Vulnerability CVE-2016-5385

Vulnerability Name:

CVE-2016-5385 (CCN-115088)

Assigned:

2016-07-18

Published:

2016-07-18

Updated:

2023-02-12

Summary:

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.

CVSS v3 Severity:

8.1 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.1 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

8.1 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.1 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

5.0 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N)
4.4 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

5.0 Medium (REDHAT CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-20

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2016-5385

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: PHP Web site
PHP: Hypertext Preprocessor

Source: CCN
Type: RHSA-2016-1609
Moderate: php security update

Source: secalert@redhat.com
Type: Broken Link, Third Party Advisory
secalert@redhat.com

Source: CCN
Type: RHSA-2016-1610
Moderate: php54-php security update

Source: secalert@redhat.com
Type: Broken Link, Third Party Advisory
secalert@redhat.com

Source: CCN
Type: RHSA-2016-1611
Moderate: php55-php security update

Source: secalert@redhat.com
Type: Broken Link, Third Party Advisory
secalert@redhat.com

Source: CCN
Type: RHSA-2016-1612
Moderate: rh-php56-php security update

Source: secalert@redhat.com
Type: Broken Link, Third Party Advisory
secalert@redhat.com

Source: CCN
Type: RHSA-2016-1613
Moderate: php security and bug fix update

Source: secalert@redhat.com
Type: Broken Link, Third Party Advisory
secalert@redhat.com

Source: CCN
Type: SECTRACK ID: 1036405
TYPO3 Multiple Flaws Let Remote Users Modify Data, Inject SQL Commands, Determine Valid Usernames, and Conduct Cross-Site Scripting Attacks

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: IBM Security Bulletin T1024261 (PowerKVM)
A vulnerability in PHP affects PowerKVM (CVE-2016-5385)

Source: CCN
Type: IBM Security Bulletin T1024735 (SmartCloud Entry)
Vulnerabilities in Php affect IBM SmartCloud Entry (CVE-2015-4644 CVE-2016-5385)

Source: CCN
Type: IBM Security Bulletin S1009581 (Storwize V7000 (2076))
Multiple vulnerabilities in Apache Tomcat affect SAN Volume Controller, Storwize family and FlashSystem V9000 products

Source: CCN
Type: IBM Security Bulletin S1010007 (FlashSystem 840)
Vulnerabilities in Apache Tomcat affect the IBM FlashSystem models 840 and 900

Source: CCN
Type: IBM Security Bulletin S1010008 (FlashSystem V840)
Vulnerabilities in Apache Tomcat affect the IBM FlashSystem model V840

Source: CCN
Type: IBM Security Bulletin 1993929 (API Management)
Multiple vulnerabilities affecting web servers that run code in a CGI or CGI-like context affects IBM API Connect (CVE-2016-5385, CVE-2016-1000105)

Source: CCN
Type: IBM Security Bulletin 1994534 (Tealeaf Customer Experience)
Multiple security issues in IBM Tealeaf Customer Experience on Cloud Network Capture Add-On

Source: CCN
Type: IBM Security Bulletin 1994725 (Security QRadar SIEM)
IBM QRadar SIEM is vulnerable to various CGI vulnerabilities. (CVE-2016-5385, CVE-2016-5387, CVE-2016-5388)

Source: CCN
Type: US-CERT VU#797896
CGI web servers assign Proxy header values from client requests to internal HTTP_PROXY environment variables

Source: secalert@redhat.com
Type: Third Party Advisory, US Government Resource
secalert@redhat.com

Source: CCN
Type: Oracle CPUJan2018
Oracle Critical Patch Update Advisory - January 2018

Source: secalert@redhat.com
Type: Patch, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Patch, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: BID-91821
PHP CVE-2016-5385 Security Bypass Vulnerability

Source: secalert@redhat.com
Type: Third Party Advisory, VDB Entry
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory, VDB Entry
secalert@redhat.com

Source: CCN
Type: Red Hat Bugzilla Bug 1353794
CVE-2016-5385 PHP: sets environmental variable based on user supplied Proxy request header

Source: secalert@redhat.com
Type: Issue Tracking, Third Party Advisory, VDB Entry
secalert@redhat.com

Source: XF
Type: UNKNOWN
php-cve20165385-redirect(115088)

Source: secalert@redhat.com
Type: Release Notes, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: httpoxy Web site
httpoxy

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: TYPO3-CORE-SA-2016-019
Environment Variable Injection

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2016-5385

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 9:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 10:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/a:php:php:7.0.8:-:*:*:*:*:*:*

