security #11832 CVE-2014-6072 (fabpot)
security #11831 CVE-2014-5245 (stof)
security #11830 CVE-2014-4931 (aitboudad, Jeremy Derusse)
security #11829 CVE-2014-6061 (damz, fabpot)
security #11828 CVE-2014-5244 (nicolas-grekas, larowlan)
bug #10197 [FrameworkBundle] PhpExtractor bugfix and improvements (mtibben)
bug #11772 [Filesystem] Add FTP stream wrapper context option to enable overwrite (Damian Sromek)
bug #11791 [Process] fix mustRun() in sigchild environments (xabbuh)
bug #11788 [Yaml] fixed mapping keys containing a quoted # (hvt, fabpot)
bug #11787 fixed DateComparator if file does not exist (avi123)
bug #11160 [DoctrineBridge] Abstract Doctrine Subscribers with tags (merk)
bug #11768 [ClassLoader] Add a __call() method to XcacheClassLoader (tstoeckler)
bug #11739 [Validator] Pass strict argument into the strict email validator (brianfreytag)
bug #11749 [TwigBundle] Remove hard dependency of RequestContext in AssetsExtension (pgodel)
bug #11726 [Filesystem Component] mkdir race condition fix #11626 (kcassam)
bug #11677 [YAML] resolve variables in inlined YAML (xabbuh)
bug #11639 [DependencyInjection] Fixed factory service not within the ServiceReferenceGraph. (boekkooi)
bug #11778 [Validator] Fixed wrong translations for Collection constraints (samicemalone)
bug #11756 [DependencyInjection] fix @return anno created by PhpDumper (jakubkulhan)
bug #11711 [DoctrineBridge] Fix empty parameter logging in the dbal logger (jakzal)
bug #11692 [DomCrawler] check for the correct field type (xabbuh)
bug #11672 [Routing] fix handling of nullable XML attributes (xabbuh)
bug #11624 [DomCrawler] fix the axes handling in a bc way (xabbuh)
bug #11676 [Form] Fixed #11675 ValueToDuplicatesTransformer accept ‘0’ value (Nek-)
bug #11695 [Validators] Fixed failing tests requiring ICU 52.1 which are skipped otherwise (webmozart)
bug #11584 [FrameworkBundle] Fixed validator factory definition when the Validator API is ‘auto’ for PHP < 5.3.9 (webmozart)
bug #11645 [Form] Fixed ValidatorExtension to work with the 2.5 Validation API (webmozart)
bug #11529 [WebProfilerBundle] Fixed double height of canvas (hason)
bug #11666 [DIC] Fixed: anonymous services are always private (lyrixx)
bug #11641 [WebProfilerBundle ] Fix toolbar vertical alignment (blaugueux)
bug #11637 fix dependencies on HttpFoundation component (xabbuh)
bug #11559 [Validator] Convert objects to string in comparison validators (webmozart)
feature #11510 [HttpFoundation] MongoDbSessionHandler supports auto expiry via configurable expiry_field (catchamonkey)
bug #11408 [HttpFoundation] Update QUERY_STRING when overrideGlobals (yguedidi)
bug #11625 [FrameworkBundle] resolve parameters before the configs are processed in the config:debug command (xabbuh)
bug #11633 [FrameworkBundle] add missing attribute to XSD (xabbuh)
bug #11601 [Validator] Allow basic auth in url when using UrlValidator. (blaugueux)
bug #11609 [Console] fixed style creation when providing an unknown tag option (fabpot)
bug #10914 [HttpKernel] added an analyze of environment parameters for built-in server (mauchede)
bug #11598 [Finder] Shell escape and windows support (Gordon Franke, gimler)
bug #11582 [DoctrineBridge] Changed UniqueEntityValidator to use the 2.5 Validation API (webmozart)
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2014-10239.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(77786);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_xref(name:"FEDORA", value:"2014-10239");
script_name(english:"Fedora 21 : php-symfony-2.5.4-1.fc21 (2014-10239)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"## 2.5.4 (2014-09-03)
- security #11832 CVE-2014-6072 (fabpot)
- security #11831 CVE-2014-5245 (stof)
- security #11830 CVE-2014-4931 (aitboudad, Jeremy
Derusse)
- security #11829 CVE-2014-6061 (damz, fabpot)
- security #11828 CVE-2014-5244 (nicolas-grekas,
larowlan)
- bug #10197 [FrameworkBundle] PhpExtractor bugfix and
improvements (mtibben)
