com/show_bug.cgi?id=1210675
http://www.nessus.org/u?61027dbb

Solution :

Update the affected qt package.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 22 : kernel-4.0.0-1.fc22 (2015-6100)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Update to latest upstream release, Linux v4.0

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1196266
https://bugzilla.redhat.com/show_bug.cgi?id=1203712
http://www.nessus.org/u?db7bb4ee

Solution :

Update the affected kernel package.

Risk factor :

Medium / CVSS Base Score : 4.9
(CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 20 : lcms-1.19-13.fc20 (2015-1648)


Synopsis:

The remote Fedora host is missing a security update.

Description:

- apply patch for CVE-2013-4276

- apply patch for 'Use of uninitialized values on 64 bit
machines.'

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=992975
http://www.nessus.org/u?3076aaa8

Solution :

Update the affected lcms package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

F5 Networks BIG-IP : NTP vulnerability (SOL16505)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

The symmetric-key feature in the receive function in ntp_proto.c in
ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC
field has a nonzero length, which makes it easier for
man-in-the-middle attackers to spoof packets by omitting the MAC.

See also :

http://www.nessus.org/u?26a67163

Solution :

Upgrade to one of the non-vulnerable versions listed in the F5
Solution SOL16505.

Risk factor :

Low / CVSS Base Score : 1.8
(CVSS2#AV:A/AC:H/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 1.6
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

F5 Networks BIG-IP : Linux kernel vulnerability (SOL16477)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

The DNS resolution functionality in the CIFS implementation in the
Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled,
relies on a user's keyring for the dns_resolver upcall in the
cifs.upcall userspace helper, which allows local users to spoof the
results of DNS queries and perform arbitrary CIFS mounts via vectors
involving an add_key call, related to a 'cache stuffing' issue and
MS-DFS referrals.

See also :

http://www.nessus.org/u?a729272f

Solution :

Upgrade to one of the non-vulnerable versions listed in the F5
Solution SOL16477.

Risk factor :

Medium / CVSS Base Score : 4.4
(CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 3.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

HP Network Automation Multiple Remote Vulnerabilities (HPSBMU03264)


Synopsis:

The remote application is affected by multiple vulnerabilities.

Description:

The version of HP Network Automation running on the remote host is
affected by multiple vulnerabilities in the administrative web
interface. These vulnerabilities include multiple cross-site request
forgeries, cross-site scripting, and clickjacking vulnerabilities.
An unauthenticated, remote attacker can exploit these vulnerabilities
to escalate privileges, disclose sensitive information, execute
arbitrary script code, or to cause a denial of service condition.

See also :

http://www.nessus.org/u?36dfad24

Solution :

Upgrade to HP Network Automation version 9.22.02 / 10.00.01 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

PHP 5.6.x < 5.6.8 Multiple Vulnerabilities


Synopsis:

The remote web server uses a version of PHP that is affected by
multiple vulnerabilities.

Description:

According to its banner, the version of PHP 5.6.x running on the
remote web server is prior to 5.6.8. It is, therefore, affected by
multiple vulnerabilities :

- A use-after-free error exists in the OPcache extension
in the _zend_shared_memdup() function within the file
'zend_shared_alloc.c'. A remote attacker can exploit
this to cause a denial of service or possibly have other
unspecified impact. (CVE-2015-1351)

- The function build_tablename() in file 'pgsql.c' in
the PostgreSQL extension does not properly validate
token extraction for table names. A remote attacker,
using a crafted name, can exploit this to cause a NULL
pointer deference, leading to a denial of service.
(CVE-2015-1352)

- A buffer read overflow error exists in the Phar
component due to user-supplied input not being validated
properly when handling phar parsing during unserialize()
function calls. An attacker can exploit this to execute
arbitrary code or cause a denial of service.
(CVE-2015-2783)

- A buffer overflow flaw exists in the phar_set_inode()
function in file 'phar_internal.h' when handling archive
files, such as tar, zip, or phar files. A remote
attacker can exploit this to execute arbitrary code or
cause a denial of service. (CVE-2015-3329)

- A flaw exists in the Apache2handler SAPI component, when
handling pipelined HTTP requests, that a remote attacker
can exploit to execute arbitrary code. (CVE-2015-3330)

Note that Nessus has not attempted to exploit these issues but has
instead relied only on the application's self-reported version number.

