Test Kennung:	1.3.6.1.4.1.25623.1.0.120696
Kategorie:	Amazon Linux Local Security Checks
Titel:	Amazon Linux: Security Advisory (ALAS-2016-707)
Zusammenfassung:	The remote host is missing an update for the 'php55' package(s) announced via the ALAS-2016-707 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'php55' package(s) announced via the ALAS-2016-707 advisory. Vulnerability Insight: The following security-related issues were resolved: Out-of-bounds read in imagescale (CVE-2013-7456) Integer underflow causing arbitrary null write in fread/gzread (CVE-2016-5096) The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive. (CVE-2016-4343) Integer overflow in php_html_entities() (CVE-2016-5094) Integer overflow in php_filter_full_special_chars() (CVE-2016-5095) Out-of-bounds heap read in get_icu_value_internal (CVE-2016-5093) (Updated 2016-06-15: CVE-2016-5095 was fixed in this version, but was not previously listed in this errata.) Affected Software/OS: 'php55' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2013-7456 BugTraq ID: 90859 http://www.securityfocus.com/bid/90859 Debian Security Information: DSA-3587 (Google Search) http://www.debian.org/security/2016/dsa-3587 Debian Security Information: DSA-3602 (Google Search) http://www.debian.org/security/2016/dsa-3602 http://www.openwall.com/lists/oss-security/2016/05/26/3 RedHat Security Advisories: RHSA-2016:2750 http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.ubuntu.com/usn/USN-3030-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-4343 BugTraq ID: 89179 http://www.securityfocus.com/bid/89179 http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://www.openwall.com/lists/oss-security/2016/04/28/2 SuSE Security Announcement: openSUSE-SU-2016:1357 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-05/msg00086.html Common Vulnerability Exposure (CVE) ID: CVE-2016-5093 BugTraq ID: 90946 http://www.securityfocus.com/bid/90946 Common Vulnerability Exposure (CVE) ID: CVE-2016-5094 BugTraq ID: 90857 http://www.securityfocus.com/bid/90857 Common Vulnerability Exposure (CVE) ID: CVE-2016-5095 BugTraq ID: 92144 http://www.securityfocus.com/bid/92144 Common Vulnerability Exposure (CVE) ID: CVE-2016-5096 BugTraq ID: 90861 http://www.securityfocus.com/bid/90861
Copyright	Copyright (C) 2016 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.