McAfee Foundstone FSL Update · 2016-JAN-20 FSL version 7.5.787 MCAFEE FOUNDSTONE FSL UPDATE To...

2016-JAN-20FSL version 7.5.787

MCAFEE FOUNDSTONE FSL UPDATE

To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary of the new and updated checks included with this release.

NEW CHECKS

144137 - SuSE Linux 13.1, 13.2 openSUSE-SU-2016:0163-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2015-3406, CVE-2015-3407, CVE-2015-3408, CVE-2015-3409

DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2016:0163-1

ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

http://lists.opensuse.org/opensuse-updates/2016-01/msg00060.html

SuSE Linux 13.1noarchperl-Module-Signature-0.79-2.4.1

SuSE Linux 13.2noarchperl-Module-Signature-0.79-4.4.1

144147 - SuSE SLES 10 SP4 SUSE-SU-2016:0113-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4810, CVE-2015-4835, CVE-2015-4840, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4871, CVE-2015-4872, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4902, CVE-2015-4903, CVE-2015-4911, CVE-2015-5006

DescriptionThe scan detected that the host is missing the following update:SUSE-SU-2016:0113-1


http://lists.suse.com/pipermail/sle-security-updates/2016-January/001800.html

SuSE SLES 10 SP4i586

java-1_6_0-ibm-plugin-1.6.0_sr16.15-0.16.1java-1_6_0-ibm-devel-1.6.0_sr16.15-0.16.1java-1_6_0-ibm-alsa-1.6.0_sr16.15-0.16.1java-1_6_0-ibm-1.6.0_sr16.15-0.16.1java-1_6_0-ibm-fonts-1.6.0_sr16.15-0.16.1java-1_6_0-ibm-jdbc-1.6.0_sr16.15-0.16.1

x86_64java-1_6_0-ibm-plugin-1.6.0_sr16.15-0.16.1java-1_6_0-ibm-devel-1.6.0_sr16.15-0.16.1java-1_6_0-ibm-1.6.0_sr16.15-0.16.1java-1_6_0-ibm-alsa-32bit-1.6.0_sr16.15-0.16.1java-1_6_0-ibm-devel-32bit-1.6.0_sr16.15-0.16.1java-1_6_0-ibm-fonts-1.6.0_sr16.15-0.16.1java-1_6_0-ibm-plugin-32bit-1.6.0_sr16.15-0.16.1java-1_6_0-ibm-jdbc-1.6.0_sr16.15-0.16.1java-1_6_0-ibm-32bit-1.6.0_sr16.15-0.16.1

181780 - FreeBSD libproxy Stack-based Buffer Overflow (3b5c2362-bd07-11e5-b7ef-5453ed2e2b49)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: High CVE: CVE-2012-4504

DescriptionThe scan detected that the host is missing the following update:libproxy -- stack-based buffer overflow (3b5c2362-bd07-11e5-b7ef-5453ed2e2b49)


http://www.vuxml.org/freebsd/3b5c2362-bd07-11e5-b7ef-5453ed2e2b49.html

Affected packages: 0.4.0 <= libproxy < 0.4.6_10.4.0 <= libproxy-gnome < 0.4.6_20.4.0 <= libproxy-kde < 0.4.6_60.4.0 <= libproxy-perl < 0.4.6_30.4.0 <= libproxy-webkit < 0.4.6_4

185124 - Ubuntu Linux 12.04, 14.04, 15.04, 15.10 USN-2859-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: High CVE: CVE-2015-7201, CVE-2015-7205, CVE-2015-7212, CVE-2015-7213, CVE-2015-7214

DescriptionThe scan detected that the host is missing the following update:USN-2859-1


https://lists.ubuntu.com/archives/ubuntu-security-announce/2016-January/003260.html

Ubuntu 12.04

thunderbird_38.5.1+build2-0ubuntu0.12.04.1

Ubuntu 15.04


Ubuntu 15.10


Ubuntu 14.04


130365 - Debian Linux 7.0, 8.0 DSA-3445-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: High CVE: CVE-2015-8557

DescriptionThe scan detected that the host is missing the following update:DSA-3445-1


http://www.debian.org/security/2016/dsa-3445

Debian 8.0allpython-pygments-doc_2.0.1+dfsg-1.1+deb8u1python3-pygments_2.0.1+dfsg-1.1+deb8u1python-pygments_2.0.1+dfsg-1.1+deb8u1

Debian 7.0allpython-pygments_1.5+dfsg-1+deb7u1python3-pygments_1.5+dfsg-1+deb7u1

19475 - (HPSBUX03529) HP-UX BIND Remote Denial of Service Vulnerability

Category: SSH Module -> NonIntrusive -> HP-UX Patches and Hotfixes Risk Level: High CVE: CVE-2015-5722, CVE-2015-8000

DescriptionMultiple vulnerabilities are present in some versions of HP-UX.

ObservationHP-UX is an Unix-like operating system.

Multiple vulnerabilities are present in some versions of HP-UX. The flaws lie in the BIND service. Successful exploitation could allow an attacker to cause a denial of service condition.

19564 - IPSwitch WhatsUp Gold Multiple Vulnerabilities Prior To 16.4

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2015-6004, CVE-2015-6005, CVE-2015-8261

DescriptionMultiple vulnerabilities are present in some versions of Ipswitch WhatsUp Gold.

ObservationIpswitch WhatsUp Gold is a network management and monitoring software for Windows environments.

Multiple vulnerabilities are present in some versions of WhatsUp Gold. The flaws lie in how the SOAP request handler "DroneDeleteOldMeasurements" validates serialized data and in how the product fails in the validation of user inputs in some fields. Successful exploitation could allow an attacker to execute arbitrary SQL commands or conduct XSS attacks, leading to the disclosure of sensitive information or to a denial of service condition. Exploitation requires an attacker to send a crafted SOAP request through the "DroneDeleteOldMeasurements" handler; mischievous SQL inputs through the "Find Device" and "UniqueID" GUI fields or to inject arbitrary web script or HTML via several input fields.

19566 - (JSA10721) Juniper Junos SRX Series RTSP Packets Processing Denial of Service Vulnerability

Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: High CVE: CVE-2016-1262

DescriptionA denial of service vulnerability is present in some versions of Juniper Junos.

