ID de Prueba:	1.3.6.1.4.1.25623.1.0.120719
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2016-730)
Resumen:	The remote host is missing an update announced via the referenced Security Advisory.
Descripción:	Summary: The remote host is missing an update announced via the referenced Security Advisory. Vulnerability Insight: curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session. (CVE-2016-5419 )curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. (CVE-2016-5420 )libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors. (CVE-2016-5421 ) Solution: Run yum update curl to update your system. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5421 BugTraq ID: 92306 http://www.securityfocus.com/bid/92306 Debian Security Information: DSA-3638 (Google Search) http://www.debian.org/security/2016/dsa-3638 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLPXQQKURBQFM4XM6645VRPTOE2AWG33/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3GQH4V3XAQ5Z53AMQRDEC3C3UHTW7QR/ https://security.gentoo.org/glsa/201701-47 https://curl.haxx.se/docs/adv_20160803C.html RedHat Security Advisories: RHSA-2018:3558 https://access.redhat.com/errata/RHSA-2018:3558 http://www.securitytracker.com/id/1036536 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.563059 SuSE Security Announcement: openSUSE-SU-2016:2227 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-09/msg00011.html SuSE Security Announcement: openSUSE-SU-2016:2379 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html http://www.ubuntu.com/usn/USN-3048-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-5420 BugTraq ID: 92309 http://www.securityfocus.com/bid/92309 https://curl.haxx.se/docs/adv_20160803B.html RedHat Security Advisories: RHSA-2016:2575 http://rhn.redhat.com/errata/RHSA-2016-2575.html RedHat Security Advisories: RHSA-2016:2957 http://rhn.redhat.com/errata/RHSA-2016-2957.html http://www.securitytracker.com/id/1036537 http://www.securitytracker.com/id/1036739 Common Vulnerability Exposure (CVE) ID: CVE-2016-5419 BugTraq ID: 92292 http://www.securityfocus.com/bid/92292 BugTraq ID: 92319 http://www.securityfocus.com/bid/92319 https://curl.haxx.se/docs/adv_20160803A.html http://www.securitytracker.com/id/1036538 http://www.securitytracker.com/id/1038341
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.