FreeBSD : php -- multiple vulnerabilities (5764c634-10d2-11e6-94fa-002590263bf5)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The PHP Group reports :

- BCMath :

- Fixed bug #72093 (bcpowmod accepts negative scale and corrupts _one_
definition).

- Exif :

- Fixed bug #72094 (Out of bounds heap read access in exif header
processing).

- GD :

- Fixed bug #71912 (libgd: signedness vulnerability). (CVE-2016-3074)

- Intl :

- Fixed bug #72061 (Out-of-bounds reads in zif_grapheme_stripos with
negative offset).

- XML :

- Fixed bug #72099 (xml_parse_into_struct segmentation fault).

See also :

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209145
http://www.php.net/ChangeLog-7.php#7.0.6
http://www.php.net/ChangeLog-5.php#5.6.21
http://www.php.net/ChangeLog-5.php#5.5.35
http://www.nessus.org/u?2846ac0d

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 90844 ()

Bugtraq ID:

CVE ID: CVE-2016-3074

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now