ObservationJuniper Junos is an operating system used in Juniper device.

A denial of service vulnerability is present in some versions of Juniper Junos. The flaw lies in Real Time Streaming Protocol Application Layer Gateway. Successful exploitation could allow an attacker to cause the flowd process to crash.

19493 - (SOL05770600) F5 BIG-IP Linux Libuser Vulnerabilities

Category: SSH Module -> NonIntrusive -> F5 Risk Level: High CVE: CVE-2015-3245, CVE-2015-3246

DescriptionMultiple vulnerabilities are present in some versions of F5 BIG-IP products.

ObservationF5's BIG-IP product is a network appliance that runs F5's Traffic Management Operating System.

Multiple vulnerabilities are present in some versions of F5 BIG-IP products. The flaws lie in the libuser component. Successful exploitation could allow an attacker to cause a denial of service condition or to possibly escalate privileges. The attacker needs to be in the local network in order to trigger these vulnerabilities.

19494 - (SOL76930736) F5 BIG-IP Libpng Vulnerability

Category: SSH Module -> NonIntrusive -> F5 Risk Level: High CVE: CVE-2015-8126

DescriptionMultiple buffer overflow vulnerabilities are present in some versions of F5 BIG-IP products.


Multiple buffer overflow vulnerabilities are present in some versions of F5 BIG-IP products. The flaws lie in the libpng component. Successful exploitation could allow an attacker to cause a denial of service condition.

19569 - (JSA10718) Juniper Junos ISC BIND Named Vulnerability



ObservationJuniper Junos is an operating system used in Juniper devices.

A denial of service vulnerability is present in some versions of Juniper Junos. The flaw is due to improper handling of queries for TKEY records. Successful exploitation could allow an attacker to cause a denial of service condition.

19570 - (JSA10715) Juniper Junos LDP Packets Processing Denial of Service Vulnerability




A denial of service vulnerability is present in some versions of Juniper Junos. The flaw is due to improper handling of LDP packets. Successful exploitation could allow an attacker to cause a denial of service condition.

135117 - Oracle Solaris 11.3 Update Is Not Installed (CVE-2016-0403)

Category: SSH Module -> NonIntrusive -> Solaris Patches and Hotfixes Risk Level: High CVE: CVE-2016-0403

Description

The scan detected that the host is missing the following update:SRU 11.3


https://support.oracle.com/epmos/faces/DocumentDisplay?id=2091648.1&_adf.ctrl-state=qldn3xhrz_4&_afrLoop=348336903209252



DescriptionThe scan detected that the host is missing the following update:SRU 11.3








141060 - Red Hat Enterprise Linux RHSA-2016-0045 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2015-5364, CVE-2015-5366

DescriptionThe scan detected that the host is missing the following update:RHSA-2016-0045

ObservationUpdates often remediate critical security problems that should be quickly addressed.

For more information see:

https://rhn.redhat.com/errata/RHSA-2016-0045.html

RHEL5Di386kernel-xen-devel-2.6.18-408.el5kernel-xen-debuginfo-2.6.18-408.el5kernel-debuginfo-common-2.6.18-408.el5kernel-debug-2.6.18-408.el5kernel-devel-2.6.18-408.el5kernel-PAE-debuginfo-2.6.18-408.el5kernel-debug-devel-2.6.18-408.el5kernel-headers-2.6.18-408.el5kernel-xen-2.6.18-408.el5kernel-PAE-2.6.18-408.el5kernel-PAE-devel-2.6.18-408.el5kernel-debug-debuginfo-2.6.18-408.el5kernel-debuginfo-2.6.18-408.el5kernel-2.6.18-408.el5

noarchkernel-doc-2.6.18-408.el5

x86_64kernel-xen-2.6.18-408.el5kernel-debug-debuginfo-2.6.18-408.el5kernel-xen-devel-2.6.18-408.el5kernel-devel-2.6.18-408.el5kernel-debug-devel-2.6.18-408.el5kernel-xen-debuginfo-2.6.18-408.el5kernel-headers-2.6.18-408.el5kernel-2.6.18-408.el5kernel-debug-2.6.18-408.el5kernel-debuginfo-common-2.6.18-408.el5kernel-debuginfo-2.6.18-408.el5

RHEL5Snoarchkernel-doc-2.6.18-408.el5


i386kernel-xen-devel-2.6.18-408.el5kernel-xen-debuginfo-2.6.18-408.el5kernel-debuginfo-common-2.6.18-408.el5kernel-debug-2.6.18-408.el5kernel-devel-2.6.18-408.el5

kernel-PAE-debuginfo-2.6.18-408.el5kernel-debug-devel-2.6.18-408.el5kernel-headers-2.6.18-408.el5kernel-xen-2.6.18-408.el5kernel-PAE-2.6.18-408.el5kernel-PAE-devel-2.6.18-408.el5kernel-debug-debuginfo-2.6.18-408.el5kernel-debuginfo-2.6.18-408.el5kernel-2.6.18-408.el5


Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2015-6764, CVE-2015-8027




SuSE Linux 13.1i586nodejs-devel-4.2.4-9.1nodejs-4.2.4-9.1nodejs-debuginfo-4.2.4-9.1nodejs-debugsource-4.2.4-9.1

noarchnodejs-doc-4.2.4-9.1

x86_64nodejs-devel-4.2.4-9.1nodejs-4.2.4-9.1nodejs-debuginfo-4.2.4-9.1nodejs-debugsource-4.2.4-9.1

SuSE Linux 13.2i586nodejs-devel-4.2.4-9.1nodejs-4.2.4-9.1nodejs-debuginfo-4.2.4-9.1nodejs-debugsource-4.2.4-9.1

noarchnodejs-doc-4.2.4-9.1

x86_64nodejs-devel-4.2.4-9.1nodejs-4.2.4-9.1nodejs-debuginfo-4.2.4-9.1nodejs-debugsource-4.2.4-9.1

144141 - SuSE SLES 12, SLED 12 SUSE-SU-2016:0121-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2015-4792, CVE-2015-4802, CVE-2015-4807, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4879, CVE-2015-4895, CVE-2015-4913




