Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2016-0465)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.122910

Categoría: Oracle Linux Local Security Checks

Título: Oracle: Security Advisory (ELSA-2016-0465)

Resumen: The remote host is missing an update for the 'openssh' package(s) announced via the ELSA-2016-0465 advisory.

Descripción: Summary:
The remote host is missing an update for the 'openssh' package(s) announced via the ELSA-2016-0465 advisory.

Vulnerability Insight:
[6.6.1p1-25 + 0.9.3-9]
- CVE-2016-1908: possible fallback from untrusted to trusted X11 forwarding (#1298741)

[6.6.1p1-24 + 0.9.3-9]
- CVE-2016-3115: missing sanitisation of input for X11 forwarding (#1317818)

Affected Software/OS:
'openssh' package(s) on Oracle Linux 7.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-1908
BugTraq ID: 84427
http://www.securityfocus.com/bid/84427
https://security.gentoo.org/glsa/201612-18
https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
http://openwall.com/lists/oss-security/2016/01/15/13
RedHat Security Advisories: RHSA-2016:0465
http://rhn.redhat.com/errata/RHSA-2016-0465.html
RedHat Security Advisories: RHSA-2016:0741
http://rhn.redhat.com/errata/RHSA-2016-0741.html
http://www.securitytracker.com/id/1034705
Common Vulnerability Exposure (CVE) ID: CVE-2016-3115
BugTraq ID: 84314
http://www.securityfocus.com/bid/84314
https://www.exploit-db.com/exploits/39569/
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html
FreeBSD Security Advisory: FreeBSD-SA-16:14
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc
http://seclists.org/fulldisclosure/2016/Mar/46
http://seclists.org/fulldisclosure/2016/Mar/47
http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html
https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115
RedHat Security Advisories: RHSA-2016:0466
http://rhn.redhat.com/errata/RHSA-2016-0466.html
http://www.securitytracker.com/id/1035249

Copyright Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.122910
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2016-0465)
Resumen:	The remote host is missing an update for the 'openssh' package(s) announced via the ELSA-2016-0465 advisory.
Descripción:	Summary: The remote host is missing an update for the 'openssh' package(s) announced via the ELSA-2016-0465 advisory. Vulnerability Insight: [6.6.1p1-25 + 0.9.3-9] - CVE-2016-1908: possible fallback from untrusted to trusted X11 forwarding (#1298741) [6.6.1p1-24 + 0.9.3-9] - CVE-2016-3115: missing sanitisation of input for X11 forwarding (#1317818) Affected Software/OS: 'openssh' package(s) on Oracle Linux 7. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-1908 BugTraq ID: 84427 http://www.securityfocus.com/bid/84427 https://security.gentoo.org/glsa/201612-18 https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html http://openwall.com/lists/oss-security/2016/01/15/13 RedHat Security Advisories: RHSA-2016:0465 http://rhn.redhat.com/errata/RHSA-2016-0465.html RedHat Security Advisories: RHSA-2016:0741 http://rhn.redhat.com/errata/RHSA-2016-0741.html http://www.securitytracker.com/id/1034705 Common Vulnerability Exposure (CVE) ID: CVE-2016-3115 BugTraq ID: 84314 http://www.securityfocus.com/bid/84314 https://www.exploit-db.com/exploits/39569/ http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html FreeBSD Security Advisory: FreeBSD-SA-16:14 https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc http://seclists.org/fulldisclosure/2016/Mar/46 http://seclists.org/fulldisclosure/2016/Mar/47 http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115 RedHat Security Advisories: RHSA-2016:0466 http://rhn.redhat.com/errata/RHSA-2016-0466.html http://www.securitytracker.com/id/1035249
Copyright	Copyright (C) 2016 Greenbone AG