Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2014-361)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.120144

Categoría: Amazon Linux Local Security Checks

Título: Amazon Linux: Security Advisory (ALAS-2014-361)

Resumen: The remote host is missing an update for the 'php54' package(s) announced via the ALAS-2014-361 advisory.

Descripción: Summary:
The remote host is missing an update for the 'php54' package(s) announced via the ALAS-2014-361 advisory.

Vulnerability Insight:
The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.

The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long.

Affected Software/OS:
'php54' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-0237
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
BugTraq ID: 67759
http://www.securityfocus.com/bid/67759
Debian Security Information: DSA-3021 (Google Search)
http://www.debian.org/security/2014/dsa-3021
RedHat Security Advisories: RHSA-2014:1765
http://rhn.redhat.com/errata/RHSA-2014-1765.html
RedHat Security Advisories: RHSA-2014:1766
http://rhn.redhat.com/errata/RHSA-2014-1766.html
http://secunia.com/advisories/59061
http://secunia.com/advisories/59329
http://secunia.com/advisories/59418
http://secunia.com/advisories/60998
SuSE Security Announcement: SUSE-SU-2014:0869 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-0238
BugTraq ID: 67765
http://www.securityfocus.com/bid/67765

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.120144
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2014-361)
Resumen:	The remote host is missing an update for the 'php54' package(s) announced via the ALAS-2014-361 advisory.
Descripción:	Summary: The remote host is missing an update for the 'php54' package(s) announced via the ALAS-2014-361 advisory. Vulnerability Insight: The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls. The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long. Affected Software/OS: 'php54' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0237 http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html BugTraq ID: 67759 http://www.securityfocus.com/bid/67759 Debian Security Information: DSA-3021 (Google Search) http://www.debian.org/security/2014/dsa-3021 RedHat Security Advisories: RHSA-2014:1765 http://rhn.redhat.com/errata/RHSA-2014-1765.html RedHat Security Advisories: RHSA-2014:1766 http://rhn.redhat.com/errata/RHSA-2014-1766.html http://secunia.com/advisories/59061 http://secunia.com/advisories/59329 http://secunia.com/advisories/59418 http://secunia.com/advisories/60998 SuSE Security Announcement: SUSE-SU-2014:0869 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html Common Vulnerability Exposure (CVE) ID: CVE-2014-0238 BugTraq ID: 67765 http://www.securityfocus.com/bid/67765
Copyright	Copyright (C) 2015 Greenbone AG