SuSE SLED 12x86_64mariadb-debugsource-10.0.22-20.3.1libmysqlclient18-10.0.22-20.3.1mariadb-errormessages-10.0.22-20.3.1mariadb-10.0.22-20.3.1mariadb-debuginfo-10.0.22-20.3.1libmysqlclient18-debuginfo-32bit-10.0.22-20.3.1libmysqlclient_r18-10.0.22-20.3.1libmysqlclient18-32bit-10.0.22-20.3.1mariadb-client-10.0.22-20.3.1libmysqlclient18-debuginfo-10.0.22-20.3.1mariadb-client-debuginfo-10.0.22-20.3.1libmysqlclient_r18-32bit-10.0.22-20.3.1

SuSE SLES 12x86_64mariadb-debugsource-10.0.22-20.3.1libmysqlclient18-10.0.22-20.3.1mariadb-10.0.22-20.3.1mariadb-debuginfo-10.0.22-20.3.1mariadb-errormessages-10.0.22-20.3.1libmysqlclient18-32bit-10.0.22-20.3.1libmysqlclient18-debuginfo-32bit-10.0.22-20.3.1mariadb-client-10.0.22-20.3.1libmysqlclient18-debuginfo-10.0.22-20.3.1mariadb-client-debuginfo-10.0.22-20.3.1mariadb-tools-10.0.22-20.3.1mariadb-tools-debuginfo-10.0.22-20.3.1


Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-MAP-NOMATCH




SuSE Linux 13.1x86_64libebml4-debuginfo-32bit-1.3.3-3.3.1libebml4-32bit-1.3.3-3.3.1libebml4-1.3.3-3.3.1libebml4-debuginfo-1.3.3-3.3.1libmatroska-debugsource-1.4.4-2.3.1libmatroska-devel-1.4.4-2.3.1libebml-devel-1.3.3-3.3.1libmatroska6-1.4.4-2.3.1libmatroska6-debuginfo-1.4.4-2.3.1libmatroska6-debuginfo-32bit-1.4.4-2.3.1libmatroska6-32bit-1.4.4-2.3.1libebml-debugsource-1.3.3-3.3.1

i586libebml4-1.3.3-3.3.1libebml4-debuginfo-1.3.3-3.3.1libmatroska-debugsource-1.4.4-2.3.1libmatroska-devel-1.4.4-2.3.1libebml-devel-1.3.3-3.3.1libmatroska6-1.4.4-2.3.1libmatroska6-debuginfo-1.4.4-2.3.1libebml-debugsource-1.3.3-3.3.1

SuSE Linux 13.2x86_64libmatroska-debugsource-1.4.4-7.3.1libmatroska6-debuginfo-1.4.4-7.3.1libebml4-debuginfo-1.3.3-9.3.1libmatroska6-debuginfo-32bit-1.4.4-7.3.1libebml-devel-1.3.3-9.3.1libebml4-32bit-1.3.3-9.3.1libebml4-debuginfo-32bit-1.3.3-9.3.1libmatroska-devel-1.4.4-7.3.1libebml4-1.3.3-9.3.1libebml-debugsource-1.3.3-9.3.1libmatroska6-32bit-1.4.4-7.3.1libmatroska6-1.4.4-7.3.1

i586libmatroska-debugsource-1.4.4-7.3.1libmatroska6-debuginfo-1.4.4-7.3.1libebml4-debuginfo-1.3.3-9.3.1libebml-devel-1.3.3-9.3.1libmatroska-devel-1.4.4-7.3.1libebml4-1.3.3-9.3.1libebml-debugsource-1.3.3-9.3.1libmatroska6-1.4.4-7.3.1


Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes

Risk Level: High CVE: CVE-2015-7554




SuSE SLED 12x86_64libtiff5-32bit-4.0.6-19.1libtiff5-debuginfo-32bit-4.0.6-19.1tiff-debugsource-4.0.6-19.1libtiff5-debuginfo-4.0.6-19.1tiff-debuginfo-4.0.6-19.1libtiff5-4.0.6-19.1

SuSE SLES 12x86_64libtiff5-32bit-4.0.6-19.1libtiff5-debuginfo-32bit-4.0.6-19.1tiff-debugsource-4.0.6-19.1libtiff5-debuginfo-4.0.6-19.1tiff-debuginfo-4.0.6-19.1libtiff5-4.0.6-19.1tiff-4.0.6-19.1

144151 - SuSE Linux 13.1 openSUSE-SU-2016:0124-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2015-5307, CVE-2015-7311, CVE-2015-7504, CVE-2015-7549, CVE-2015-7970, CVE-2015-8104, CVE-2015-8339, CVE-2015-8340, CVE-2015-8341, CVE-2015-8345, CVE-2015-8504, CVE-2015-8550, CVE-2015-8554, CVE-2015-8555, CVE-2015-8558




SuSE Linux 13.1x86_64xen-4.3.4_10-53.1xen-xend-tools-debuginfo-4.3.4_10-53.1xen-devel-4.3.4_10-53.1xen-kmp-desktop-4.3.4_10_k3.11.10_29-53.1xen-doc-html-4.3.4_10-53.1xen-tools-domU-4.3.4_10-53.1

xen-libs-debuginfo-4.3.4_10-53.1xen-debugsource-4.3.4_10-53.1xen-xend-tools-4.3.4_10-53.1xen-kmp-desktop-debuginfo-4.3.4_10_k3.11.10_29-53.1xen-libs-4.3.4_10-53.1xen-libs-debuginfo-32bit-4.3.4_10-53.1xen-tools-debuginfo-4.3.4_10-53.1xen-kmp-default-debuginfo-4.3.4_10_k3.11.10_29-53.1xen-tools-4.3.4_10-53.1xen-kmp-default-4.3.4_10_k3.11.10_29-53.1xen-libs-32bit-4.3.4_10-53.1xen-tools-domU-debuginfo-4.3.4_10-53.1

i586xen-libs-4.3.4_10-53.1xen-kmp-desktop-4.3.4_10_k3.11.10_29-53.1xen-kmp-default-4.3.4_10_k3.11.10_29-53.1xen-libs-debuginfo-4.3.4_10-53.1xen-kmp-pae-4.3.4_10_k3.11.10_29-53.1xen-kmp-default-debuginfo-4.3.4_10_k3.11.10_29-53.1xen-kmp-pae-debuginfo-4.3.4_10_k3.11.10_29-53.1xen-tools-domU-4.3.4_10-53.1xen-tools-domU-debuginfo-4.3.4_10-53.1xen-kmp-desktop-debuginfo-4.3.4_10_k3.11.10_29-53.1xen-devel-4.3.4_10-53.1xen-debugsource-4.3.4_10-53.1


Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2015-5307, CVE-2015-7504, CVE-2015-7549, CVE-2015-8339, CVE-2015-8340, CVE-2015-8341, CVE-2015-8345, CVE-2015-8504, CVE-2015-8550, CVE-2015-8554, CVE-2015-8555, CVE-2015-8558, CVE-2015-8567, CVE-2015-8568




SuSE Linux 13.2x86_64xen-doc-html-4.4.3_08-36.1xen-libs-debuginfo-4.4.3_08-36.1xen-libs-32bit-4.4.3_08-36.1xen-kmp-default-debuginfo-4.4.3_08_k3.16.7_29-36.1xen-libs-debuginfo-32bit-4.4.3_08-36.1xen-kmp-desktop-debuginfo-4.4.3_08_k3.16.7_29-36.1xen-tools-domU-4.4.3_08-36.1xen-tools-domU-debuginfo-4.4.3_08-36.1xen-kmp-default-4.4.3_08_k3.16.7_29-36.1xen-tools-debuginfo-4.4.3_08-36.1xen-4.4.3_08-36.1xen-kmp-desktop-4.4.3_08_k3.16.7_29-36.1

xen-tools-4.4.3_08-36.1xen-libs-4.4.3_08-36.1xen-devel-4.4.3_08-36.1xen-debugsource-4.4.3_08-36.1

i586xen-tools-domU-debuginfo-4.4.3_08-36.1xen-debugsource-4.4.3_08-36.1xen-libs-4.4.3_08-36.1xen-tools-domU-4.4.3_08-36.1xen-devel-4.4.3_08-36.1xen-libs-debuginfo-4.4.3_08-36.1

160030 - CentOS 5 CESA-2016-0045 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Cent OS Patches and Hotfixes Risk Level: High CVE: CVE-2015-5364, CVE-2015-5366

DescriptionThe scan detected that the host is missing the following update:CESA-2016-0045


http://lists.centos.org/pipermail/centos-announce/2016-January/021616.html

CentOS 5i386kernel-headers-2.6.18-408.el5

i686kernel-PAE-devel-2.6.18-408.el5kernel-2.6.18-408.el5kernel-debug-devel-2.6.18-408.el5kernel-xen-2.6.18-408.el5kernel-xen-devel-2.6.18-408.el5kernel-devel-2.6.18-408.el5kernel-debug-2.6.18-408.el5kernel-PAE-2.6.18-408.el5


x86_64kernel-2.6.18-408.el5kernel-debug-devel-2.6.18-408.el5kernel-xen-2.6.18-408.el5kernel-xen-devel-2.6.18-408.el5kernel-devel-2.6.18-408.el5kernel-debug-2.6.18-408.el5kernel-headers-2.6.18-408.el5

174887 - Scientific Linux Security ERRATA Important: kernel on SL5.x i386/x86_64 (1601-8916)

Category: SSH Module -> NonIntrusive -> Scientific Linux Patches and HotFixes

Risk Level: High CVE: CVE-2015-5364, CVE-2015-5366

DescriptionThe scan detected that the host is missing the following update:Security ERRATA Important: kernel on SL5.x i386/x86_64 (1601-8916)


https://listserv.fnal.gov/scripts/wa.exe?A2=ind1601&L=scientific-linux-errata&F=&S=&P=8916

SL5i386kernel-xen-devel-2.6.18-408.el5kernel-xen-debuginfo-2.6.18-408.el5kernel-debuginfo-common-2.6.18-408.el5kernel-debug-2.6.18-408.el5kernel-devel-2.6.18-408.el5kernel-PAE-debuginfo-2.6.18-408.el5kernel-debug-devel-2.6.18-408.el5kernel-headers-2.6.18-408.el5kernel-xen-2.6.18-408.el5kernel-PAE-2.6.18-408.el5kernel-PAE-devel-2.6.18-408.el5kernel-debug-debuginfo-2.6.18-408.el5kernel-debuginfo-2.6.18-408.el5kernel-2.6.18-408.el5



19521 - (HT205638) Apple QuickTime Multiple Vulnerabilities Prior To 7.7.9

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, CVE-2015-7092, CVE-2015-7117

DescriptionMultiple vulnerabilities are present in some versions of Apple QuickTime.

ObservationApple QuickTime is a media player.

Multiple vulnerabilities are present in some versions of Apple QuickTime. The flaws occur when handling a crafted movie file. Successful exploitation could allow an attacker to cause denial of service or to execute arbitrary code.

19522 - (VMSA-2016-0001) VMware Workstation Guest Privilege Escalation Vulnerability

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2015-6933

DescriptionA kernel memory corruption vulnerability is present in some versions of VMware Workstation.

ObservationVMware Workstation is a virtualization software.

A kernel memory corruption vulnerability is present in some versions of VMware Workstation. The flaw lies in VMware Tools "Shared Folders" (HGFS) feature. Successful exploitation could allow an escalation of privilege in the guest operating system.

19547 - WordPress Cross-Site Scripting Vulnerability Priro To 4.4.1

Category: General Vulnerability Assessment -> NonIntrusive -> Web Server Risk Level: Medium CVE: CVE-MAP-NOMATCH

DescriptionA vulnerability is present in some versions of WordPress.

ObservationWordPress is a popular blogging tool.

A vulnerability is present in some versions of WordPress. Successful exploitation could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.

19552 - IBM DB2 Multiple Vulnerabilities Prior To 10.5 Fix Pack 7

Category: General Vulnerability Assessment -> NonIntrusive -> Miscellaneous Risk Level: Medium CVE: CVE-2015-0204, CVE-2015-1788, CVE-2015-1947, CVE-2015-2808, CVE-2015-4000

DescriptionMultiple vulnerabilities are present in some versions of IBM DB2.