See also :

http://php.net/ChangeLog-5.php#5.6.8

Solution :

Upgrade to PHP version 5.6.8 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

PHP 5.5.x < 5.5.24 Multiple Vulnerabilities


Synopsis:

The remote web server uses a version of PHP that is affected by
multiple vulnerabilities.

Description:

According to its banner, the version of PHP 5.5.x running on the
remote web server is prior to 5.5.24. It is, therefore, affected by
multiple vulnerabilities :

- A use-after-free error exists in the OPcache extension
in the _zend_shared_memdup() function within the file
'zend_shared_alloc.c'. A remote attacker can exploit
this to cause a denial of service or possibly have other
unspecified impact. (CVE-2015-1351)

- The function build_tablename() in file 'pgsql.c' in
the PostgreSQL extension does not properly validate
token extraction for table names. A remote attacker,
using a crafted name, can exploit this to cause a NULL
pointer deference, leading to a denial of service.
(CVE-2015-1352)

- A buffer read overflow error exists in the Phar
component due to user-supplied input not being validated
properly when handling phar parsing during unserialize()
function calls. An attacker can exploit this to execute
arbitrary code or cause a denial of service.
(CVE-2015-2783)

- A buffer overflow flaw exists in the phar_set_inode()
function in file 'phar_internal.h' when handling archive
files, such as tar, zip, or phar files. A remote
attacker can exploit this to execute arbitrary code or
cause a denial of service. (CVE-2015-3329)

- A flaw exists in the Apache2handler SAPI component, when
handling pipelined HTTP requests, that a remote attacker
can exploit to execute arbitrary code. (CVE-2015-3330)

Note that Nessus has not attempted to exploit these issues but has
instead relied only on the application's self-reported version number.

See also :

http://php.net/ChangeLog-5.php#5.5.24

Solution :

Upgrade to PHP version 5.5.24 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

PHP 5.4.x < 5.4.40 Multiple Vulnerabilities


Synopsis:

The remote web server uses a version of PHP that is affected by
multiple vulnerabilities.

Description:

According to its banner, the version of PHP 5.4.x running on the
remote web server is prior to 5.4.40. It is, therefore, affected by
multiple vulnerabilities :

- A out-of-bounds read overflow error exists in the
function GetCode_() in file 'gd_gif_in.c' that allows
denial of service attacks or disclosure of memory
contents. (CVE-2014-9709)

- The function build_tablename() in file 'pgsql.c' in
the PostgreSQL extension does not properly validate
token extraction for table names. A remote attacker,
using a crafted name, can exploit this to cause a NULL
pointer deference, leading to a denial of service.
(CVE-2015-1352)

- A use-after-free error exists in the function
phar_rename_archive() in file 'phar_object.c'. A remote
attacker, by attempting to rename a phar archive to an
already existing file name, can exploit this to cause
a denial of service. (CVE-2015-2301)

- A buffer read overflow error exists in the Phar
component due to user-supplied input not being validated
properly when handling phar parsing during unserialize()
function calls. An attacker can exploit this to execute
arbitrary code or cause a denial of service.
(CVE-2015-2783)

- A buffer overflow flaw exists in the phar_set_inode()
function in file 'phar_internal.h' when handling archive
files, such as tar, zip, or phar files. A remote
attacker can exploit this to execute arbitrary code or
cause a denial of service. (CVE-2015-3329)

- A flaw exists in the Apache2handler SAPI component, when
handling pipelined HTTP requests, that a remote attacker
can exploit to execute arbitrary code. (CVE-2015-3330)

Note that Nessus has not attempted to exploit these issues but has
instead relied only on the application's self-reported version number.

See also :

http://php.net/ChangeLog-5.php#5.4.40

Solution :

Upgrade to PHP version 5.4.40 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

EMC NetWorker nsr_render_log Local Privilege Escalation


Synopsis:

The remote Windows host has an application installed that is affected
by a local privilege escalation vulnerability.

