 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.120396 |
| Kategorie: | Amazon Linux Local Security Checks |
| Titel: | Amazon Linux: Security Advisory (ALAS-2015-602) |
| Zusammenfassung: | The remote host is missing an update for the 'php55' package(s) announced via the ALAS-2015-602 advisory. |
| Beschreibung: | Summary: The remote host is missing an update for the 'php55' package(s) announced via the ALAS-2015-602 advisory. Vulnerability Insight: As reported upstream, A NULL pointer dereference flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash. (CVE-2015-7803 ) A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-6834, CVE-2015-6835, CVE-2015-6836) A NULL pointer dereference flaw was found in the XSLTProcessor class in PHP. An attacker could use this flaw to cause a PHP application to crash if it performed Extensible Stylesheet Language (XSL) transformations using untrusted XSLT files and allowed the use of PHP functions to be used as XSLT functions within XSL stylesheets. (CVE-2015-6837, CVE-2015-6838) As reported upstream, an uninitialized pointer use flaw was found in the phar_make_dirstream() function of PHP's Phar extension. A specially crafted phar file in the ZIP format with a directory entry with a file name '/ZIP' could cause a PHP application function to crash. (CVE-2015-7804) Affected Software/OS: 'php55' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-6834 BugTraq ID: 76649 http://www.securityfocus.com/bid/76649 Debian Security Information: DSA-3358 (Google Search) http://www.debian.org/security/2015/dsa-3358 https://security.gentoo.org/glsa/201606-10 http://www.securitytracker.com/id/1033548 Common Vulnerability Exposure (CVE) ID: CVE-2015-6835 BugTraq ID: 76734 http://www.securityfocus.com/bid/76734 Common Vulnerability Exposure (CVE) ID: CVE-2015-6836 BugTraq ID: 76644 http://www.securityfocus.com/bid/76644 Common Vulnerability Exposure (CVE) ID: CVE-2015-6837 BugTraq ID: 76738 http://www.securityfocus.com/bid/76738 Common Vulnerability Exposure (CVE) ID: CVE-2015-6838 BugTraq ID: 76733 http://www.securityfocus.com/bid/76733 Common Vulnerability Exposure (CVE) ID: CVE-2015-7803 http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html BugTraq ID: 76959 http://www.securityfocus.com/bid/76959 Debian Security Information: DSA-3380 (Google Search) http://www.debian.org/security/2015/dsa-3380 http://www.openwall.com/lists/oss-security/2015/10/05/8 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.461720 SuSE Security Announcement: SUSE-SU-2016:1145 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html SuSE Security Announcement: openSUSE-SU-2016:0251 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-01/msg00099.html SuSE Security Announcement: openSUSE-SU-2016:0366 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-02/msg00037.html http://www.ubuntu.com/usn/USN-2786-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-7804 |
| Copyright | Copyright (C) 2015 Greenbone AG |
| Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |