Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2015-475)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.120292

Categoría: Amazon Linux Local Security Checks

Título: Amazon Linux: Security Advisory (ALAS-2015-475)

Resumen: The remote host is missing an update for the 'php54' package(s) announced via the ALAS-2015-475 advisory.

Descripción: Summary:
The remote host is missing an update for the 'php54' package(s) announced via the ALAS-2015-475 advisory.

Vulnerability Insight:
sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might (1) allow remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or (2) trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping. (CVE-2014-9427)

Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142. (CVE-2015-0231)

The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image. (CVE-2015-0232)

Affected Software/OS:
'php54' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-9427
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
BugTraq ID: 71833
http://www.securityfocus.com/bid/71833
https://security.gentoo.org/glsa/201503-03
HPdes Security Advisory: HPSBMU03380
http://marc.info/?l=bugtraq&m=143748090628601&w=2
HPdes Security Advisory: HPSBMU03409
http://marc.info/?l=bugtraq&m=144050155601375&w=2
http://www.mandriva.com/security/advisories?name=MDVSA-2015:032
http://openwall.com/lists/oss-security/2014/12/31/6
http://openwall.com/lists/oss-security/2015/01/01/1
http://openwall.com/lists/oss-security/2015/01/03/4
RedHat Security Advisories: RHSA-2015:1053
http://rhn.redhat.com/errata/RHSA-2015-1053.html
RedHat Security Advisories: RHSA-2015:1066
http://rhn.redhat.com/errata/RHSA-2015-1066.html
SuSE Security Announcement: SUSE-SU-2015:0365 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.html
SuSE Security Announcement: openSUSE-SU-2015:0325 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-02/msg00079.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-0231
BugTraq ID: 72539
http://www.securityfocus.com/bid/72539
Debian Security Information: DSA-3195 (Google Search)
http://www.debian.org/security/2015/dsa-3195
https://security.gentoo.org/glsa/201606-10
HPdes Security Advisory: HPSBUX03337
http://marc.info/?l=bugtraq&m=143403519711434&w=2
HPdes Security Advisory: SSRT102066
http://www.mandriva.com/security/advisories?name=MDVSA-2015:079
RedHat Security Advisories: RHSA-2015:1135
http://rhn.redhat.com/errata/RHSA-2015-1135.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-0232
BugTraq ID: 72541
http://www.securityfocus.com/bid/72541
RedHat Security Advisories: RHSA-2015:1218
http://rhn.redhat.com/errata/RHSA-2015-1218.html

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.120292
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2015-475)
Resumen:	The remote host is missing an update for the 'php54' package(s) announced via the ALAS-2015-475 advisory.
Descripción:	Summary: The remote host is missing an update for the 'php54' package(s) announced via the ALAS-2015-475 advisory. Vulnerability Insight: sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might (1) allow remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or (2) trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping. (CVE-2014-9427) Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142. (CVE-2015-0231) The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image. (CVE-2015-0232) Affected Software/OS: 'php54' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-9427 http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html BugTraq ID: 71833 http://www.securityfocus.com/bid/71833 https://security.gentoo.org/glsa/201503-03 HPdes Security Advisory: HPSBMU03380 http://marc.info/?l=bugtraq&m=143748090628601&w=2 HPdes Security Advisory: HPSBMU03409 http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://www.mandriva.com/security/advisories?name=MDVSA-2015:032 http://openwall.com/lists/oss-security/2014/12/31/6 http://openwall.com/lists/oss-security/2015/01/01/1 http://openwall.com/lists/oss-security/2015/01/03/4 RedHat Security Advisories: RHSA-2015:1053 http://rhn.redhat.com/errata/RHSA-2015-1053.html RedHat Security Advisories: RHSA-2015:1066 http://rhn.redhat.com/errata/RHSA-2015-1066.html SuSE Security Announcement: SUSE-SU-2015:0365 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.html SuSE Security Announcement: openSUSE-SU-2015:0325 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-02/msg00079.html Common Vulnerability Exposure (CVE) ID: CVE-2015-0231 BugTraq ID: 72539 http://www.securityfocus.com/bid/72539 Debian Security Information: DSA-3195 (Google Search) http://www.debian.org/security/2015/dsa-3195 https://security.gentoo.org/glsa/201606-10 HPdes Security Advisory: HPSBUX03337 http://marc.info/?l=bugtraq&m=143403519711434&w=2 HPdes Security Advisory: SSRT102066 http://www.mandriva.com/security/advisories?name=MDVSA-2015:079 RedHat Security Advisories: RHSA-2015:1135 http://rhn.redhat.com/errata/RHSA-2015-1135.html Common Vulnerability Exposure (CVE) ID: CVE-2015-0232 BugTraq ID: 72541 http://www.securityfocus.com/bid/72541 RedHat Security Advisories: RHSA-2015:1218 http://rhn.redhat.com/errata/RHSA-2015-1218.html
Copyright	Copyright (C) 2015 Greenbone AG