Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2015-524)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.120056

Categoría: Amazon Linux Local Security Checks

Título: Amazon Linux: Security Advisory (ALAS-2015-524)

Resumen: The remote host is missing an update for the 'php' package(s) announced via the ALAS-2015-524 advisory.

Descripción: Summary:
The remote host is missing an update for the 'php' package(s) announced via the ALAS-2015-524 advisory.

Vulnerability Insight:
Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.

Affected Software/OS:
'php' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-2305
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
BugTraq ID: 72611
http://www.securityfocus.com/bid/72611
CERT/CC vulnerability note: VU#695940
http://www.kb.cert.org/vuls/id/695940
Debian Security Information: DSA-3195 (Google Search)
http://www.debian.org/security/2015/dsa-3195
HPdes Security Advisory: HPSBUX03337
http://marc.info/?l=bugtraq&m=143403519711434&w=2
HPdes Security Advisory: SSRT102066
https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/
http://openwall.com/lists/oss-security/2015/02/07/14
http://openwall.com/lists/oss-security/2015/03/11/8
RedHat Security Advisories: RHSA-2015:1053
http://rhn.redhat.com/errata/RHSA-2015-1053.html
RedHat Security Advisories: RHSA-2015:1066
http://rhn.redhat.com/errata/RHSA-2015-1066.html
http://www.securitytracker.com/id/1031947
SuSE Security Announcement: SUSE-SU-2015:0868 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html
SuSE Security Announcement: SUSE-SU-2015:0946 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html
SuSE Security Announcement: openSUSE-SU-2015:0644 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-04/msg00002.html
SuSE Security Announcement: openSUSE-SU-2015:0906 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-05/msg00024.html
http://www.ubuntu.com/usn/USN-2572-1
http://www.ubuntu.com/usn/USN-2594-1

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.120056
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2015-524)
Resumen:	The remote host is missing an update for the 'php' package(s) announced via the ALAS-2015-524 advisory.
Descripción:	Summary: The remote host is missing an update for the 'php' package(s) announced via the ALAS-2015-524 advisory. Vulnerability Insight: Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow. Affected Software/OS: 'php' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-2305 http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html BugTraq ID: 72611 http://www.securityfocus.com/bid/72611 CERT/CC vulnerability note: VU#695940 http://www.kb.cert.org/vuls/id/695940 Debian Security Information: DSA-3195 (Google Search) http://www.debian.org/security/2015/dsa-3195 HPdes Security Advisory: HPSBUX03337 http://marc.info/?l=bugtraq&m=143403519711434&w=2 HPdes Security Advisory: SSRT102066 https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/ http://openwall.com/lists/oss-security/2015/02/07/14 http://openwall.com/lists/oss-security/2015/03/11/8 RedHat Security Advisories: RHSA-2015:1053 http://rhn.redhat.com/errata/RHSA-2015-1053.html RedHat Security Advisories: RHSA-2015:1066 http://rhn.redhat.com/errata/RHSA-2015-1066.html http://www.securitytracker.com/id/1031947 SuSE Security Announcement: SUSE-SU-2015:0868 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html SuSE Security Announcement: SUSE-SU-2015:0946 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html SuSE Security Announcement: openSUSE-SU-2015:0644 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-04/msg00002.html SuSE Security Announcement: openSUSE-SU-2015:0906 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-05/msg00024.html http://www.ubuntu.com/usn/USN-2572-1 http://www.ubuntu.com/usn/USN-2594-1
Copyright	Copyright (C) 2015 Greenbone AG