ObservationIBM DB2 is a database software.

Multiple vulnerabilities are present in some versions of IBM DB2. The flaws lie in multiple components. Successful exploitation could allow an attacker to cause a denial of service, conduct plaintext-recovery or downgrade attacks, or obtain root privileges.

19558 - (SOL17518) F5 BIG-IP NTP Vulnerability

Category: SSH Module -> NonIntrusive -> F5 Risk Level: Medium CVE: CVE-2015-7871

DescriptionA denial of service vulnerability is present in NTP server in some versions of F5 BIG-IP systems.


A denial of service vulnerability is present in NTP server in some versions of F5 BIG-IP systems. The vulnerability allows unauthenticated remote attacker to bypass the symmetric association authentication, sending malicious crypto-NAK packets to the vulnerable NTP server. Successful exploitation can cause a denial of service condition or modification of the time being advertised by the NTP server.

19561 - (VMSA-2016-0001) VMware Fusion Guest Privilege Escalation Vulnerability

Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: Medium CVE: CVE-2015-6933

DescriptionA privilege escalation vulnerability is present in some versions of VMware Fusion.

ObservationVMware Fusion is a popular virtualization platform.

A privilege escalation vulnerability is present in some versions of VMware Fusion. The flaw lies in the VMware Tools HGFS feature (aka "Shared Folders" feature) running on Windows-based guests. Successful exploitation could allow an attacker to escalate privileges or to cause a denial of service condition in the virtual machines of this product running Microsoft Windows OS.

19574 - Advantech WebAccess Multiple Vulnerabilities Prior To 8.1

Category: Windows Host Assessment -> SCADA (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2015-3943, CVE-2015-3946, CVE-2015-3947, CVE-2015-3948, CVE-2015-6467, CVE-2016-0851, CVE-2016-0852, CVE-2016-0853, CVE-2016-0854, CVE-2016-0855, CVE-2016-0856, CVE-2016-0857, CVE-2016-0858, CVE-2016-0859, CVE-2016-0860

DescriptionMultiple vulnerabilities are present in some versions of Advantech WebAccess.

ObservationAdvantech WebAccess is a web-based HMI software application used in energy, manufacturing, and building automation systems.

Multiple vulnerabilities are present in some versions of Advantech WebAccess. The flaws exist in multiple components. Successful exploitation could allow a remote attacker to execute arbitrary code, disclose information, deny access to valid users and bypass security measures.

135116 - Oracle Solaris 11.3.4.5.0 Update Is Not Installed (CVE-2015-8370)

Category: SSH Module -> NonIntrusive -> Solaris Patches and Hotfixes

Risk Level: Medium CVE: CVE-2015-8370

DescriptionThe scan detected that the host is missing the following update:SRU 11.3.4.5.0




Category: SSH Module -> NonIntrusive -> Solaris Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-0418




144148 - SuSE SLES 12 SUSE-SU-2016:0114-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2015-2296




SuSE SLES 12noarchpython-requests-2.8.1-6.9.1


Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium

CVE: CVE-2014-8242, CVE-2014-9512




SuSE SLED 12x86_64rsync-debuginfo-3.1.0-6.1rsync-3.1.0-6.1rsync-debugsource-3.1.0-6.1

SuSE SLES 12x86_64rsync-debuginfo-3.1.0-6.1rsync-3.1.0-6.1rsync-debugsource-3.1.0-6.1


Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2015-7550, CVE-2015-8539, CVE-2015-8543, CVE-2015-8550, CVE-2015-8551, CVE-2015-8552, CVE-2015-8569, CVE-2015-8575




SuSE SLED 12x86_64kernel-default-extra-3.12.51-52.34.1kernel-syms-3.12.51-52.34.1kernel-xen-devel-3.12.51-52.34.1kernel-default-devel-3.12.51-52.34.1kernel-default-extra-debuginfo-3.12.51-52.34.1kernel-xen-debugsource-3.12.51-52.34.1kernel-default-debugsource-3.12.51-52.34.1kernel-xen-3.12.51-52.34.1kernel-xen-debuginfo-3.12.51-52.34.1kernel-default-3.12.51-52.34.1kernel-default-debuginfo-3.12.51-52.34.1

noarchkernel-source-3.12.51-52.34.1

kernel-macros-3.12.51-52.34.1kernel-devel-3.12.51-52.34.1

SuSE SLES 12noarchkernel-source-3.12.51-52.34.1kernel-macros-3.12.51-52.34.1kernel-devel-3.12.51-52.34.1

x86_64kernel-xen-debugsource-3.12.51-52.34.1kernel-default-base-3.12.51-52.34.1kernel-default-devel-3.12.51-52.34.1kernel-xen-debuginfo-3.12.51-52.34.1kernel-default-3.12.51-52.34.1kernel-default-debuginfo-3.12.51-52.34.1kernel-xen-3.12.51-52.34.1kernel-default-debugsource-3.12.51-52.34.1kernel-syms-3.12.51-52.34.1kernel-xen-base-debuginfo-3.12.51-52.34.1kernel-default-base-debuginfo-3.12.51-52.34.1kernel-xen-devel-3.12.51-52.34.1kernel-xen-base-3.12.51-52.34.1

170614 - Amazon Linux AMI ALAS-2016-635 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2015-5292

