openSUSE Security Update : php5 (openSUSE-SU-2013:1244-1)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

- fixing the following security issues :

- CVE-2013-4635.patch (bnc#828020) :

- Integer overflow in the SdnToJewish

- CVE-2013-1635.patch and CVE-2013-1643.patch
(bnc#807707) :

- reading system files via untrusted SOAP input

- soap.wsdl_cache_dir function did not honour PHP
open_basedir

- CVE-2013-4113.patch (bnc#829207) :

- heap corruption due to badly formed xml

See also :

http://lists.opensuse.org/opensuse-updates/2013-07/msg00075.html
https://bugzilla.novell.com/show_bug.cgi?id=807707
https://bugzilla.novell.com/show_bug.cgi?id=828020
https://bugzilla.novell.com/show_bug.cgi?id=829207

Solution :

Update the affected php5 packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 75096 ()

Bugtraq ID: 58224
58766
60731
61128

CVE ID: CVE-2013-1635
CVE-2013-1643
CVE-2013-4113
CVE-2013-4635

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now