Test ID:	1.3.6.1.4.1.25623.1.0.871507
Category:	Red Hat Local Security Checks
Title:	RedHat Update for rest RHSA-2015:2237-03
Summary:	The remote host is missing an update for the 'rest'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'rest' package(s) announced via the referenced advisory. Vulnerability Insight: The rest library was designed to make it easier to access web services that claim to be RESTful. A RESTful service should have URLs that represent remote objects, which methods can then be called on. It was found that the OAuth implementation in librest, a helper library for RESTful services, incorrectly truncated the pointer returned by the rest_proxy_call_get_url call. An attacker could use this flaw to crash an application using the librest library. (CVE-2015-2675) All users of rest are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, all applications using librest must be restarted for the update to take effect. Affected Software/OS: rest on Red Hat Enterprise Linux Server (v. 7) Solution: Please Install the Updated Packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-2675 RHSA-2015:2237 http://rhn.redhat.com/errata/RHSA-2015-2237.html [oss-security] 20150323 Re: CVE request: Invalid pointer dereference in the GNOME librest library http://www.openwall.com/lists/oss-security/2015/03/23/8 https://bugzilla.gnome.org/show_bug.cgi?id=742644 https://bugzilla.redhat.com/show_bug.cgi?id=1183982 https://bugzilla.redhat.com/show_bug.cgi?id=1199049 https://git.gnome.org/browse/librest/commit/?id=b50ace7738ea03817acdad87fb2b338a86018329
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.