ID de Prueba:	1.3.6.1.4.1.25623.1.0.120171
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2015-497)
Resumen:	The remote host is missing an update for the 'file' package(s) announced via the ALAS-2015-497 advisory.
Descripción:	Summary: The remote host is missing an update for the 'file' package(s) announced via the ALAS-2015-497 advisory. Vulnerability Insight: The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes. (CVE-2014-9620) The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. (CVE-2014-8116) It was reported that a malformed elf file can cause file urility to access invalid memory. (CVE-2014-9653) The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string. (CVE-2014-9621) softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. (CVE-2014-8117) Affected Software/OS: 'file' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-8116 BugTraq ID: 71700 http://www.securityfocus.com/bid/71700 FreeBSD Security Advisory: FreeBSD-SA-14:28 https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc http://seclists.org/oss-sec/2014/q4/1056 RedHat Security Advisories: RHSA-2016:0760 http://rhn.redhat.com/errata/RHSA-2016-0760.html http://www.securitytracker.com/id/1031344 http://secunia.com/advisories/61944 http://secunia.com/advisories/62081 http://www.ubuntu.com/usn/USN-2494-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-8117 BugTraq ID: 71692 http://www.securityfocus.com/bid/71692 http://www.ubuntu.com/usn/USN-2535-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-9620 BugTraq ID: 71715 http://www.securityfocus.com/bid/71715 Debian Security Information: DSA-3121 (Google Search) http://www.debian.org/security/2015/dsa-3121 https://security.gentoo.org/glsa/201503-08 http://mx.gw.com/pipermail/file/2014/001653.html http://mx.gw.com/pipermail/file/2015/001660.html http://www.openwall.com/lists/oss-security/2015/01/17/9 https://usn.ubuntu.com/3686-1/ Common Vulnerability Exposure (CVE) ID: CVE-2014-9621 http://mx.gw.com/pipermail/file/2014/001654.html Common Vulnerability Exposure (CVE) ID: CVE-2014-9653 BugTraq ID: 72516 http://www.securityfocus.com/bid/72516 Debian Security Information: DSA-3196 (Google Search) http://www.debian.org/security/2015/dsa-3196 https://security.gentoo.org/glsa/201701-42 HPdes Security Advisory: HPSBMU03380 http://marc.info/?l=bugtraq&m=143748090628601&w=2 HPdes Security Advisory: HPSBMU03409 http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://mx.gw.com/pipermail/file/2014/001649.html http://openwall.com/lists/oss-security/2015/02/05/13
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.