- bug #11772 [Filesystem] Add FTP stream wrapper context
option to enable overwrite (Damian Sromek)
- bug #11791 [Process] fix mustRun() in sigchild
environments (xabbuh)
- bug #11788 [Yaml] fixed mapping keys containing a
quoted # (hvt, fabpot)
- bug #11787 fixed DateComparator if file does not exist
(avi123)
- bug #11160 [DoctrineBridge] Abstract Doctrine
Subscribers with tags (merk)
- bug #11768 [ClassLoader] Add a __call() method to
XcacheClassLoader (tstoeckler)
- bug #11739 [Validator] Pass strict argument into the
strict email validator (brianfreytag)
- bug #11749 [TwigBundle] Remove hard dependency of
RequestContext in AssetsExtension (pgodel)
- bug #11726 [Filesystem Component] mkdir race condition
fix #11626 (kcassam)
- bug #11677 [YAML] resolve variables in inlined YAML
(xabbuh)
- bug #11639 [DependencyInjection] Fixed factory service
not within the ServiceReferenceGraph. (boekkooi)
- bug #11778 [Validator] Fixed wrong translations for
Collection constraints (samicemalone)
- bug #11756 [DependencyInjection] fix @return anno
created by PhpDumper (jakubkulhan)
- bug #11711 [DoctrineBridge] Fix empty parameter
logging in the dbal logger (jakzal)
- bug #11692 [DomCrawler] check for the correct field
type (xabbuh)
- bug #11672 [Routing] fix handling of nullable XML
attributes (xabbuh)
- bug #11624 [DomCrawler] fix the axes handling in a bc
way (xabbuh)
- bug #11676 [Form] Fixed #11675
ValueToDuplicatesTransformer accept '0' value (Nek-)
- bug #11695 [Validators] Fixed failing tests requiring
ICU 52.1 which are skipped otherwise (webmozart)
- bug #11584 [FrameworkBundle] Fixed validator factory
definition when the Validator API is 'auto' for PHP <
5.3.9 (webmozart)
- bug #11645 [Form] Fixed ValidatorExtension to work
with the 2.5 Validation API (webmozart)
- bug #11529 [WebProfilerBundle] Fixed double height of
canvas (hason)
- bug #11666 [DIC] Fixed: anonymous services are always
private (lyrixx)
- bug #11641 [WebProfilerBundle ] Fix toolbar vertical
alignment (blaugueux)
- bug #11637 fix dependencies on HttpFoundation
component (xabbuh)
- bug #11559 [Validator] Convert objects to string in
comparison validators (webmozart)
- feature #11510 [HttpFoundation] MongoDbSessionHandler
supports auto expiry via configurable expiry_field
(catchamonkey)
- bug #11408 [HttpFoundation] Update QUERY_STRING when
overrideGlobals (yguedidi)
- bug #11625 [FrameworkBundle] resolve parameters before
the configs are processed in the config:debug command
(xabbuh)
- bug #11633 [FrameworkBundle] add missing attribute to
XSD (xabbuh)
- bug #11601 [Validator] Allow basic auth in url when
using UrlValidator. (blaugueux)
- bug #11609 [Console] fixed style creation when
providing an unknown tag option (fabpot)
- bug #10914 [HttpKernel] added an analyze of
environment parameters for built-in server (mauchede)
- bug #11598 [Finder] Shell escape and windows support
(Gordon Franke, gimler)
- bug #11582 [DoctrineBridge] Changed
UniqueEntityValidator to use the 2.5 Validation API
(webmozart)
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1138285"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2014-September/137913.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?f9541987"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected php-symfony package."
);
script_set_attribute(attribute:"risk_factor", value:"High");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-symfony");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:21");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/09/06");
script_set_attribute(attribute:"patch_publication_date", value:"2014/09/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/23");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^21([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 21.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC21", reference:"php-symfony-2.5.4-1.fc21")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php-symfony");
}