ID de Prueba:	1.3.6.1.4.1.25623.1.0.123197
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2015-0092)
Resumen:	The remote host is missing an update for the 'glibc' package(s) announced via the ELSA-2015-0092 advisory.
Descripción:	Summary: The remote host is missing an update for the 'glibc' package(s) announced via the ELSA-2015-0092 advisory. Vulnerability Insight: Oracle Linux 7: [2.17-55.0.4.el7_0.5] - Remove strstr and strcasestr implementations using sse4.2 instructions. - Upstream commits 584b18eb4df61ccd447db2dfe8c8a7901f8c8598 and 1818483b15d22016b0eae41d37ee91cc87b37510 backported. (Jose E. Marchesi) [2.17-55.5] - Rebuild and run regression testing. [2.17-55.4] - Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183535). [2.17-55.3] - Fix wordexp() to honour WRDE_NOCMD (CVE-2014-7817, #1170118) [2.17-55.2] - ftell: seek to end only when there are unflushed bytes (#1170187). [2.17-55.1] - Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475, Oracle Linux 6 : [2.12-1.149.5] - Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183533). Affected Software/OS: 'glibc' package(s) on Oracle Linux 6, Oracle Linux 7. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-0235 http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html BugTraq ID: 72325 http://www.securityfocus.com/bid/72325 BugTraq ID: 91787 http://www.securityfocus.com/bid/91787 Bugtraq: 20150127 GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) (Google Search) http://seclists.org/oss-sec/2015/q1/269 Bugtraq: 20150127 Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow (Google Search) http://seclists.org/oss-sec/2015/q1/274 Bugtraq: 20150311 OpenSSL v1.0.2 for Linux affected by CVE-2015-0235 (Google Search) http://www.securityfocus.com/archive/1/534845/100/0/threaded Bugtraq: 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series (Google Search) https://seclists.org/bugtraq/2019/Jun/14 Cisco Security Advisory: 20150128 GNU glibc gethostbyname Function Buffer Overflow Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost Debian Security Information: DSA-3142 (Google Search) http://www.debian.org/security/2015/dsa-3142 http://seclists.org/fulldisclosure/2015/Jan/111 http://seclists.org/fulldisclosure/2019/Jun/18 http://seclists.org/fulldisclosure/2021/Sep/0 http://seclists.org/fulldisclosure/2022/Jun/36 https://security.gentoo.org/glsa/201503-04 HPdes Security Advisory: HPSBGN03247 http://marc.info/?l=bugtraq&m=142296726407499&w=2 HPdes Security Advisory: HPSBGN03270 http://marc.info/?l=bugtraq&m=142781412222323&w=2 HPdes Security Advisory: HPSBGN03285 http://marc.info/?l=bugtraq&m=142722450701342&w=2 HPdes Security Advisory: HPSBHF03289 http://marc.info/?l=bugtraq&m=142721102728110&w=2 HPdes Security Advisory: HPSBMU03330 http://marc.info/?l=bugtraq&m=143145428124857&w=2 HPdes Security Advisory: SSRT101937 HPdes Security Advisory: SSRT101953 http://www.mandriva.com/security/advisories?name=MDVSA-2015:039 http://packetstormsecurity.com/files/130171/Exim-ESMTP-GHOST-Denial-Of-Service.html http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html http://packetstormsecurity.com/files/130974/Exim-GHOST-glibc-gethostbyname-Buffer-Overflow.html http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability https://www.arista.com/en/support/advisories-notices/security-advisories/1053-security-advisory-9 https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt http://www.openwall.com/lists/oss-security/2021/05/04/7 RedHat Security Advisories: RHSA-2015:0126 http://rhn.redhat.com/errata/RHSA-2015-0126.html http://www.securitytracker.com/id/1032909 http://secunia.com/advisories/62517 http://secunia.com/advisories/62640 http://secunia.com/advisories/62667 http://secunia.com/advisories/62680 http://secunia.com/advisories/62681 http://secunia.com/advisories/62688 http://secunia.com/advisories/62690 http://secunia.com/advisories/62691 http://secunia.com/advisories/62692 http://secunia.com/advisories/62698 http://secunia.com/advisories/62715 http://secunia.com/advisories/62758 http://secunia.com/advisories/62812 http://secunia.com/advisories/62813 http://secunia.com/advisories/62816 http://secunia.com/advisories/62865 http://secunia.com/advisories/62870 http://secunia.com/advisories/62871 http://secunia.com/advisories/62879 http://secunia.com/advisories/62883
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.