Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2015-478)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.120281

Categoría: Amazon Linux Local Security Checks

Título: Amazon Linux: Security Advisory (ALAS-2015-478)

Resumen: The remote host is missing an update for the 'e2fsprogs' package(s) announced via the ALAS-2015-478 advisory.

Descripción: Summary:
The remote host is missing an update for the 'e2fsprogs' package(s) announced via the ALAS-2015-478 advisory.

Vulnerability Insight:
A heap-based buffer overflow flaw was found in e2fsprogs. A specially crafted Ext2/3/4 file system could cause an application using the ext2fs library (for example, fsck) to crash or, possibly, execute arbitrary code.

Affected Software/OS:
'e2fsprogs' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-0247
BugTraq ID: 72520
http://www.securityfocus.com/bid/72520
Bugtraq: 20150205 [oCERT-2015-002] e2fsprogs input sanitization errors (Google Search)
http://www.securityfocus.com/archive/1/534633/100/0/threaded
Debian Security Information: DSA-3166 (Google Search)
http://www.debian.org/security/2015/dsa-3166
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149434.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150606.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150805.html
https://security.gentoo.org/glsa/201701-06
http://www.mandriva.com/security/advisories?name=MDVSA-2015:045
http://www.mandriva.com/security/advisories?name=MDVSA-2015:067
http://packetstormsecurity.com/files/130283/e2fsprogs-Input-Sanitization.html
http://www.ocert.org/advisories/ocert-2015-002.html
SuSE Security Announcement: SUSE-SU-2015:1103 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00019.html
SuSE Security Announcement: openSUSE-SU-2015:1006 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-06/msg00010.html
http://www.ubuntu.com/usn/USN-2507-1
XForce ISS Database: e2fsprogs-cve20150247-bo(100740)
https://exchange.xforce.ibmcloud.com/vulnerabilities/100740

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.120281
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2015-478)
Resumen:	The remote host is missing an update for the 'e2fsprogs' package(s) announced via the ALAS-2015-478 advisory.
Descripción:	Summary: The remote host is missing an update for the 'e2fsprogs' package(s) announced via the ALAS-2015-478 advisory. Vulnerability Insight: A heap-based buffer overflow flaw was found in e2fsprogs. A specially crafted Ext2/3/4 file system could cause an application using the ext2fs library (for example, fsck) to crash or, possibly, execute arbitrary code. Affected Software/OS: 'e2fsprogs' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-0247 BugTraq ID: 72520 http://www.securityfocus.com/bid/72520 Bugtraq: 20150205 [oCERT-2015-002] e2fsprogs input sanitization errors (Google Search) http://www.securityfocus.com/archive/1/534633/100/0/threaded Debian Security Information: DSA-3166 (Google Search) http://www.debian.org/security/2015/dsa-3166 http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149434.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150606.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150805.html https://security.gentoo.org/glsa/201701-06 http://www.mandriva.com/security/advisories?name=MDVSA-2015:045 http://www.mandriva.com/security/advisories?name=MDVSA-2015:067 http://packetstormsecurity.com/files/130283/e2fsprogs-Input-Sanitization.html http://www.ocert.org/advisories/ocert-2015-002.html SuSE Security Announcement: SUSE-SU-2015:1103 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00019.html SuSE Security Announcement: openSUSE-SU-2015:1006 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-06/msg00010.html http://www.ubuntu.com/usn/USN-2507-1 XForce ISS Database: e2fsprogs-cve20150247-bo(100740) https://exchange.xforce.ibmcloud.com/vulnerabilities/100740
Copyright	Copyright (C) 2015 Greenbone AG