CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
68.4%
PHP version 7.2.21 (01 Aug 2019)
Date:
EXIF:
Fixed bug php#78256 (heap-buffer-overflow on exif_process_user_comment). (CVE-2019-11042) (Stas)
Fixed bug php#78222 (heap-buffer-overflow on exif_scan_thumbnail). (CVE-2019-11041) (Stas)
Fileinfo:
FTP:
Libxml:
LiteSpeed:
Updated to LiteSpeed SAPI V7.4.3 (increased response header count limit from 100 to 1000, added crash handler to cleanly shutdown PHP request, added CloudLinux mod_lsapi mode). (George Wang)
Fixed bug php#76058 (After ‘POST data can’t be buffered’, using php://input makes huge tmp files).
(George Wang)
Openssl:
OPcache:
Fixed bug php#78189 (file cache strips last character of uname hash). (cmb)
Fixed bug php#78202 (Opcache stats for cache hits are capped at 32bit NUM). (cmb)
Fixed bug php#78291 (opcache_get_configuration doesn’t list all directives). (Andrew Collington)
Phar:
Phpdbg:
PDO_Sqlite:
Standard:
Fixed bug php#78241 (touch() does not handle dates after 2038 in PHP 64-bit). (cmb)
Fixed bug php#78269 (password_hash uses weak options for argon2). (Remi)
XMLRPC:
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2019-ec40d89812.
#
include('compat.inc');
if (description)
{
script_id(127535);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/07");
script_cve_id("CVE-2019-11041", "CVE-2019-11042");
script_xref(name:"FEDORA", value:"2019-ec40d89812");
script_name(english:"Fedora 30 : php (2019-ec40d89812)");
script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing a security update.");
script_set_attribute(attribute:"description", value:
"**PHP version 7.2.21** (01 Aug 2019)
**Date:**
- Fixed bug php#69044 (discrepency between time and
microtime). (krakjoe)
**EXIF:**
- Fixed bug php#78256 (heap-buffer-overflow on
exif_process_user_comment). (CVE-2019-11042) (Stas)
- Fixed bug php#78222 (heap-buffer-overflow on
exif_scan_thumbnail). (CVE-2019-11041) (Stas)
**Fileinfo:**
- Fixed bug php#78183 (finfo_file shows wrong mime-type
for .tga file). (Joshua Westerheide)
**FTP:**
- Fixed bug php#77124 (FTP with SSL memory leak). (Nikita)
**Libxml:**
- Fixed bug php#78279 (libxml_disable_entity_loader
settings is shared between requests (cgi-fcgi)).
(Nikita)
**LiteSpeed:**
- Updated to LiteSpeed SAPI V7.4.3 (increased response
header count limit from 100 to 1000, added crash handler
to cleanly shutdown PHP request, added CloudLinux
mod_lsapi mode). (George Wang)
- Fixed bug php#76058 (After 'POST data can't be
buffered', using php://input makes huge tmp files).
(George Wang)
**Openssl:**
- Fixed bug php#78231 (Segmentation fault upon
stream_socket_accept of exported socket-to-stream).
(Nikita)
**OPcache:**
- Fixed bug php#78189 (file cache strips last character of
uname hash). (cmb)
- Fixed bug php#78202 (Opcache stats for cache hits are
capped at 32bit NUM). (cmb)
- Fixed bug php#78291 (opcache_get_configuration doesn't
list all directives). (Andrew Collington)
**Phar:**
- Fixed bug php#77919 (Potential UAF in Phar RSHUTDOWN).
(cmb)
**Phpdbg:**
- Fixed bug php#78297 (Include unexistent file memory
leak). (Nikita)
**PDO_Sqlite:**
- Fixed bug php#78192 (SegFault when reuse statement after
schema has changed). (Vincent Quatrevieux)
**Standard:**
- Fixed bug php#78241 (touch() does not handle dates after
2038 in PHP 64-bit). (cmb)
- Fixed bug php#78269 (password_hash uses weak options for
argon2). (Remi)
**XMLRPC:**
- Fixed bug php#78173 (XML-RPC mutates immutable objects
during encoding). (Asher Baker)
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-ec40d89812");
script_set_attribute(attribute:"solution", value:
"Update the affected php package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11042");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/09");
script_set_attribute(attribute:"patch_publication_date", value:"2019/08/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Fedora Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^30([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC30", reference:"php-7.3.8-1.fc30")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php");
}
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
68.4%