English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.120633
Categoría:Amazon Linux Local Security Checks
Título:Amazon Linux: Security Advisory (ALAS-2016-643)
Resumen:The remote host is missing an update for the 'java-1.7.0-openjdk' package(s) announced via the ALAS-2016-643 advisory.
Descripción:Summary:
The remote host is missing an update for the 'java-1.7.0-openjdk' package(s) announced via the ALAS-2016-643 advisory.

Vulnerability Insight:
An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0483)

An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2016-0494)

It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. (CVE-2016-0466)

A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575)

Multiple flaws were discovered in the Libraries, Networking, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-4871, CVE-2016-0402, CVE-2016-0448)

Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file.

Affected Software/OS:
'java-1.7.0-openjdk' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-4871
BugTraq ID: 77238
http://www.securityfocus.com/bid/77238
Debian Security Information: DSA-3381 (Google Search)
http://www.debian.org/security/2015/dsa-3381
Debian Security Information: DSA-3401 (Google Search)
http://www.debian.org/security/2015/dsa-3401
https://security.gentoo.org/glsa/201603-11
https://security.gentoo.org/glsa/201603-14
RedHat Security Advisories: RHSA-2015:1927
http://rhn.redhat.com/errata/RHSA-2015-1927.html
RedHat Security Advisories: RHSA-2015:2506
http://rhn.redhat.com/errata/RHSA-2015-2506.html
RedHat Security Advisories: RHSA-2015:2507
http://rhn.redhat.com/errata/RHSA-2015-2507.html
RedHat Security Advisories: RHSA-2015:2509
http://rhn.redhat.com/errata/RHSA-2015-2509.html
RedHat Security Advisories: RHSA-2016:0053
http://rhn.redhat.com/errata/RHSA-2016-0053.html
RedHat Security Advisories: RHSA-2016:0054
http://rhn.redhat.com/errata/RHSA-2016-0054.html
RedHat Security Advisories: RHSA-2016:1430
https://access.redhat.com/errata/RHSA-2016:1430
http://www.securitytracker.com/id/1033884
SuSE Security Announcement: SUSE-SU-2015:2166 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html
SuSE Security Announcement: SUSE-SU-2015:2168 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html
SuSE Security Announcement: SUSE-SU-2015:2182 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html
SuSE Security Announcement: SUSE-SU-2015:2192 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html
SuSE Security Announcement: SUSE-SU-2015:2216 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html
SuSE Security Announcement: SUSE-SU-2015:2268 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00014.html
SuSE Security Announcement: SUSE-SU-2016:0113 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html
SuSE Security Announcement: SUSE-SU-2016:0265 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html
SuSE Security Announcement: SUSE-SU-2016:0269 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html
SuSE Security Announcement: openSUSE-SU-2016:0268 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html
SuSE Security Announcement: openSUSE-SU-2016:0272 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html
SuSE Security Announcement: openSUSE-SU-2016:0279 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html
http://www.ubuntu.com/usn/USN-2818-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-7575
1034541
http://www.securitytracker.com/id/1034541
1036467
http://www.securitytracker.com/id/1036467
79684
http://www.securityfocus.com/bid/79684
91787
http://www.securityfocus.com/bid/91787
DSA-3436
http://www.debian.org/security/2016/dsa-3436
DSA-3437
http://www.debian.org/security/2016/dsa-3437
DSA-3457
http://www.debian.org/security/2016/dsa-3457
DSA-3458
http://www.debian.org/security/2016/dsa-3458
DSA-3465
http://www.debian.org/security/2016/dsa-3465
DSA-3491
http://www.debian.org/security/2016/dsa-3491
DSA-3688
http://www.debian.org/security/2016/dsa-3688
GLSA-201701-46
https://security.gentoo.org/glsa/201701-46
GLSA-201706-18
https://security.gentoo.org/glsa/201706-18
GLSA-201801-15
https://security.gentoo.org/glsa/201801-15
RHSA-2016:0049
http://rhn.redhat.com/errata/RHSA-2016-0049.html
RHSA-2016:0050
http://rhn.redhat.com/errata/RHSA-2016-0050.html
RHSA-2016:0053
RHSA-2016:0054
RHSA-2016:0055
http://rhn.redhat.com/errata/RHSA-2016-0055.html
RHSA-2016:0056
http://rhn.redhat.com/errata/RHSA-2016-0056.html
RHSA-2016:1430
SUSE-SU-2016:0256
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html
SUSE-SU-2016:0265
SUSE-SU-2016:0269
USN-2863-1
http://www.ubuntu.com/usn/USN-2863-1
USN-2864-1
http://www.ubuntu.com/usn/USN-2864-1
USN-2865-1
http://www.ubuntu.com/usn/USN-2865-1
USN-2866-1
http://www.ubuntu.com/usn/USN-2866-1
USN-2884-1
http://www.ubuntu.com/usn/USN-2884-1
USN-2904-1
http://www.ubuntu.com/usn/USN-2904-1
http://www.mozilla.org/security/announce/2015/mfsa2015-150.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1158489
https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.20.2_release_notes
https://security.netapp.com/advisory/ntap-20160225-0001/
openSUSE-SU-2015:2405
http://lists.opensuse.org/opensuse-updates/2015-12/msg00139.html
openSUSE-SU-2016:0007
http://lists.opensuse.org/opensuse-updates/2016-01/msg00005.html
openSUSE-SU-2016:0161
http://lists.opensuse.org/opensuse-updates/2016-01/msg00058.html
openSUSE-SU-2016:0162
http://lists.opensuse.org/opensuse-updates/2016-01/msg00059.html
openSUSE-SU-2016:0263
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html
openSUSE-SU-2016:0268
openSUSE-SU-2016:0270
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html
openSUSE-SU-2016:0272
openSUSE-SU-2016:0279
openSUSE-SU-2016:0307
http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html
openSUSE-SU-2016:0308
http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html
openSUSE-SU-2016:0488
http://lists.opensuse.org/opensuse-updates/2016-02/msg00101.html
openSUSE-SU-2016:0605
http://lists.opensuse.org/opensuse-updates/2016-02/msg00166.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-0402
BugTraq ID: 81096
http://www.securityfocus.com/bid/81096
Debian Security Information: DSA-3458 (Google Search)
Debian Security Information: DSA-3465 (Google Search)
https://security.gentoo.org/glsa/201610-08
RedHat Security Advisories: RHSA-2016:0049
RedHat Security Advisories: RHSA-2016:0050
RedHat Security Advisories: RHSA-2016:0055
RedHat Security Advisories: RHSA-2016:0056
RedHat Security Advisories: RHSA-2016:0057
http://rhn.redhat.com/errata/RHSA-2016-0057.html
RedHat Security Advisories: RHSA-2016:0067
http://rhn.redhat.com/errata/RHSA-2016-0067.html
http://www.securitytracker.com/id/1034715
SuSE Security Announcement: SUSE-SU-2016:0256 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:0263 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:0270 (Google Search)
http://www.ubuntu.com/usn/USN-2885-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-0448
BugTraq ID: 81123
http://www.securityfocus.com/bid/81123
Common Vulnerability Exposure (CVE) ID: CVE-2016-0466
BugTraq ID: 81118
http://www.securityfocus.com/bid/81118
Common Vulnerability Exposure (CVE) ID: CVE-2016-0483
http://www.zerodayinitiative.com/advisories/ZDI-16-032
Common Vulnerability Exposure (CVE) ID: CVE-2016-0494
CopyrightCopyright (C) 2016 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.