Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2016-707)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.120696

Categoría: Amazon Linux Local Security Checks

Título: Amazon Linux: Security Advisory (ALAS-2016-707)

Resumen: The remote host is missing an update for the 'php55' package(s) announced via the ALAS-2016-707 advisory.

Descripción: Summary:
The remote host is missing an update for the 'php55' package(s) announced via the ALAS-2016-707 advisory.

Vulnerability Insight:
The following security-related issues were resolved:

Out-of-bounds read in imagescale (CVE-2013-7456)
Integer underflow causing arbitrary null write in fread/gzread (CVE-2016-5096)
The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive. (CVE-2016-4343)
Integer overflow in php_html_entities() (CVE-2016-5094)
Integer overflow in php_filter_full_special_chars() (CVE-2016-5095)
Out-of-bounds heap read in get_icu_value_internal (CVE-2016-5093)

(Updated 2016-06-15: CVE-2016-5095 was fixed in this version, but was not previously listed in this errata.)

Affected Software/OS:
'php55' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-7456
BugTraq ID: 90859
http://www.securityfocus.com/bid/90859
Debian Security Information: DSA-3587 (Google Search)
http://www.debian.org/security/2016/dsa-3587
Debian Security Information: DSA-3602 (Google Search)
http://www.debian.org/security/2016/dsa-3602
http://www.openwall.com/lists/oss-security/2016/05/26/3
RedHat Security Advisories: RHSA-2016:2750
http://rhn.redhat.com/errata/RHSA-2016-2750.html
http://www.ubuntu.com/usn/USN-3030-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-4343
BugTraq ID: 89179
http://www.securityfocus.com/bid/89179
http://php.net/ChangeLog-5.php
http://php.net/ChangeLog-7.php
http://www.openwall.com/lists/oss-security/2016/04/28/2
SuSE Security Announcement: openSUSE-SU-2016:1357 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-05/msg00086.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-5093
BugTraq ID: 90946
http://www.securityfocus.com/bid/90946
Common Vulnerability Exposure (CVE) ID: CVE-2016-5094
BugTraq ID: 90857
http://www.securityfocus.com/bid/90857
Common Vulnerability Exposure (CVE) ID: CVE-2016-5095
BugTraq ID: 92144
http://www.securityfocus.com/bid/92144
Common Vulnerability Exposure (CVE) ID: CVE-2016-5096
BugTraq ID: 90861
http://www.securityfocus.com/bid/90861

Copyright Copyright (C) 2016 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.120696
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2016-707)
Resumen:	The remote host is missing an update for the 'php55' package(s) announced via the ALAS-2016-707 advisory.
Descripción:	Summary: The remote host is missing an update for the 'php55' package(s) announced via the ALAS-2016-707 advisory. Vulnerability Insight: The following security-related issues were resolved: Out-of-bounds read in imagescale (CVE-2013-7456) Integer underflow causing arbitrary null write in fread/gzread (CVE-2016-5096) The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive. (CVE-2016-4343) Integer overflow in php_html_entities() (CVE-2016-5094) Integer overflow in php_filter_full_special_chars() (CVE-2016-5095) Out-of-bounds heap read in get_icu_value_internal (CVE-2016-5093) (Updated 2016-06-15: CVE-2016-5095 was fixed in this version, but was not previously listed in this errata.) Affected Software/OS: 'php55' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-7456 BugTraq ID: 90859 http://www.securityfocus.com/bid/90859 Debian Security Information: DSA-3587 (Google Search) http://www.debian.org/security/2016/dsa-3587 Debian Security Information: DSA-3602 (Google Search) http://www.debian.org/security/2016/dsa-3602 http://www.openwall.com/lists/oss-security/2016/05/26/3 RedHat Security Advisories: RHSA-2016:2750 http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.ubuntu.com/usn/USN-3030-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-4343 BugTraq ID: 89179 http://www.securityfocus.com/bid/89179 http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://www.openwall.com/lists/oss-security/2016/04/28/2 SuSE Security Announcement: openSUSE-SU-2016:1357 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-05/msg00086.html Common Vulnerability Exposure (CVE) ID: CVE-2016-5093 BugTraq ID: 90946 http://www.securityfocus.com/bid/90946 Common Vulnerability Exposure (CVE) ID: CVE-2016-5094 BugTraq ID: 90857 http://www.securityfocus.com/bid/90857 Common Vulnerability Exposure (CVE) ID: CVE-2016-5095 BugTraq ID: 92144 http://www.securityfocus.com/bid/92144 Common Vulnerability Exposure (CVE) ID: CVE-2016-5096 BugTraq ID: 90861 http://www.securityfocus.com/bid/90861
Copyright	Copyright (C) 2016 Greenbone AG