Debian DLA-1034-1 : php5 security update

Medium Nessus Plugin ID 101908

Synopsis

The remote Debian host is missing a security update.

Description

Several issues have been discovered in PHP (recursive acronym for PHP:
Hypertext Preprocessor), a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML.

CVE-2016-10397 Incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks.

CVE-2017-11143 An invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter.

CVE-2017-11144 The openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter.

CVE-2017-11145 Lack of a bounds check in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter.

CVE-2017-11147 The PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.

For Debian 7 'Wheezy', these problems have been fixed in version 5.4.45-0+deb7u9.

We recommend that you upgrade your php5 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Upgrade the affected packages.

See Also

https://lists.debian.org/debian-lts-announce/2017/07/msg00026.html

https://packages.debian.org/source/wheezy/php5

Plugin Details

Severity: Medium

ID: 101908

File Name: debian_DLA-1034.nasl

Version: 3.4

Type: local

Agent: unix

Published: 2017/07/24

Updated: 2018/07/09

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.4

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 9.1

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:libapache2-mod-php5, p-cpe:/a:debian:debian_linux:libapache2-mod-php5filter, p-cpe:/a:debian:debian_linux:libphp5-embed, p-cpe:/a:debian:debian_linux:php-pear, p-cpe:/a:debian:debian_linux:php5, p-cpe:/a:debian:debian_linux:php5-cgi, p-cpe:/a:debian:debian_linux:php5-cli, p-cpe:/a:debian:debian_linux:php5-common, p-cpe:/a:debian:debian_linux:php5-curl, p-cpe:/a:debian:debian_linux:php5-dbg, p-cpe:/a:debian:debian_linux:php5-dev, p-cpe:/a:debian:debian_linux:php5-enchant, p-cpe:/a:debian:debian_linux:php5-fpm, p-cpe:/a:debian:debian_linux:php5-gd, p-cpe:/a:debian:debian_linux:php5-gmp, p-cpe:/a:debian:debian_linux:php5-imap, p-cpe:/a:debian:debian_linux:php5-interbase, p-cpe:/a:debian:debian_linux:php5-intl, p-cpe:/a:debian:debian_linux:php5-ldap, p-cpe:/a:debian:debian_linux:php5-mcrypt, p-cpe:/a:debian:debian_linux:php5-mysql, p-cpe:/a:debian:debian_linux:php5-mysqlnd, p-cpe:/a:debian:debian_linux:php5-odbc, p-cpe:/a:debian:debian_linux:php5-pgsql, p-cpe:/a:debian:debian_linux:php5-pspell, p-cpe:/a:debian:debian_linux:php5-recode, p-cpe:/a:debian:debian_linux:php5-snmp, p-cpe:/a:debian:debian_linux:php5-sqlite, p-cpe:/a:debian:debian_linux:php5-sybase, p-cpe:/a:debian:debian_linux:php5-tidy, p-cpe:/a:debian:debian_linux:php5-xmlrpc, p-cpe:/a:debian:debian_linux:php5-xsl, cpe:/o:debian:debian_linux:7.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2017/07/21

Reference Information

CVE: CVE-2016-10397, CVE-2017-11143, CVE-2017-11144, CVE-2017-11145, CVE-2017-11147