FreeBSD : php -- multiple vulnerabilities (482d40cb-f9a3-11e5-92ce-002590263bf5)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The PHP Group reports :

- Fileinfo :

- Fixed bug #71527 (Buffer over-write in finfo_open with malformed
magic file).

- mbstring :

- Fixed bug #71906 (AddressSanitizer: negative-size-param (-1) in
mbfl_strcut).

- Phar :

- Fixed bug #71860 (Invalid memory write in phar on filename with \0
in name).

- SNMP :

- Fixed bug #71704 (php_snmp_error() Format String Vulnerability).

- Standard :

- Fixed bug #71798 (Integer Overflow in php_raw_url_encode).

See also :

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=208465
http://php.net/ChangeLog-7.php#7.0.5
http://php.net/ChangeLog-5.php#5.6.20
http://php.net/ChangeLog-5.php#5.5.34
http://www.nessus.org/u?1590af50

Solution :

Update the affected packages.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 90335 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now