ID de Prueba:	1.3.6.1.4.1.25623.1.0.120687
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2016-698)
Resumen:	The remote host is missing an update for the 'php56, php55' package(s) announced via the ALAS-2016-698 advisory.
Descripción:	Summary: The remote host is missing an update for the 'php56, php55' package(s) announced via the ALAS-2016-698 advisory. Vulnerability Insight: The following security-related issues were resolved: Buffer over-write in finfo_open with malformed magic file (CVE-2015-8865) Signedness vulnerability causing heap overflow in libgd (CVE-2016-3074) Integer overflow in php_raw_url_encode (CVE-2016-4070) Format string vulnerability in php_snmp_error() (CVE-2016-4071) Invalid memory write in phar on filename containing \\0 inside name (CVE-2016-4072) Negative size parameter in memcpy (CVE-2016-4073) Affected Software/OS: 'php56, php55' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-8865 http://lists.apple.com/archives/security-announce/2016/May/msg00004.html BugTraq ID: 85802 http://www.securityfocus.com/bid/85802 Debian Security Information: DSA-3560 (Google Search) http://www.debian.org/security/2016/dsa-3560 https://security.gentoo.org/glsa/201611-22 https://security.gentoo.org/glsa/201701-42 http://www.openwall.com/lists/oss-security/2016/04/24/1 RedHat Security Advisories: RHSA-2016:2750 http://rhn.redhat.com/errata/RHSA-2016-2750.html SuSE Security Announcement: openSUSE-SU-2016:1167 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html http://www.ubuntu.com/usn/USN-2952-1 http://www.ubuntu.com/usn/USN-2952-2 https://usn.ubuntu.com/3686-1/ https://usn.ubuntu.com/3686-2/ Common Vulnerability Exposure (CVE) ID: CVE-2016-3074 BugTraq ID: 87087 http://www.securityfocus.com/bid/87087 Bugtraq: 20160421 CVE-2016-3074: libgd: signedness vulnerability (Google Search) http://www.securityfocus.com/archive/1/538160/100/0/threaded Debian Security Information: DSA-3556 (Google Search) http://www.debian.org/security/2016/dsa-3556 Debian Security Information: DSA-3602 (Google Search) http://www.debian.org/security/2016/dsa-3602 https://www.exploit-db.com/exploits/39736/ http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183724.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183263.html http://seclists.org/fulldisclosure/2016/Apr/72 https://security.gentoo.org/glsa/201607-04 http://packetstormsecurity.com/files/136757/libgd-2.1.1-Signedness.html http://www.securitytracker.com/id/1035659 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.383127 SuSE Security Announcement: openSUSE-SU-2016:1274 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.html http://www.ubuntu.com/usn/USN-2987-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-4070 BugTraq ID: 85801 http://www.securityfocus.com/bid/85801 SuSE Security Announcement: SUSE-SU-2016:1277 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00033.html SuSE Security Announcement: openSUSE-SU-2016:1373 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.html Common Vulnerability Exposure (CVE) ID: CVE-2016-4071 BugTraq ID: 85800 http://www.securityfocus.com/bid/85800 https://www.exploit-db.com/exploits/39645/ Common Vulnerability Exposure (CVE) ID: CVE-2016-4072 BugTraq ID: 85993 http://www.securityfocus.com/bid/85993 Common Vulnerability Exposure (CVE) ID: CVE-2016-4073 BugTraq ID: 85991 http://www.securityfocus.com/bid/85991
Copyright	Copyright (C) 2016 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.