OR cpe:/a:typo3:typo3:8.2.0:*:*:*:*:*:*:*

AND

cpe:/a:ibm:qradar_security_information_and_event_manager:7.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:storwize_v7000_software:6.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:storwize_v7000_software:6.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:storwize_v7000_software:6.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:storwize_v7000_software:6.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:storwize_v7000_software:7.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:storwize_v7000_software:7.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:smartcloud_entry:3.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:smartcloud_entry:3.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:tealeaf_customer_experience:16.1.01:*:*:*:*:*:*:*

OR cpe:/a:ibm:smartcloud_entry:2.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:smartcloud_entry:2.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:powerkvm:2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:storwize_v7000_software:7.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:storwize_v7000_software:7.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:storwize_v7000_software:7.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:storwize_v7000_software:7.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:powerkvm:3.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_hpc_node:7:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_workstation:7:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_workstation:6:*:*:*:*:*:*:*

OR cpe:/a:ibm:storwize_v7000_software:7.6.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:storwize_v7000_software:7.7:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20165385	V	CVE-2016-5385	2022-09-02
oval:org.opensuse.security:def:113147	P	platformsh-cli-3.67.2-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:10439	P	Security update for SDL2 (Important) (in QA)	2022-01-12
oval:org.opensuse.security:def:9885	P	Security update for SDL2 (Important) (in QA)	2022-01-12
oval:org.opensuse.security:def:9680	P	Security update for libsndfile (Important)	2022-01-11
oval:org.opensuse.security:def:10710	P	Security update for the Linux Kernel (Important) (in QA)	2022-01-07
oval:org.opensuse.security:def:10438	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:9884	P	Security update for go1.17 (Moderate)	2021-12-23
oval:org.opensuse.security:def:9634	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:10372	P	Security update for aaa_base (Moderate)	2021-12-03
oval:org.opensuse.security:def:10371	P	Security update for the Linux Kernel (Important)	2021-12-02
oval:org.opensuse.security:def:10176	P	Security update for java-1_8_0-openjdk (Important)	2021-11-23
oval:org.opensuse.security:def:10175	P	Security update for webkit2gtk3 (Important)	2021-11-23
oval:org.opensuse.security:def:9612	P	Security update for MozillaFirefox (Important)	2021-11-10
oval:org.opensuse.security:def:10170	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:10169	P	Security update for Salt (Moderate)	2021-10-27
oval:org.opensuse.security:def:9604	P	Security update for dnsmasq (Moderate)	2021-10-27
oval:org.opensuse.security:def:38669	P	Security update for MozillaFirefox, rust-cbindgen (Important)	2021-10-18
oval:org.opensuse.security:def:10162	P	Security update for glibc (Moderate)	2021-10-12
oval:org.opensuse.security:def:106575	P	platformsh-cli-3.67.2-1.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:10154	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:10153	P	Security update for openssl-1_0_0 (Low)	2021-09-09
oval:org.opensuse.security:def:10147	P	Security update for xerces-c (Important)	2021-09-02
oval:org.opensuse.security:def:10148	P	Security update for ffmpeg (Important)	2021-09-02
oval:org.opensuse.security:def:11120	P	Security update for libspf2 (Critical)	2021-08-25
oval:org.opensuse.security:def:10139	P	Security update for djvulibre (Important)	2021-08-20
oval:org.opensuse.security:def:10140	P	Security update for java-1_8_0-openjdk (Important)	2021-08-20
oval:org.opensuse.security:def:14267	P	libopus0-1.1-3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:13902	P	libgnomesu-2.0.0-353.6.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14918	P	gv-3.7.4-1.36 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14247	P	libksba8-1.3.0-23.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14271	P	libpcsclite1-1.8.10-6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14212	P	libasan2-32bit-5.3.1+r233831-12.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14075	P	MozillaFirefox-52.2.0esr-108.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:13941	P	libpng15-15-1.5.22-4.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14178	P	kbd-1.15.5-8.7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14048	P	tomcat-8.0.36-11.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:13910	P	libidn-tools-1.28-4.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:13911	P	libimobiledevice6-1.2.0-7.31 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14256	P	libmodplug1-0.8.8.4-13.63 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14280	P	libpython2_7-1_0-2.7.13-27.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14931	P	java-1_7_0-openjdk-1.7.0.231-43.27.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14187	P	libMagickCore-6_Q16-1-6.8.8.1-70.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14057	P	wireshark-1.12.13-31.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:13919	P	libjson-c2-0.11-2.15 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14085	P	apache2-mod_jk-1.2.40-5.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14000	P	patch-2.7.5-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14940	P	krb5-appl-clients-1.0.3-1.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14258	P	libmspack0-0.4-14.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14909	P	groff-1.22.2-5.287 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14094	P	bash-4.3-82.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14009	P	pigz-2.3-5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14203	P	libXtst6-1.2.2-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14066	P	xorg-x11-7.6_1-14.17 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:13932	P	libmysqlclient18-10.0.27-12.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:9761	P	Security update for nodejs8 (Important)	2021-08-05