DescriptionThe scan detected that the host is missing the following update:ALAS-2016-635


https://alas.aws.amazon.com/ALAS-2016-635.html

Amazon Linux AMIi686sssd-libwbclient-devel-1.13.0-40.6.amzn1sssd-ldap-1.13.0-40.6.amzn1sssd-dbus-1.13.0-40.6.amzn1python27-sss-1.13.0-40.6.amzn1libsss_nss_idmap-1.13.0-40.6.amzn1sssd-common-1.13.0-40.6.amzn1sssd-ad-1.13.0-40.6.amzn1sssd-proxy-1.13.0-40.6.amzn1python27-libipa_hbac-1.13.0-40.6.amzn1libsss_simpleifp-1.13.0-40.6.amzn1sssd-debuginfo-1.13.0-40.6.amzn1sssd-krb5-common-1.13.0-40.6.amzn1python27-sss-murmur-1.13.0-40.6.amzn1python27-libsss_nss_idmap-1.13.0-40.6.amzn1libsss_nss_idmap-devel-1.13.0-40.6.amzn1sssd-tools-1.13.0-40.6.amzn1

sssd-common-pac-1.13.0-40.6.amzn1libsss_idmap-devel-1.13.0-40.6.amzn1sssd-libwbclient-1.13.0-40.6.amzn1libipa_hbac-1.13.0-40.6.amzn1sssd-1.13.0-40.6.amzn1libipa_hbac-devel-1.13.0-40.6.amzn1libsss_idmap-1.13.0-40.6.amzn1sssd-ipa-1.13.0-40.6.amzn1libsss_simpleifp-devel-1.13.0-40.6.amzn1sssd-krb5-1.13.0-40.6.amzn1sssd-client-1.13.0-40.6.amzn1

noarchpython27-sssdconfig-1.13.0-40.6.amzn1

x86_64sssd-libwbclient-devel-1.13.0-40.6.amzn1sssd-ldap-1.13.0-40.6.amzn1sssd-dbus-1.13.0-40.6.amzn1python27-sss-1.13.0-40.6.amzn1sssd-common-1.13.0-40.6.amzn1sssd-ad-1.13.0-40.6.amzn1sssd-proxy-1.13.0-40.6.amzn1python27-libipa_hbac-1.13.0-40.6.amzn1libsss_simpleifp-1.13.0-40.6.amzn1sssd-debuginfo-1.13.0-40.6.amzn1sssd-krb5-common-1.13.0-40.6.amzn1libsss_nss_idmap-1.13.0-40.6.amzn1python27-libsss_nss_idmap-1.13.0-40.6.amzn1libsss_nss_idmap-devel-1.13.0-40.6.amzn1sssd-tools-1.13.0-40.6.amzn1sssd-common-pac-1.13.0-40.6.amzn1libsss_idmap-devel-1.13.0-40.6.amzn1sssd-libwbclient-1.13.0-40.6.amzn1libipa_hbac-1.13.0-40.6.amzn1sssd-1.13.0-40.6.amzn1libipa_hbac-devel-1.13.0-40.6.amzn1libsss_idmap-1.13.0-40.6.amzn1sssd-ipa-1.13.0-40.6.amzn1libsss_simpleifp-devel-1.13.0-40.6.amzn1sssd-krb5-1.13.0-40.6.amzn1sssd-client-1.13.0-40.6.amzn1python27-sss-murmur-1.13.0-40.6.amzn1

181774 - FreeBSD libarchive Multiple Vulnerabilities (7c63775e-be31-11e5-b5fe-002590263bf5)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Medium CVE: CVE-2013-0211, CVE-2015-2304

DescriptionThe scan detected that the host is missing the following update:libarchive -- multiple vulnerabilities (7c63775e-be31-11e5-b5fe-002590263bf5)


http://www.vuxml.org/freebsd/7c63775e-be31-11e5-b5fe-002590263bf5.html

Affected packages: libarchive < 3.1.2_5,1

19456 - (SOL86772626) F5 BIG-IP OpenSSL Vulnerability


DescriptionA vulnerability is present in some versions of F5 BIG-IP products.


A vulnerability is present in some versions of F5 BIG-IP products. The flaw lies in the OpenSSL component. Successful exploitation could allow an attacker to cause a denial of service condition.

19503 - (ESA-2015-179) EMC Secure Remote Services Virtual Edition Path Traversal Vulnerability


DescriptionAn information disclosure vulnerability is present in some versions of EMC Secure Remote Services Virtual Edition.

ObservationEMC Secure Remote Services (ESRS) Virtual Edition is based on Linux OS for distributed remote service support solution.

An information disclosure vulnerability is present in some versions of EMC Secure Remote Services Virtual Edition. The flaw lies in the EMC SRS Virtual Edition API. Successful exploitation of this vulnerability could allow an attacker to disclose sensitive information. Exploitation requires the malicious user to execute a directory traversal attack against the affected target.

19504 - (HPSBGN03526) HPE Helion Eucalyptus Unauthorized Modification Vulnerability


DescriptionA vulnerability is present in some versions of HPE Helion Eucalyptus.

ObservationHPE Helion Eucalyptus is an open source tool designed to configure clouds compatible with Amazon Web Services API.

A vulnerability is present in some versions of HPE Helion Eucalyptus. The flaw is related with how this product handles user permissions. Successful exploitation could allow an attacker to bypass security access restrictions and to do unauthorized modifications in the affected system.

19520 - (HPSBUX03435) HP-UX Web Server Suite Apache Remote Denial of Service Vulnerability

Category: SSH Module -> NonIntrusive -> HP-UX Patches and Hotfixes Risk Level: Medium CVE: CVE-2015-2808, CVE-2015-3183, CVE-2015-4000

DescriptionMultiple vulnerabilities are present in some versions of HP-UX.

ObservationHP-UX is a Unix-like operating system.

Multiple vulnerabilities are present in some versions of HP-UX. The flaws lie in the Web Server component. Successful exploitation could allow an attacker to obtain sensitive information or cause denial of service.

19567 - (JSA10720) Juniper Junos J-web Denial of Service Vulnerability




A denial of service vulnerability is present in some versions of Juniper Junos. The flaw lies in J-Web component. Successful exploitation could allow an attacker to cause J-Web service crash.

19568 - (JSA10714) Juniper Junos IGMPv3 Multicast Denial of Service Vulnerability




A denial of service vulnerability is present in some versions of Juniper Junos. The flaw occurs due to an improper IGMPv3 protocol message handling. Successful exploitation could allow an attacker to cause denial of service.


Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Medium CVE: CVE-2014-7810




Debian 8.0alltomcat7_7.0.56-3+deb8u1

Debian 7.0alltomcat7_7.0.28-4+deb7u3











SuSE Linux 13.1noarchpython-rsa-3.1.4-5.3.1

SuSE Linux 13.2noarchpython-rsa-3.1.4-2.3.1






Amazon Linux AMIx86_64bind-sdb-9.8.2-0.37.rc1.43.amzn1bind-chroot-9.8.2-0.37.rc1.43.amzn1bind-9.8.2-0.37.rc1.43.amzn1bind-devel-9.8.2-0.37.rc1.43.amzn1bind-debuginfo-9.8.2-0.37.rc1.43.amzn1bind-libs-9.8.2-0.37.rc1.43.amzn1bind-utils-9.8.2-0.37.rc1.43.amzn1

i686bind-debuginfo-9.8.2-0.37.rc1.43.amzn1bind-chroot-9.8.2-0.37.rc1.43.amzn1bind-9.8.2-0.37.rc1.43.amzn1bind-devel-9.8.2-0.37.rc1.43.amzn1bind-sdb-9.8.2-0.37.rc1.43.amzn1bind-libs-9.8.2-0.37.rc1.43.amzn1bind-utils-9.8.2-0.37.rc1.43.amzn1






Amazon Linux AMIi686kernel-debuginfo-common-i686-4.1.13-19.31.amzn1kernel-tools-4.1.13-19.31.amzn1kernel-debuginfo-4.1.13-19.31.amzn1

kernel-tools-debuginfo-4.1.13-19.31.amzn1perf-debuginfo-4.1.13-19.31.amzn1kernel-headers-4.1.13-19.31.amzn1kernel-devel-4.1.13-19.31.amzn1kernel-4.1.13-19.31.amzn1perf-4.1.13-19.31.amzn1kernel-tools-devel-4.1.13-19.31.amzn1

noarchkernel-doc-4.1.13-19.31.amzn1

x86_64kernel-devel-4.1.13-19.31.amzn1kernel-tools-4.1.13-19.31.amzn1kernel-debuginfo-4.1.13-19.31.amzn1kernel-tools-debuginfo-4.1.13-19.31.amzn1kernel-debuginfo-common-x86_64-4.1.13-19.31.amzn1perf-debuginfo-4.1.13-19.31.amzn1kernel-tools-devel-4.1.13-19.31.amzn1kernel-4.1.13-19.31.amzn1perf-4.1.13-19.31.amzn1kernel-headers-4.1.13-19.31.amzn1






Amazon Linux AMIx86_64dhcp-4.1.1-43.P1.22.amzn1dhcp-common-4.1.1-43.P1.22.amzn1dhcp-devel-4.1.1-43.P1.22.amzn1dhcp-debuginfo-4.1.1-43.P1.22.amzn1dhclient-4.1.1-43.P1.22.amzn1

i686dhcp-common-4.1.1-43.P1.22.amzn1dhcp-debuginfo-4.1.1-43.P1.22.amzn1dhcp-devel-4.1.1-43.P1.22.amzn1dhcp-4.1.1-43.P1.22.amzn1dhclient-4.1.1-43.P1.22.amzn1


Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and Hotfixes

Risk Level: Medium CVE: CVE-2015-2704




Amazon Linux AMIi686realmd-0.16.1-5.5.amzn1realmd-debuginfo-0.16.1-5.5.amzn1

noarchrealmd-devel-docs-0.16.1-5.5.amzn1

x86_64realmd-0.16.1-5.5.amzn1realmd-debuginfo-0.16.1-5.5.amzn1






Amazon Linux AMIx86_64php55-devel-5.5.31-1.111.amzn1php56-cli-5.6.17-1.120.amzn1php56-recode-5.6.17-1.120.amzn1php56-dbg-5.6.17-1.120.amzn1php56-mcrypt-5.6.17-1.120.amzn1php55-mysqlnd-5.5.31-1.111.amzn1php56-bcmath-5.6.17-1.120.amzn1php55-bcmath-5.5.31-1.111.amzn1php55-common-5.5.31-1.111.amzn1php56-ldap-5.6.17-1.120.amzn1php56-enchant-5.6.17-1.120.amzn1php56-opcache-5.6.17-1.120.amzn1php56-imap-5.6.17-1.120.amzn1php55-mcrypt-5.5.31-1.111.amzn1

php55-mssql-5.5.31-1.111.amzn1php56-devel-5.6.17-1.120.amzn1php55-enchant-5.5.31-1.111.amzn1php56-xml-5.6.17-1.120.amzn1php55-cli-5.5.31-1.111.amzn1php55-embedded-5.5.31-1.111.amzn1php55-gmp-5.5.31-1.111.amzn1php55-ldap-5.5.31-1.111.amzn1php56-snmp-5.6.17-1.120.amzn1php56-pspell-5.6.17-1.120.amzn1php56-gd-5.6.17-1.120.amzn1php56-soap-5.6.17-1.120.amzn1php55-xmlrpc-5.5.31-1.111.amzn1php56-pdo-5.6.17-1.120.amzn1php56-mbstring-5.6.17-1.120.amzn1php56-dba-5.6.17-1.120.amzn1php56-mysqlnd-5.6.17-1.120.amzn1php55-soap-5.5.31-1.111.amzn1php56-common-5.6.17-1.120.amzn1php56-gmp-5.6.17-1.120.amzn1php55-intl-5.5.31-1.111.amzn1php56-odbc-5.6.17-1.120.amzn1php55-dba-5.5.31-1.111.amzn1php55-pdo-5.5.31-1.111.amzn1php56-tidy-5.6.17-1.120.amzn1php55-imap-5.5.31-1.111.amzn1php55-opcache-5.5.31-1.111.amzn1php56-intl-5.6.17-1.120.amzn1php55-tidy-5.5.31-1.111.amzn1php56-fpm-5.6.17-1.120.amzn1php56-debuginfo-5.6.17-1.120.amzn1php55-5.5.31-1.111.amzn1php55-recode-5.5.31-1.111.amzn1php56-pgsql-5.6.17-1.120.amzn1php56-5.6.17-1.120.amzn1php55-fpm-5.5.31-1.111.amzn1php55-process-5.5.31-1.111.amzn1php55-odbc-5.5.31-1.111.amzn1php56-mssql-5.6.17-1.120.amzn1php55-snmp-5.5.31-1.111.amzn1php56-embedded-5.6.17-1.120.amzn1php56-process-5.6.17-1.120.amzn1php55-gd-5.5.31-1.111.amzn1php55-mbstring-5.5.31-1.111.amzn1php56-xmlrpc-5.6.17-1.120.amzn1php55-xml-5.5.31-1.111.amzn1php55-pgsql-5.5.31-1.111.amzn1php55-pspell-5.5.31-1.111.amzn1php55-debuginfo-5.5.31-1.111.amzn1

