GLSA-201503-03 : PHP: Multiple vulnerabilities

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-201503-03
(PHP: Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in PHP. Please review the
CVE identifiers referenced below for details.

Impact :

A remote attacker can leverage these vulnerabilities to execute
arbitrary code or cause Denial of Service.

Workaround :

There is no known workaround at this time.

See also :

https://security.gentoo.org/glsa/201503-03

Solution :

All PHP 5.5 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-lang/php-5.5.21'
All PHP 5.4 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-lang/php-5.4.37'
All PHP 5.3 users should upgrade to the latest version. This branch is
currently past the end of life and it will no longer receive security
fixes. All PHP 5.3 users are strongly recommended to upgrade to the
current stable version of PHP 5.5 or previous stable version of PHP 5.4,
which are supported till at least 2016 and 2015 respectively.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Gentoo Local Security Checks

Nessus Plugin ID: 81688 ()

Bugtraq ID: 70807
71791
71800
71833
72539
72541

CVE ID: CVE-2014-3710
CVE-2014-8142
CVE-2014-9425
CVE-2014-9427
CVE-2015-0231
CVE-2015-0232

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now