Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2012-63)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.120585

Categoría: Amazon Linux Local Security Checks

Título: Amazon Linux: Security Advisory (ALAS-2012-63)

Resumen: The remote host is missing an update for the 'nginx' package(s) announced via the ALAS-2012-63 advisory.

Descripción: Summary:
The remote host is missing an update for the 'nginx' package(s) announced via the ALAS-2012-63 advisory.

Vulnerability Insight:
Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.

Affected Software/OS:
'nginx' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-1180
1026827
http://www.securitytracker.com/id?1026827
20120315 nginx fix for malformed HTTP responses from upstream servers
http://seclists.org/bugtraq/2012/Mar/65
48465
http://secunia.com/advisories/48465
48577
http://secunia.com/advisories/48577
52578
http://www.securityfocus.com/bid/52578
80124
http://osvdb.org/80124
DSA-2434
http://www.debian.org/security/2012/dsa-2434
FEDORA-2012-3846
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077966.html
FEDORA-2012-3991
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076646.html
FEDORA-2012-4006
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076671.html
GLSA-201203-22
http://security.gentoo.org/glsa/glsa-201203-22.xml
MDVSA-2012:043
http://www.mandriva.com/security/advisories?name=MDVSA-2012:043
[oss-security] 20120315 CVE Request: nginx fix for malformed HTTP responses from upstream servers
http://www.openwall.com/lists/oss-security/2012/03/15/5
[oss-security] 20120315 Re: CVE Request: nginx fix for malformed HTTP responses from upstream servers
http://www.openwall.com/lists/oss-security/2012/03/15/9
http://nginx.org/download/patch.2012.memory.txt
http://nginx.org/en/security_advisories.html
http://trac.nginx.org/nginx/changeset/4530/nginx
http://trac.nginx.org/nginx/changeset/4531/nginx
https://bugzilla.redhat.com/show_bug.cgi?id=803856
nginx-ngxcpystrn-info-disclosure(74191)
https://exchange.xforce.ibmcloud.com/vulnerabilities/74191
openSUSE-SU-2012:0469
https://hermes.opensuse.org/messages/14173096

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.120585
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2012-63)
Resumen:	The remote host is missing an update for the 'nginx' package(s) announced via the ALAS-2012-63 advisory.
Descripción:	Summary: The remote host is missing an update for the 'nginx' package(s) announced via the ALAS-2012-63 advisory. Vulnerability Insight: Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request. Affected Software/OS: 'nginx' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-1180 1026827 http://www.securitytracker.com/id?1026827 20120315 nginx fix for malformed HTTP responses from upstream servers http://seclists.org/bugtraq/2012/Mar/65 48465 http://secunia.com/advisories/48465 48577 http://secunia.com/advisories/48577 52578 http://www.securityfocus.com/bid/52578 80124 http://osvdb.org/80124 DSA-2434 http://www.debian.org/security/2012/dsa-2434 FEDORA-2012-3846 http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077966.html FEDORA-2012-3991 http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076646.html FEDORA-2012-4006 http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076671.html GLSA-201203-22 http://security.gentoo.org/glsa/glsa-201203-22.xml MDVSA-2012:043 http://www.mandriva.com/security/advisories?name=MDVSA-2012:043 [oss-security] 20120315 CVE Request: nginx fix for malformed HTTP responses from upstream servers http://www.openwall.com/lists/oss-security/2012/03/15/5 [oss-security] 20120315 Re: CVE Request: nginx fix for malformed HTTP responses from upstream servers http://www.openwall.com/lists/oss-security/2012/03/15/9 http://nginx.org/download/patch.2012.memory.txt http://nginx.org/en/security_advisories.html http://trac.nginx.org/nginx/changeset/4530/nginx http://trac.nginx.org/nginx/changeset/4531/nginx https://bugzilla.redhat.com/show_bug.cgi?id=803856 nginx-ngxcpystrn-info-disclosure(74191) https://exchange.xforce.ibmcloud.com/vulnerabilities/74191 openSUSE-SU-2012:0469 https://hermes.opensuse.org/messages/14173096
Copyright	Copyright (C) 2015 Greenbone AG