Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2015-495)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.120169

Categoría: Amazon Linux Local Security Checks

Título: Amazon Linux: Security Advisory (ALAS-2015-495)

Resumen: The remote host is missing an update for the 'glibc' package(s) announced via the ALAS-2015-495 advisory.

Descripción: Summary:
The remote host is missing an update for the 'glibc' package(s) announced via the ALAS-2015-495 advisory.

Vulnerability Insight:
An out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application. (CVE-2014-6040)

It was found that the files back end of Name Service Switch (NSS) did not isolate iteration over an entire database from key-based look-up API calls. An application performing look-ups on a database while iterating over it could enter an infinite loop, leading to a denial of service. (CVE-2014-8121)

Affected Software/OS:
'glibc' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-6040
62100
http://secunia.com/advisories/62100
62146
http://secunia.com/advisories/62146
69472
http://www.securityfocus.com/bid/69472
DSA-3142
http://www.debian.org/security/2015/dsa-3142
GLSA-201602-02
https://security.gentoo.org/glsa/201602-02
MDVSA-2014:175
http://www.mandriva.com/security/advisories?name=MDVSA-2014:175
USN-2432-1
http://ubuntu.com/usn/usn-2432-1
[oss-security] 20140829 CVE request: glibc character set conversion from IBM code pages
http://www.openwall.com/lists/oss-security/2014/08/29/3
[oss-security] 20140902 Re: CVE request: glibc character set conversion from IBM code pages
http://www.openwall.com/lists/oss-security/2014/09/02/1
http://linux.oracle.com/errata/ELSA-2015-0016.html
https://sourceware.org/bugzilla/show_bug.cgi?id=17325
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=41488498b6
Common Vulnerability Exposure (CVE) ID: CVE-2014-8121
73038
http://www.securityfocus.com/bid/73038
DSA-3480
http://www.debian.org/security/2016/dsa-3480
RHSA-2015:0327
http://rhn.redhat.com/errata/RHSA-2015-0327.html
SUSE-SU-2015:1424
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html
SUSE-SU-2016:0470
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html
USN-2985-1
http://www.ubuntu.com/usn/USN-2985-1
USN-2985-2
http://www.ubuntu.com/usn/USN-2985-2
[libc-alpha] 20150223 [PATCH] CVE-2014-8121: Fix nss_files file management [BZ#18007]
https://sourceware.org/ml/libc-alpha/2015-02/msg00617.html
https://bugzilla.redhat.com/show_bug.cgi?id=1165192

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.120169
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2015-495)
Resumen:	The remote host is missing an update for the 'glibc' package(s) announced via the ALAS-2015-495 advisory.
Descripción:	Summary: The remote host is missing an update for the 'glibc' package(s) announced via the ALAS-2015-495 advisory. Vulnerability Insight: An out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application. (CVE-2014-6040) It was found that the files back end of Name Service Switch (NSS) did not isolate iteration over an entire database from key-based look-up API calls. An application performing look-ups on a database while iterating over it could enter an infinite loop, leading to a denial of service. (CVE-2014-8121) Affected Software/OS: 'glibc' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-6040 62100 http://secunia.com/advisories/62100 62146 http://secunia.com/advisories/62146 69472 http://www.securityfocus.com/bid/69472 DSA-3142 http://www.debian.org/security/2015/dsa-3142 GLSA-201602-02 https://security.gentoo.org/glsa/201602-02 MDVSA-2014:175 http://www.mandriva.com/security/advisories?name=MDVSA-2014:175 USN-2432-1 http://ubuntu.com/usn/usn-2432-1 [oss-security] 20140829 CVE request: glibc character set conversion from IBM code pages http://www.openwall.com/lists/oss-security/2014/08/29/3 [oss-security] 20140902 Re: CVE request: glibc character set conversion from IBM code pages http://www.openwall.com/lists/oss-security/2014/09/02/1 http://linux.oracle.com/errata/ELSA-2015-0016.html https://sourceware.org/bugzilla/show_bug.cgi?id=17325 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=41488498b6 Common Vulnerability Exposure (CVE) ID: CVE-2014-8121 73038 http://www.securityfocus.com/bid/73038 DSA-3480 http://www.debian.org/security/2016/dsa-3480 RHSA-2015:0327 http://rhn.redhat.com/errata/RHSA-2015-0327.html SUSE-SU-2015:1424 http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html SUSE-SU-2016:0470 http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html USN-2985-1 http://www.ubuntu.com/usn/USN-2985-1 USN-2985-2 http://www.ubuntu.com/usn/USN-2985-2 [libc-alpha] 20150223 [PATCH] CVE-2014-8121: Fix nss_files file management [BZ#18007] https://sourceware.org/ml/libc-alpha/2015-02/msg00617.html https://bugzilla.redhat.com/show_bug.cgi?id=1165192
Copyright	Copyright (C) 2015 Greenbone AG