oval:org.opensuse.security:def:11099	P	Security update for fossil (Moderate)	2021-07-17
oval:org.opensuse.security:def:38660	P	Security update for MozillaFirefox (Important)	2021-07-16
oval:org.opensuse.security:def:11098	P	Security update for claws-mail (Moderate)	2021-07-16
oval:org.opensuse.security:def:10685	P	Security update for the Linux Kernel (Important)	2021-07-15
oval:org.opensuse.security:def:10296	P	Security update for go1.15 (Important)	2021-06-30
oval:org.opensuse.security:def:10112	P	Security update for ovmf (Important)	2021-06-25
oval:org.opensuse.security:def:9742	P	Security update for openexr (Important)	2021-06-24
oval:org.opensuse.security:def:10111	P	Security update for openexr (Important)	2021-06-24
oval:org.opensuse.security:def:38699	P	Security update for apache2 (Important)	2021-06-17
oval:org.opensuse.security:def:10277	P	Security update for spice-gtk (Moderate)	2021-06-10
oval:org.opensuse.security:def:10278	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:9727	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:17113	P	lcms-1.19-17.31 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17068	P	libmikmod3-3.2.0-4.59 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16635	P	php7-devel-7.0.7-50.52.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11434	P	pcsc-ccid-1.4.14-1.45 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16348	P	php5-devel-5.5.14-108.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17093	P	NetworkManager-1.0.12-8.6 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17259	P	libiso9660-8-0.90-6.3.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17082	P	libwmf-0_2-7-0.2.8.4-242.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17024	P	libreoffice-4.3.1.2-3.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16673	P	yast2-core-devel-3.3.1-1.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11412	P	libvorbis0-1.3.3-8.23 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16349	P	php7-devel-7.0.7-49.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17169	P	gnome-shell-calendar-3.20.4-76.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16631	P	pam-devel-1.1.8-24.14.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17081	P	libvirt-client-32bit-1.2.18.1-4.22 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:124640	P	php5-devel-5.5.14-109.41.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17149	P	telepathy-idle-0.2.0-1.62 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17115	P	libFLAC++6-32bit-1.3.0-11.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17025	P	libsilc-1_1-2-1.1.10-24.128 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17100	P	empathy-3.12.12-5.12 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16992	P	ImageMagick-6.8.8.1-5.21 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16634	P	php5-devel-5.5.14-109.41.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16639	P	procps-devel-3.3.9-11.14.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17157	P	colord-1.3.3-12.13 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:124641	P	php7-devel-7.0.7-50.52.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17191	P	libndp0-1.6-2.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16098	P	php5-devel-5.5.14-73.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17291	P	pidgin-plugin-otr-4.0.2-1.29 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:10087	P	Security update for polkit (Important)	2021-06-03
oval:org.opensuse.security:def:10263	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:10086	P	Security update for dhcp (Important)	2021-06-02
oval:org.opensuse.security:def:10262	P	Security update for curl (Moderate)	2021-05-31
oval:org.opensuse.security:def:38611	P	Security update for ImageMagick (Moderate)	2021-04-20
oval:org.opensuse.security:def:9863	P	Security update for git (Important)	2021-03-09
oval:org.opensuse.security:def:9861	P	Security update for the Linux Kernel (Important)	2021-03-09
oval:org.opensuse.security:def:9862	P	Security update for openssl-1_1 (Moderate)	2021-03-09
oval:org.opensuse.security:def:10216	P	Security update for wpa_supplicant (Important)	2021-03-08
oval:org.opensuse.security:def:10215	P	Security update for python-cryptography (Important)	2021-03-03
oval:org.opensuse.security:def:9854	P	Security update for grub2 (Important)	2021-03-02
oval:org.opensuse.security:def:9855	P	Security update for bind (Important)	2021-03-02
oval:org.opensuse.security:def:10397	P	Security update for salt (Critical)	2021-02-26
oval:org.opensuse.security:def:10396	P	Security update for php7 (Important)	2021-02-24
oval:org.opensuse.security:def:38151	P	Security update for jasper (Important)	2021-02-16
oval:org.opensuse.security:def:9836	P	Security update for subversion (Important)	2021-02-10
oval:org.opensuse.security:def:10163	P	Security update for python-urllib3 (Moderate)	2021-02-08
oval:org.opensuse.security:def:10297	P	Security update for go1.14 (Moderate)	2021-01-26
oval:org.opensuse.security:def:11121	P	Security update for viewvc (Moderate)	2021-01-19
oval:org.opensuse.security:def:10585	P	Security update for the Linux Kernel (Important)	2020-12-09
