FreeBSD : php -- multiple vulnerabilities (85eb4e46-cf16-11e5-840f-485d605f4717)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

PHP reports :

- Core :

- Fixed bug #71039 (exec functions ignore length but look for NULL
termination).

- Fixed bug #71323 (Output of stream_get_meta_data can be falsified by
its input).

- Fixed bug #71459 (Integer overflow in iptcembed()).

- PCRE :

- Upgraded bundled PCRE library to 8.38.(CVE-2015-8383, CVE-2015-8386,
CVE-2015-8387, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391,
CVE-2015-8393, CVE-2015-8394)

- Phar :

- Fixed bug #71354 (Heap corruption in tar/zip/phar parser).

- Fixed bug #71391 (NULL pointer Dereference in
phar_tar_setupmetadata()).

- Fixed bug #71488 (Stack overflow when decompressing tar archives).
(CVE-2016-2554)

- WDDX :

- Fixed bug #71335 (Type Confusion in WDDX Packet Deserialization).

See also :

http://php.net/ChangeLog-5.php#5.6.18
http://php.net/ChangeLog-5.php#5.5.32
http://www.nessus.org/u?f236751f

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 88671 ()

Bugtraq ID:

CVE ID: CVE-2015-8383
CVE-2015-8386
CVE-2015-8387
CVE-2015-8389
CVE-2015-8390
CVE-2015-8391
CVE-2015-8393
CVE-2015-8394
CVE-2016-2554

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now