Test Kennung:	1.3.6.1.4.1.25623.1.0.120687
Kategorie:	Amazon Linux Local Security Checks
Titel:	Amazon Linux: Security Advisory (ALAS-2016-698)
Zusammenfassung:	The remote host is missing an update for the 'php56, php55' package(s) announced via the ALAS-2016-698 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'php56, php55' package(s) announced via the ALAS-2016-698 advisory. Vulnerability Insight: The following security-related issues were resolved: Buffer over-write in finfo_open with malformed magic file (CVE-2015-8865) Signedness vulnerability causing heap overflow in libgd (CVE-2016-3074) Integer overflow in php_raw_url_encode (CVE-2016-4070) Format string vulnerability in php_snmp_error() (CVE-2016-4071) Invalid memory write in phar on filename containing \\0 inside name (CVE-2016-4072) Negative size parameter in memcpy (CVE-2016-4073) Affected Software/OS: 'php56, php55' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-8865 http://lists.apple.com/archives/security-announce/2016/May/msg00004.html BugTraq ID: 85802 http://www.securityfocus.com/bid/85802 Debian Security Information: DSA-3560 (Google Search) http://www.debian.org/security/2016/dsa-3560 https://security.gentoo.org/glsa/201611-22 https://security.gentoo.org/glsa/201701-42 http://www.openwall.com/lists/oss-security/2016/04/24/1 RedHat Security Advisories: RHSA-2016:2750 http://rhn.redhat.com/errata/RHSA-2016-2750.html SuSE Security Announcement: openSUSE-SU-2016:1167 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html http://www.ubuntu.com/usn/USN-2952-1 http://www.ubuntu.com/usn/USN-2952-2 https://usn.ubuntu.com/3686-1/ https://usn.ubuntu.com/3686-2/ Common Vulnerability Exposure (CVE) ID: CVE-2016-3074 BugTraq ID: 87087 http://www.securityfocus.com/bid/87087 Bugtraq: 20160421 CVE-2016-3074: libgd: signedness vulnerability (Google Search) http://www.securityfocus.com/archive/1/538160/100/0/threaded Debian Security Information: DSA-3556 (Google Search) http://www.debian.org/security/2016/dsa-3556 Debian Security Information: DSA-3602 (Google Search) http://www.debian.org/security/2016/dsa-3602 https://www.exploit-db.com/exploits/39736/ http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183724.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183263.html http://seclists.org/fulldisclosure/2016/Apr/72 https://security.gentoo.org/glsa/201607-04 http://packetstormsecurity.com/files/136757/libgd-2.1.1-Signedness.html http://www.securitytracker.com/id/1035659 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.383127 SuSE Security Announcement: openSUSE-SU-2016:1274 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.html http://www.ubuntu.com/usn/USN-2987-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-4070 BugTraq ID: 85801 http://www.securityfocus.com/bid/85801 SuSE Security Announcement: SUSE-SU-2016:1277 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00033.html SuSE Security Announcement: openSUSE-SU-2016:1373 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.html Common Vulnerability Exposure (CVE) ID: CVE-2016-4071 BugTraq ID: 85800 http://www.securityfocus.com/bid/85800 https://www.exploit-db.com/exploits/39645/ Common Vulnerability Exposure (CVE) ID: CVE-2016-4072 BugTraq ID: 85993 http://www.securityfocus.com/bid/85993 Common Vulnerability Exposure (CVE) ID: CVE-2016-4073 BugTraq ID: 85991 http://www.securityfocus.com/bid/85991
Copyright	Copyright (C) 2016 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.