oval:org.opensuse.security:def:16940	P	ocaml-4.03.0-8.6.8 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16891	P	libspice-server-devel-0.12.8-12.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16715	P	dpdk-devel-18.11.2-1.59 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16882	P	libreoffice-sdk-6.2.7.1-43.56.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16758	P	id3lib-3.8.3-261.119 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16898	P	libtasn1-devel-4.9-3.10.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:17348	P	libmwaw-0_3-3-0.3.14-7.12.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:17382	P	python3-requests-2.7.0-2.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16948	P	php7-devel-7.0.7-50.85.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16906	P	libunwind-devel-1.1-11.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16958	P	python3-urllib3-1.22-3.17.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16834	P	libjpeg62-devel-62.2.0-31.14.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16846	P	libmspack-devel-0.4-14.4 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16922	P	libzmq3-4.0.4-15.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16749	P	gstreamer-plugins-bad-devel-1.8.3-17.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16815	P	libgcrypt-devel-1.6.1-16.68.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:17360	P	libpodofo0_9_2-0.9.2-3.9.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16707	P	cups-ddk-1.7.5-20.23.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:37910	P	libldap-2_4-2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10835	P	php5-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9912	P	libqt4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10563	P	libxcb-composite0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9978	P	python-requests on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:39460	P	Security update for php7 (Moderate)	2020-12-01
oval:org.opensuse.security:def:10011	P	vsftpd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38727	P	libspice-client-glib-2_0-8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9930	P	libupsclient1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10448	P	gnome-shell-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:39409	P	Security update for smt (Moderate)	2020-12-01
oval:org.opensuse.security:def:38401	P	libxcb-dri2-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10610	P	xfig on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17855	P	Security update for php7 (Moderate)	2020-12-01
oval:org.opensuse.security:def:37919	P	libmpfr4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10529	P	libpcscspy0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38302	P	libidn-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10836	P	php7-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38005	P	mipv6d on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17753	P	Security update for mozilla-nss (Moderate)	2020-12-01
oval:org.opensuse.security:def:10813	P	libxml2-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9903	P	libpng15-15 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10012	P	w3m on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38736	P	libtiff5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37909	P	liblcms1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9931	P	libusbmuxd4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10761	P	libmusicbrainz-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:39418	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:9992	P	squid on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38771	P	perl-Config-IniFiles on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38620	P	hplip on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10460	P	lhasa-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:18046	P	Security update for php7 (Moderate)	2020-12-01
oval:org.opensuse.security:def:38311	P	libjpeg62-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38014	P	ovmf on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10591	P	python3-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38552	P	avahi on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17829	P	Security update for sssd (Moderate)	2020-12-01
oval:org.opensuse.security:def:10483	P	libapr1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38244	P	libQt5WebKit5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10814	P	libxslt-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37921	P	libmusicbrainz4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9925	P	libtasn1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37918	P	libmodplug1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10453	P	hplip-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9993	P	squidGuard on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38708	P	libpango-1_0-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10752	P	libjson-c-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38780	P	python on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9977	P	python-pywbem on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10774	P	libplist++-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:39451	P	Security update for php5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:38561	P	colord-gtk-lang on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10447	P	gnome-settings-daemon-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:18020	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:38253	P	libXfont1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37930	P	libopenssl-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10576	P	nut-cgi on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38392	P	libvirt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10461	P	lib3ds-1-3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38142	P	bubblewrap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17779	P	Security update for php5 (Moderate)	2020-12-01
oval:org.cisecurity:def:1009	P	DSA-3631-1 -- php5 -- security update	2016-09-16
oval:com.redhat.rhsa:def:20161609	P	RHSA-2016:1609: php security update (Moderate)	2016-08-11
oval:com.redhat.rhsa:def:20161613	P	RHSA-2016:1613: php security and bug fix update (Moderate)	2016-08-11
oval:com.ubuntu.xenial:def:201653850000000	V	CVE-2016-5385 on Ubuntu 16.04 LTS (xenial) - medium.	2016-07-19
oval:com.ubuntu.xenial:def:20165385000	V	CVE-2016-5385 on Ubuntu 16.04 LTS (xenial) - medium.	2016-07-18
oval:com.ubuntu.precise:def:20165385000	V	CVE-2016-5385 on Ubuntu 12.04 LTS (precise) - medium.	2016-07-18
oval:com.ubuntu.trusty:def:20165385000	V	CVE-2016-5385 on Ubuntu 14.04 LTS (trusty) - medium.	2016-07-18

BACK