Description:

The EMC NetWorker installed on the remote Windows host is a version
prior to 8.0.4.3, or version 8.1.x prior to 8.1.2.6, or 8.2.x prior to
8.2.1.2 . It is, therefore, affected by a buffer overflow flaw in the
nsr_render_log command-line interface. A local attacker can exploit
this to execute arbitrary code with root privileges on all EMC
Networker managed hosts.

See also :

http://seclists.org/bugtraq/2015/Apr/att-103/ESA-2015-069.txt

Solution :

Upgrade to EMC NetWorker 8.0.4.3 / 8.1.2.6 / 8.2.1.2 or later.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fortinet FortiWeb < 5.3.5 Multiple Vulnerabilities


Synopsis:

The remote host is affected by multiple vulnerabilities.

Description:

The remote host running a version of FortiWeb prior to 5.3.5. It is,
therefore, affected by multiple vulnerabilities :

- A command injection vulnerability exists due to a flaw
that occurs when an administrator is executing reports.
An authenticated, remote attacker can exploit this to
execute arbitrary system commands. (OSVDB 120939)

- A cross-site scripting vulnerability exists due to
improper sanitization of a parameter in the auto
update service page. A remote, authenticated attacker
can exploit this to execute arbitrary script code in a
user's browser session. Note that this vulnerability
only affects the 5.x version branch. (OSVDB 120940)

- A security bypass vulnerability exists due to the
the password field for the FTP backup page having
HTML form autocomplete enabled. A local attacker can
exploit this to bypass FortiWeb's authentication.
(OSVDB 120941)

See also :

http://www.fortiguard.com/advisory/FG-IR-15-010

Solution :

Upgrade to Fortinet FortiWeb 5.3.5 or later. Alternatively, apply the
workaround as referenced in the vendor advisory.

Risk factor :

Medium / CVSS Base Score : 6.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 5.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

HP Data Protector Multiple Vulnerabilities (HPSBMU03321 SSRT101677)


Synopsis:

The remote host is affected by multiple vulnerabilities.

Description:

The HP Data Protector running on the remote host is affected by
multiple unspecified vulnerabilities that can allow a remote attacker
to gain elevated privileges, trigger a denial of service, or execute
arbitrary code with System privileges.

See also :

http://www.nessus.org/u?cd766b13

Solution :

Apply the appropriate patch according to the vendor's advisory.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Scientific Linux Security Update : kvm on SL5.x x86_64


Synopsis:

The remote Scientific Linux host is missing one or more security
updates.

Description:

It was found that KVM's Write to Model Specific Register (WRMSR)
instruction emulation would write non-canonical values passed in by
the guest to certain MSRs in the host's context. A privileged guest
user could use this flaw to crash the host. (CVE-2014-3610)

A race condition flaw was found in the way the Linux kernel's KVM
subsystem handled PIT (Programmable Interval Timer) emulation. A guest
user who has access to the PIT I/O ports could use this flaw to crash
the host. (CVE-2014-3611)

Note: The following procedure must be performed before this update
will take effect :

1) Stop all KVM guest virtual machines.

2) Either reboot the hypervisor machine or, as the root user, remove
(using 'modprobe -r [module]') and reload (using 'modprobe [module]')
all of the following modules which are currently running (determined
using 'lsmod'): kvm, ksm, kvm-intel or kvm-amd.

3) Restart the KVM guest virtual machines.

or you may restart your system.

See also :

http://www.nessus.org/u?0902d8be

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.9
(CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

RHEL 5 : kernel (RHSA-2015:0870)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated kernel packages that fix one security issue are now available
for Red Hat Enterprise Linux 5.9 Long Life.

Red Hat Product Security has rated this update as having Important
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* It was found that the Linux kernel's Infiniband subsystem did not
properly sanitize input parameters while registering memory regions
from user space via the (u)verbs API. A local user with access to a
/dev/infiniband/uverbsX device could use this flaw to crash the system
or, potentially, escalate their privileges on the system.
(CVE-2014-8159, Important)

Red Hat would like to thank Mellanox for reporting this issue.

