Test ID:	1.3.6.1.4.1.25623.1.0.120655
Category:	Amazon Linux Local Security Checks
Title:	Amazon Linux: Security Advisory (ALAS-2016-665)
Summary:	The remote host is missing an update for the 'bind' package(s) announced via the ALAS-2016-665 advisory.
Description:	Summary: The remote host is missing an update for the 'bind' package(s) announced via the ALAS-2016-665 advisory. Vulnerability Insight: A defect in control channel input handling was discovered which can cause named to exit due to an assertion failure in sexpr.c or alist.c when a malformed packet is sent to named's control channel. If control channel input is accepted from the network (limited to localhost by default), an unauthenticated attacker could cause named to crash. (CVE-2016-1285) An error when parsing signature records for DNAME records having specific properties can lead to named exiting due to an assertion failure in resolver.c or db.c. An attacker able to cause a server to make a query deliberately chosen to generate a malicious response can cause named to stop execution with an assertion failure, resulting in denial of service to clients. (CVE-2016-1286) Affected Software/OS: 'bind' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-1285 Debian Security Information: DSA-3511 (Google Search) http://www.debian.org/security/2016/dsa-3511 http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181037.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178880.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179911.html FreeBSD Security Advisory: FreeBSD-SA-16:13 https://security.FreeBSD.org/advisories/FreeBSD-SA-16:13.bind.asc https://security.gentoo.org/glsa/201610-07 HPdes Security Advisory: HPSBUX03583 http://marc.info/?l=bugtraq&m=146191105921542&w=2 HPdes Security Advisory: SSRT110084 RedHat Security Advisories: RHSA-2016:0562 http://rhn.redhat.com/errata/RHSA-2016-0562.html RedHat Security Advisories: RHSA-2016:0601 http://rhn.redhat.com/errata/RHSA-2016-0601.html http://www.securitytracker.com/id/1035236 SuSE Security Announcement: SUSE-SU-2016:0759 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00046.html SuSE Security Announcement: SUSE-SU-2016:0780 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00053.html SuSE Security Announcement: SUSE-SU-2016:0825 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00070.html SuSE Security Announcement: SUSE-SU-2016:1541 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00013.html SuSE Security Announcement: openSUSE-SU-2016:0827 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00072.html SuSE Security Announcement: openSUSE-SU-2016:0830 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00075.html SuSE Security Announcement: openSUSE-SU-2016:0834 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00079.html SuSE Security Announcement: openSUSE-SU-2016:0859 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00084.html http://www.ubuntu.com/usn/USN-2925-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-1286 http://www.securitytracker.com/id/1035237
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.