English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.120690
Categoría:Amazon Linux Local Security Checks
Título:Amazon Linux: Security Advisory (ALAS-2016-701)
Resumen:The remote host is missing an update for the 'mysql56' package(s) announced via the ALAS-2016-701 advisory.
Descripción:Summary:
The remote host is missing an update for the 'mysql56' package(s) announced via the ALAS-2016-701 advisory.

Vulnerability Insight:
A double-free flaw was found in the way OpenSSL parsed certain malformed DSA (Digital Signature Algorithm) private keys. An attacker could create specially crafted DSA private keys that, when processed by an application compiled against OpenSSL, could cause the application to crash. (CVE-2016-0705)

The ssl_verify_server_cert function in sql-common/client.c in Oracle MySQL 5.6.29 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a '/CN=' string in a field in a certificate, as demonstrated by '/OU=/CN=bar.com/CN=foo.com'. (CVE-2016-2047)

Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Pluggable Authentication. (CVE-2016-0639)

Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier allows local users to affect availability via vectors related to FTS. (CVE-2016-0647)

Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier allows local users to affect integrity and availability via vectors related to Federated. (CVE-2016-0642)

Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier allows local users to affect confidentiality via vectors related to DML. (CVE-2016-0643)

Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier allows local users to affect availability via vectors related to Security: Privileges. (CVE-2016-0666)

Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier allows local users to affect availability via vectors related to PS. (CVE-2016-0648)

Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier allows local users to affect availability via vectors related to InnoDB. (CVE-2016-0655)

Affected Software/OS:
'mysql56' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-0639
BugTraq ID: 86418
http://www.securityfocus.com/bid/86418
RedHat Security Advisories: RHSA-2016:0705
http://rhn.redhat.com/errata/RHSA-2016-0705.html
http://www.securitytracker.com/id/1035606
SuSE Security Announcement: openSUSE-SU-2016:1332 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html
http://www.ubuntu.com/usn/USN-2953-1
http://www.ubuntu.com/usn/USN-2954-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-0642
BugTraq ID: 86445
http://www.securityfocus.com/bid/86445
Debian Security Information: DSA-3557 (Google Search)
http://www.debian.org/security/2016/dsa-3557
RedHat Security Advisories: RHSA-2016:0534
http://rhn.redhat.com/errata/RHSA-2016-0534.html
RedHat Security Advisories: RHSA-2016:1132
https://access.redhat.com/errata/RHSA-2016:1132
RedHat Security Advisories: RHSA-2016:1480
http://rhn.redhat.com/errata/RHSA-2016-1480.html
RedHat Security Advisories: RHSA-2016:1481
http://rhn.redhat.com/errata/RHSA-2016-1481.html
SuSE Security Announcement: SUSE-SU-2016:1279 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html
SuSE Security Announcement: SUSE-SU-2016:1619 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html
SuSE Security Announcement: SUSE-SU-2016:1620 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html
SuSE Security Announcement: openSUSE-SU-2016:1664 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html
SuSE Security Announcement: openSUSE-SU-2016:1686 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-0643
BugTraq ID: 86486
http://www.securityfocus.com/bid/86486
Debian Security Information: DSA-3595 (Google Search)
http://www.debian.org/security/2016/dsa-3595
RedHat Security Advisories: RHSA-2016:1602
http://rhn.redhat.com/errata/RHSA-2016-1602.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-0647
BugTraq ID: 86495
http://www.securityfocus.com/bid/86495
Common Vulnerability Exposure (CVE) ID: CVE-2016-0648
BugTraq ID: 86457
http://www.securityfocus.com/bid/86457
Common Vulnerability Exposure (CVE) ID: CVE-2016-0655
BugTraq ID: 86424
http://www.securityfocus.com/bid/86424
Common Vulnerability Exposure (CVE) ID: CVE-2016-0666
BugTraq ID: 86509
http://www.securityfocus.com/bid/86509
Common Vulnerability Exposure (CVE) ID: CVE-2016-0705
BugTraq ID: 83754
http://www.securityfocus.com/bid/83754
BugTraq ID: 91787
http://www.securityfocus.com/bid/91787
Cisco Security Advisory: 20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl
Debian Security Information: DSA-3500 (Google Search)
http://www.debian.org/security/2016/dsa-3500
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html
FreeBSD Security Advisory: FreeBSD-SA-16:12
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc
https://security.gentoo.org/glsa/201603-15
HPdes Security Advisory: HPSBGN03563
http://marc.info/?l=bugtraq&m=145889460330120&w=2
HPdes Security Advisory: HPSBGN03569
http://marc.info/?l=bugtraq&m=145983526810210&w=2
HPdes Security Advisory: HPSBMU03575
http://marc.info/?l=bugtraq&m=146108058503441&w=2
RedHat Security Advisories: RHSA-2016:2957
http://rhn.redhat.com/errata/RHSA-2016-2957.html
RedHat Security Advisories: RHSA-2018:2568
https://access.redhat.com/errata/RHSA-2018:2568
RedHat Security Advisories: RHSA-2018:2575
https://access.redhat.com/errata/RHSA-2018:2575
RedHat Security Advisories: RHSA-2018:2713
https://access.redhat.com/errata/RHSA-2018:2713
http://www.securitytracker.com/id/1035133
SuSE Security Announcement: SUSE-SU-2016:0617 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html
SuSE Security Announcement: SUSE-SU-2016:0620 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html
SuSE Security Announcement: SUSE-SU-2016:0621 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html
SuSE Security Announcement: SUSE-SU-2016:0624 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html
SuSE Security Announcement: SUSE-SU-2016:0631 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html
SuSE Security Announcement: SUSE-SU-2016:1057 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html
SuSE Security Announcement: openSUSE-SU-2016:0627 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html
SuSE Security Announcement: openSUSE-SU-2016:0628 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html
SuSE Security Announcement: openSUSE-SU-2016:0637 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
SuSE Security Announcement: openSUSE-SU-2016:0638 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html
SuSE Security Announcement: openSUSE-SU-2016:1566 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html
http://www.ubuntu.com/usn/USN-2914-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-2047
BugTraq ID: 81810
http://www.securityfocus.com/bid/81810
Debian Security Information: DSA-3453 (Google Search)
http://www.debian.org/security/2016/dsa-3453
http://www.openwall.com/lists/oss-security/2016/01/26/3
CopyrightCopyright (C) 2016 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.