All kernel users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. The system
must be rebooted for this update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-8159.html
http://rhn.redhat.com/errata/RHSA-2015-0870.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

RHEL 5 : kvm (RHSA-2015:0869)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated kvm packages that fix two security issues are now available
for Red Hat Enterprise Linux 5.

Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

KVM (Kernel-based Virtual Machine) is a full virtualization solution
for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module
built for the standard Red Hat Enterprise Linux kernel.

It was found that KVM's Write to Model Specific Register (WRMSR)
instruction emulation would write non-canonical values passed in by
the guest to certain MSRs in the host's context. A privileged guest
user could use this flaw to crash the host. (CVE-2014-3610)

A race condition flaw was found in the way the Linux kernel's KVM
subsystem handled PIT (Programmable Interval Timer) emulation. A guest
user who has access to the PIT I/O ports could use this flaw to crash
the host. (CVE-2014-3611)

Red Hat would like to thank Lars Bull of Google and Nadav Amit for
reporting the CVE-2014-3610 issue, and Lars Bull of Google for
reporting the CVE-2014-3611 issue.

All kvm users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. Note: The
procedure in the Solution section must be performed before this update
will take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-3610.html
https://www.redhat.com/security/data/cve/CVE-2014-3611.html
http://rhn.redhat.com/errata/RHSA-2015-0869.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.9
(CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Oracle Linux 5 : kvm (ELSA-2015-0869)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

Description of changes:

[kvm-83-270.0.1.el5_11]
- Added kvm-add-oracle-workaround-for-libvirt-bug.patch
- Added kvm-Introduce-oel-machine-type.patch

[kvm-83-270.el5]
- KVM: x86: Check non canonical addresses upon WRMSR
- Resolves: bz#1152982
(CVE-2014-3610 kernel: kvm: noncanonical MSR writes [rhel-5.11.z])

[kvm-83-269.el5]
- KVM: x86: Improve thread safety in pit
- Resolves: bz#1152985
(CVE-2014-3611 kernel: kvm: PIT timer race condition)

See also :

https://oss.oracle.com/pipermail/el-errata/2015-April/005015.html

Solution :

Update the affected kvm packages.

Risk factor :

Medium / CVSS Base Score : 4.9
(CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

openSUSE Security Update : Chromium (openSUSE-2015-320)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

Chromium was updated to latest stable release 42.0.2311.90 to fix
security issues and bugs. The following vulnerabilities were fixed :

- CVE-2015-1235: Cross-origin-bypass in HTML parser.

- CVE-2015-1236: Cross-origin-bypass in Blink.

- CVE-2015-1237: Use-after-free in IPC.

- CVE-2015-1238: Out-of-bounds write in Skia.

- CVE-2015-1240: Out-of-bounds read in WebGL.

- CVE-2015-1241: Tap-Jacking.

- CVE-2015-1242: Type confusion in V8.

- CVE-2015-1244: HSTS bypass in WebSockets.

- CVE-2015-1245: Use-after-free in PDFium.

- CVE-2015-1246: Out-of-bounds read in Blink.

- CVE-2015-1247: Scheme issues in OpenSearch.

- CVE-2015-1248: SafeBrowsing bypass.

- CVE-2015-1249: Various fixes from internal audits,
fuzzing and other initiatives.

- CVE-2015-3333: Multiple vulnerabilities in V8 fixed at
the tip of the 4.2 branch (currently 4.2.77.14).

- CVE-2015-3336: fullscreen and UI locking without user
confirmeation

- CVE-2015-3335: unspecified impact of crafed programs
running in NaCl sandbox

- CVE-2015-3334: 'Media: Allowed by you' sometimes not
shown in a permissions table

New functionality added :

- A number of new apps, extension and Web Platform APIs
(including the Push API!)

- Lots of under the hood changes for stability and
performance

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=927302

Solution :

Update the affected Chromium packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

FreeBSD : libtasn1 -- stack-based buffer overflow in asn1_der_decoding (82595123-e8b8-11e4-a008-047d7b492d07)


Synopsis:

The remote FreeBSD host is missing a security-related update.

