Test Kennung:	1.3.6.1.4.1.25623.1.0.120511
Kategorie:	Amazon Linux Local Security Checks
Titel:	Amazon Linux: Security Advisory (ALAS-2015-588)
Zusammenfassung:	The remote host is missing an update for the 'golang, docker' package(s) announced via the ALAS-2015-588 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'golang, docker' package(s) announced via the ALAS-2015-588 advisory. Vulnerability Insight: As discussed upstream -- here and here -- the Go project received notification of an HTTP request smuggling vulnerability in the net/http library. Invalid headers are parsed as valid headers (like 'Content Length:' with a space in the middle) and Double Content-length headers in a request does not generate a 400 error, the second Content-length is ignored. Affected Software/OS: 'golang, docker' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-5739 BugTraq ID: 76281 http://www.securityfocus.com/bid/76281 http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168029.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/167997.html http://seclists.org/oss-sec/2015/q3/237 http://seclists.org/oss-sec/2015/q3/292 http://seclists.org/oss-sec/2015/q3/294 RedHat Security Advisories: RHSA-2016:1538 http://rhn.redhat.com/errata/RHSA-2016-1538.html Common Vulnerability Exposure (CVE) ID: CVE-2015-5740 Common Vulnerability Exposure (CVE) ID: CVE-2015-5741 https://bugzilla.redhat.com/show_bug.cgi?id=1250352 https://github.com/golang/go/commit/300d9a21583e7cf0149a778a0611e76ff7c6680f
Copyright	Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.