Red Hat Local Security Checks : RedHat Update for rest RHSA-2015:2237-03

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.871507

Categoría: Red Hat Local Security Checks

Título: RedHat Update for rest RHSA-2015:2237-03

Resumen: The remote host is missing an update for the 'rest'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'rest'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The rest library was designed to make it
easier to access web services that claim to be RESTful. A RESTful service should
have URLs that represent remote objects, which methods can then be called on.

It was found that the OAuth implementation in librest, a helper library for
RESTful services, incorrectly truncated the pointer returned by the
rest_proxy_call_get_url call. An attacker could use this flaw to crash an
application using the librest library. (CVE-2015-2675)

All users of rest are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
update, all applications using librest must be restarted for the update to
take effect.

Affected Software/OS:
rest on Red Hat Enterprise Linux Server (v. 7)

Solution:
Please Install the Updated Packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-2675
RHSA-2015:2237
http://rhn.redhat.com/errata/RHSA-2015-2237.html
[oss-security] 20150323 Re: CVE request: Invalid pointer dereference in the GNOME librest library
http://www.openwall.com/lists/oss-security/2015/03/23/8
https://bugzilla.gnome.org/show_bug.cgi?id=742644
https://bugzilla.redhat.com/show_bug.cgi?id=1183982
https://bugzilla.redhat.com/show_bug.cgi?id=1199049
https://git.gnome.org/browse/librest/commit/?id=b50ace7738ea03817acdad87fb2b338a86018329

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.871507
Categoría:	Red Hat Local Security Checks
Título:	RedHat Update for rest RHSA-2015:2237-03
Resumen:	The remote host is missing an update for the 'rest'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'rest' package(s) announced via the referenced advisory. Vulnerability Insight: The rest library was designed to make it easier to access web services that claim to be RESTful. A RESTful service should have URLs that represent remote objects, which methods can then be called on. It was found that the OAuth implementation in librest, a helper library for RESTful services, incorrectly truncated the pointer returned by the rest_proxy_call_get_url call. An attacker could use this flaw to crash an application using the librest library. (CVE-2015-2675) All users of rest are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, all applications using librest must be restarted for the update to take effect. Affected Software/OS: rest on Red Hat Enterprise Linux Server (v. 7) Solution: Please Install the Updated Packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-2675 RHSA-2015:2237 http://rhn.redhat.com/errata/RHSA-2015-2237.html [oss-security] 20150323 Re: CVE request: Invalid pointer dereference in the GNOME librest library http://www.openwall.com/lists/oss-security/2015/03/23/8 https://bugzilla.gnome.org/show_bug.cgi?id=742644 https://bugzilla.redhat.com/show_bug.cgi?id=1183982 https://bugzilla.redhat.com/show_bug.cgi?id=1199049 https://git.gnome.org/browse/librest/commit/?id=b50ace7738ea03817acdad87fb2b338a86018329
Copyright	Copyright (C) 2015 Greenbone AG