Description:

Debian reports :

Hanno Boeck discovered a stack-based buffer overflow in the
asn1_der_decoding function in Libtasn1, a library to manage ASN.1
structures. A remote attacker could take advantage of this flaw to
cause an application using the Libtasn1 library to crash, or
potentially to execute arbitrary code.

See also :

https://www.debian.org/security/2015/dsa-3220.en.html
http://www.nessus.org/u?43fe3aec

Solution :

Update the affected package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 20 : java-1.7.0-openjdk-1.7.0.79-2.5.5.0.fc20 (2015-6397)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Updated to security icedtea-forest7 2.5.5

See also :

http://www.nessus.org/u?bba8ec27

Solution :

Update the affected java-1.7.0-openjdk package.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 21 : java-1.8.0-openjdk-1.8.0.45-31.b13.fc21 (2015-6369)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Updated to security update u45

See also :

http://www.nessus.org/u?4f6bc57b

Solution :

Update the affected java-1.8.0-openjdk package.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 21 : spatialite-tools-4.2.0-10.fc21 / sqlite-3.8.9-1.fc21 (2015-6324)


Synopsis:

The remote Fedora host is missing one or more security updates.

Description:

Update of sqlite to latest upstream version, with spatialite-tools
rebuild.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1212353
https://bugzilla.redhat.com/show_bug.cgi?id=1212356
https://bugzilla.redhat.com/show_bug.cgi?id=1212357
http://www.nessus.org/u?837d2ea7
http://www.nessus.org/u?7475c93c

Solution :

Update the affected spatialite-tools and / or sqlite packages.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 21 : kernel-3.19.4-200.fc21 (2015-6320)


Synopsis:

The remote Fedora host is missing a security update.

Description:

The 3.19.4 stable release contains a number of important fixes across
the tree.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1196266
https://bugzilla.redhat.com/show_bug.cgi?id=1203712
http://www.nessus.org/u?69c5175d

Solution :

Update the affected kernel package.

Risk factor :

Medium / CVSS Base Score : 4.9
(CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 20 : kernel-3.19.4-100.fc20 (2015-6294)


Synopsis:

The remote Fedora host is missing a security update.

Description:

The 3.19.4 stable release contains a number of important fixes across
the tree.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1196266
https://bugzilla.redhat.com/show_bug.cgi?id=1203712
http://www.nessus.org/u?c5fa6cb5

Solution :

Update the affected kernel package.

Risk factor :

Medium / CVSS Base Score : 4.9
(CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 22 : php-5.6.8-1.fc22 (2015-6195)


Synopsis:

The remote Fedora host is missing a security update.

Description:

16 Apr 2015, **PHP 5.6.8**

Core :

- Fixed bug #66609 (php crashes with __get() and ++
operator in some cases). (Dmitry, Laruence)

- Fixed bug #68021 (get_browser() browser_name_regex
returns non-utf-8 characters). (Tjerk)

- Fixed bug #68917 (parse_url fails on some partial
urls). (Wei Dai)

- Fixed bug #69134 (Per Directory Values overrides
PHP_INI_SYSTEM configuration options). (Anatol Belski)

- Additional fix for bug #69152 (Type confusion
vulnerability in exception::getTraceAsString). (Stas)

- Fixed bug #69210 (serialize function return corrupted
data when sleep has non-string values). (Juan Basso)

- Fixed bug #69212 (Leaking VIA_HANDLER func when
exception thrown in __call/... arg passing). (Nikita)

- Fixed bug #69221 (Segmentation fault when using a
generator in combination with an Iterator). (Nikita)

- Fixed bug #69337 (php_stream_url_wrap_http_ex()
type-confusion vulnerability). (Stas)

- Fixed bug #69353 (Missing null byte checks for paths
in various PHP extensions). (Stas)

Apache2handler :

- Fixed bug #69218 (potential remote code execution with
apache 2.4 apache2handler). (Gerrit Venema)

cURL :

- Implemented FR#69278 (HTTP2 support). (Masaki Kagaya)

- Fixed bug #68739 (Missing break / control flow).
(Laruence)

- Fixed bug #69316 (Use-after-free in php_curl related
to CURLOPT_FILE/_INFILE/_WRITEHEADER). (Laruence)

Date :

- Fixed bug #69336 (Issues with 'last day of
'). (Derick Rethans)

Enchant :

- Fixed bug #65406 (Enchant broker plugins are in the
wrong place in windows builds). (Anatol)

Ereg :

- Fixed bug #68740 (NULL pointer Dereference). (Laruence)

Fileinfo :

- Fixed bug #68819 (Fileinfo on specific file causes
spurious OOM and/or segfault). (Anatol Belski)

Filter :

- Fixed bug #69202: (FILTER_FLAG_STRIP_BACKTICK ignored
unless other flags are used). (Jeff Welch)

- Fixed bug #69203 (FILTER_FLAG_STRIP_HIGH doesn't strip
ASCII 127). (Jeff Welch)

OPCache :

- Fixed bug #69297 (function_exists strange behavior with
OPCache on disabled function). (Laruence)

- Fixed bug #69281 (opcache_is_script_cached no longer
works). (danack)

- Fixed bug #68677 (Use After Free). (CVE-2015-1351)
(Laruence)

OpenSSL

- Fixed bugs #68853, #65137 (Buffered crypto stream data
breaks IO polling in stream_select() contexts) (Chris
Wright)

- Fixed bug #69197 (openssl_pkcs7_sign handles default
value incorrectly) (Daniel Lowrey)

- Fixed bug #69215 (Crypto servers should send client CA
list) (Daniel Lowrey)

- Add a check for RAND_egd to allow compiling against
LibreSSL (Leigh)

Phar :

- Fixed bug #64343 (PharData::extractTo fails for tarball
created by BSD tar). (Mike)

- Fixed bug #64931 (phar_add_file is too restrictive on
filename). (Mike)

- Fixed bug #65467 (Call to undefined method
cli_arg_typ_string). (Mike)

- Fixed bug #67761 (Phar::mapPhar fails for Phars inside
a path containing '.tar'). (Mike)

- Fixed bug #69324 (Buffer Over-read in unserialize when
parsing Phar). (Stas)

- Fixed bug #69441 (Buffer Overflow when parsing
tar/zip/phar in phar_set_inode). (Stas)

Postgres :

- Fixed bug #68741 (NULL pointer dereference).
(CVE-2015-1352) (Laruence)

SPL :

- Fixed bug #69227 (Use after free in zval_scan caused by
spl_object_storage_get_gc). (adam dot scarr at 99designs
dot com)

SOAP :

- Fixed bug #69293 (NEW segfault when using
SoapClient::__setSoapHeader (bisected, regression)).
(Laruence)

Sqlite3 :

- Fixed bug #68760 (SQLITE segfaults if custom collator
throws an exception). (Dan Ackroyd)

- Fixed bug #69287 (Upgrade bundled libsqlite to
3.8.8.3). (Anatol)

- Fixed bug #66550 (SQLite prepared statement
use-after-free). (Sean Heelan)

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1185900
https://bugzilla.redhat.com/show_bug.cgi?id=1185904
https://bugzilla.redhat.com/show_bug.cgi?id=1213407
https://bugzilla.redhat.com/show_bug.cgi?id=1213411
https://bugzilla.redhat.com/show_bug.cgi?id=1213416
https://bugzilla.redhat.com/show_bug.cgi?id=1213442
https://bugzilla.redhat.com/show_bug.cgi?id=1213446
https://bugzilla.redhat.com/show_bug.cgi?id=1213449
http://www.nessus.org/u?4fa550d3

Solution :

Update the affected php package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 22 : cherokee-1.2.103-6.fc22 (2015-6194)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Resolves bz 1114461 - CVE-2014-4668 cherokee: authentication bypass
when LDAP server allows unauthenticated binds

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1094901
https://bugzilla.redhat.com/show_bug.cgi?id=1114461
http://www.nessus.org/u?e3eb2f92

Solution :

Update the affected cherokee package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 22 : java-1.8.0-openjdk-1.8.0.45-31.b13.fc22 (2015-6170)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Updated to security update u45

See also :

http://www.nessus.org/u?6408fca5

Solution :

Update the affected java-1.8.0-openjdk package.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.