Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2016-655)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.120645

Kategorie: Amazon Linux Local Security Checks

Titel: Amazon Linux: Security Advisory (ALAS-2016-655)

Zusammenfassung: The remote host is missing an update for the 'nginx' package(s) announced via the ALAS-2016-655 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'nginx' package(s) announced via the ALAS-2016-655 advisory.

Vulnerability Insight:
It was discovered that nginx could perform an out of bound read and dereference an invalid pointer when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash if nginx enabled the resolver in its configuration. (CVE-2016-0742)

A use-after-free flaw was found in the way nginx resolved certain CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash or, possibly, execute arbitrary code if nginx enabled the resolver in its configuration. (CVE-2016-0746)

It was discovered that nginx did not limit recursion when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to use an excessive amount of resources if nginx enabled the resolver in its configuration. (CVE-2016-0747)

Affected Software/OS:
'nginx' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-0742
Debian Security Information: DSA-3473 (Google Search)
http://www.debian.org/security/2016/dsa-3473
http://seclists.org/fulldisclosure/2021/Sep/36
https://security.gentoo.org/glsa/201606-06
http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html
RedHat Security Advisories: RHSA-2016:1425
https://access.redhat.com/errata/RHSA-2016:1425
http://www.securitytracker.com/id/1034869
SuSE Security Announcement: openSUSE-SU-2016:0371 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html
http://www.ubuntu.com/usn/USN-2892-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-0746
Common Vulnerability Exposure (CVE) ID: CVE-2016-0747

Copyright Copyright (C) 2016 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.120645
Kategorie:	Amazon Linux Local Security Checks
Titel:	Amazon Linux: Security Advisory (ALAS-2016-655)
Zusammenfassung:	The remote host is missing an update for the 'nginx' package(s) announced via the ALAS-2016-655 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'nginx' package(s) announced via the ALAS-2016-655 advisory. Vulnerability Insight: It was discovered that nginx could perform an out of bound read and dereference an invalid pointer when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash if nginx enabled the resolver in its configuration. (CVE-2016-0742) A use-after-free flaw was found in the way nginx resolved certain CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash or, possibly, execute arbitrary code if nginx enabled the resolver in its configuration. (CVE-2016-0746) It was discovered that nginx did not limit recursion when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to use an excessive amount of resources if nginx enabled the resolver in its configuration. (CVE-2016-0747) Affected Software/OS: 'nginx' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-0742 Debian Security Information: DSA-3473 (Google Search) http://www.debian.org/security/2016/dsa-3473 http://seclists.org/fulldisclosure/2021/Sep/36 https://security.gentoo.org/glsa/201606-06 http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html RedHat Security Advisories: RHSA-2016:1425 https://access.redhat.com/errata/RHSA-2016:1425 http://www.securitytracker.com/id/1034869 SuSE Security Announcement: openSUSE-SU-2016:0371 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html http://www.ubuntu.com/usn/USN-2892-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-0746 Common Vulnerability Exposure (CVE) ID: CVE-2016-0747
Copyright	Copyright (C) 2016 Greenbone AG