ID de Prueba:	1.3.6.1.4.1.25623.1.0.120291
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2015-476)
Resumen:	The remote host is missing an update for the 'kernel' package(s) announced via the ALAS-2015-476 advisory.
Descripción:	Summary: The remote host is missing an update for the 'kernel' package(s) announced via the ALAS-2015-476 advisory. Vulnerability Insight: The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the entry for the other category, aka a 'negative groups' issue, related to kernel/groups.c, kernel/uid16.c, and kernel/user_namespace.c. (CVE-2014-8989) A flaw was found in the way the Linux kernel's splice() system call validated its parameters. On certain file systems, a local, unprivileged user could use this flaw to write past the maximum file size, and thus crash the system. (CVE-2014-7822) Affected Software/OS: 'kernel' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-7822 117810 http://www.osvdb.org/117810 36743 https://www.exploit-db.com/exploits/36743/ 72347 http://www.securityfocus.com/bid/72347 DSA-3170 http://www.debian.org/security/2015/dsa-3170 RHSA-2015:0102 http://rhn.redhat.com/errata/RHSA-2015-0102.html RHSA-2015:0164 http://rhn.redhat.com/errata/RHSA-2015-0164.html RHSA-2015:0674 http://rhn.redhat.com/errata/RHSA-2015-0674.html RHSA-2015:0694 http://rhn.redhat.com/errata/RHSA-2015-0694.html SUSE-SU-2015:0529 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html SUSE-SU-2015:0736 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html SUSE-SU-2015:1488 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html SUSE-SU-2015:1489 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html USN-2541-1 http://www.ubuntu.com/usn/USN-2541-1 USN-2542-1 http://www.ubuntu.com/usn/USN-2542-1 USN-2543-1 http://www.ubuntu.com/usn/USN-2543-1 USN-2544-1 http://www.ubuntu.com/usn/USN-2544-1 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8d0207652cbe27d1f962050737848e5ad4671958 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html https://bugzilla.redhat.com/show_bug.cgi?id=1163792 https://github.com/torvalds/linux/commit/8d0207652cbe27d1f962050737848e5ad4671958 openSUSE-SU-2015:0714 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html Common Vulnerability Exposure (CVE) ID: CVE-2014-8989 BugTraq ID: 71154 http://www.securityfocus.com/bid/71154 http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147973.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147864.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:058 http://www.openwall.com/lists/oss-security/2014/11/20/4 http://www.ubuntu.com/usn/USN-2515-1 http://www.ubuntu.com/usn/USN-2516-1 http://www.ubuntu.com/usn/USN-2517-1 http://www.ubuntu.com/usn/USN-2518-1
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.