i686php55-mysqlnd-5.5.31-1.111.amzn1php55-devel-5.5.31-1.111.amzn1php56-cli-5.6.17-1.120.amzn1php56-recode-5.6.17-1.120.amzn1php55-recode-5.5.31-1.111.amzn1php56-dbg-5.6.17-1.120.amzn1php56-mcrypt-5.6.17-1.120.amzn1php56-snmp-5.6.17-1.120.amzn1php55-embedded-5.5.31-1.111.amzn1

php55-common-5.5.31-1.111.amzn1php56-ldap-5.6.17-1.120.amzn1php56-enchant-5.6.17-1.120.amzn1php55-tidy-5.5.31-1.111.amzn1php56-imap-5.6.17-1.120.amzn1php55-mcrypt-5.5.31-1.111.amzn1php55-mssql-5.5.31-1.111.amzn1php56-devel-5.6.17-1.120.amzn1php55-enchant-5.5.31-1.111.amzn1php56-xml-5.6.17-1.120.amzn1php55-cli-5.5.31-1.111.amzn1php56-gmp-5.6.17-1.120.amzn1php55-soap-5.5.31-1.111.amzn1php55-ldap-5.5.31-1.111.amzn1php55-gd-5.5.31-1.111.amzn1php55-intl-5.5.31-1.111.amzn1php56-pspell-5.6.17-1.120.amzn1php56-gd-5.6.17-1.120.amzn1php56-mbstring-5.6.17-1.120.amzn1php55-bcmath-5.5.31-1.111.amzn1php55-xmlrpc-5.5.31-1.111.amzn1php56-pdo-5.6.17-1.120.amzn1php55-mbstring-5.5.31-1.111.amzn1php56-dba-5.6.17-1.120.amzn1php56-mysqlnd-5.6.17-1.120.amzn1php55-imap-5.5.31-1.111.amzn1php56-common-5.6.17-1.120.amzn1php56-debuginfo-5.6.17-1.120.amzn1php55-fpm-5.5.31-1.111.amzn1php55-gmp-5.5.31-1.111.amzn1php55-dba-5.5.31-1.111.amzn1php55-pdo-5.5.31-1.111.amzn1php56-tidy-5.6.17-1.120.amzn1php56-bcmath-5.6.17-1.120.amzn1php55-opcache-5.5.31-1.111.amzn1php56-fpm-5.6.17-1.120.amzn1php55-5.5.31-1.111.amzn1php56-opcache-5.6.17-1.120.amzn1php56-pgsql-5.6.17-1.120.amzn1php56-soap-5.6.17-1.120.amzn1php56-5.6.17-1.120.amzn1php55-process-5.5.31-1.111.amzn1php55-odbc-5.5.31-1.111.amzn1php56-mssql-5.6.17-1.120.amzn1php55-snmp-5.5.31-1.111.amzn1php56-embedded-5.6.17-1.120.amzn1php56-process-5.6.17-1.120.amzn1php56-odbc-5.6.17-1.120.amzn1php56-intl-5.6.17-1.120.amzn1php56-xmlrpc-5.6.17-1.120.amzn1php55-xml-5.5.31-1.111.amzn1php55-pgsql-5.5.31-1.111.amzn1php55-pspell-5.5.31-1.111.amzn1php55-debuginfo-5.5.31-1.111.amzn1


Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and Hotfixes Risk Level: Medium

CVE: CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-5330




Amazon Linux AMIi686samba-devel-4.2.3-11.28.amzn1libwbclient-4.2.3-11.28.amzn1samba-test-4.2.3-11.28.amzn1samba-4.2.3-11.28.amzn1ctdb-devel-4.2.3-11.28.amzn1libsmbclient-4.2.3-11.28.amzn1samba-test-libs-4.2.3-11.28.amzn1ctdb-tests-4.2.3-11.28.amzn1samba-common-tools-4.2.3-11.28.amzn1samba-common-libs-4.2.3-11.28.amzn1samba-test-devel-4.2.3-11.28.amzn1samba-winbind-modules-4.2.3-11.28.amzn1samba-winbind-clients-4.2.3-11.28.amzn1samba-winbind-krb5-locator-4.2.3-11.28.amzn1samba-libs-4.2.3-11.28.amzn1samba-client-4.2.3-11.28.amzn1ctdb-4.2.3-11.28.amzn1libsmbclient-devel-4.2.3-11.28.amzn1samba-python-4.2.3-11.28.amzn1samba-winbind-4.2.3-11.28.amzn1samba-client-libs-4.2.3-11.28.amzn1libwbclient-devel-4.2.3-11.28.amzn1samba-debuginfo-4.2.3-11.28.amzn1

noarchsamba-common-4.2.3-11.28.amzn1samba-pidl-4.2.3-11.28.amzn1

x86_64samba-devel-4.2.3-11.28.amzn1libwbclient-4.2.3-11.28.amzn1libsmbclient-devel-4.2.3-11.28.amzn1samba-4.2.3-11.28.amzn1samba-test-4.2.3-11.28.amzn1libsmbclient-4.2.3-11.28.amzn1samba-test-libs-4.2.3-11.28.amzn1ctdb-tests-4.2.3-11.28.amzn1samba-common-tools-4.2.3-11.28.amzn1samba-common-libs-4.2.3-11.28.amzn1samba-test-devel-4.2.3-11.28.amzn1samba-winbind-modules-4.2.3-11.28.amzn1samba-winbind-clients-4.2.3-11.28.amzn1samba-libs-4.2.3-11.28.amzn1samba-client-4.2.3-11.28.amzn1ctdb-4.2.3-11.28.amzn1

samba-winbind-krb5-locator-4.2.3-11.28.amzn1samba-python-4.2.3-11.28.amzn1libwbclient-devel-4.2.3-11.28.amzn1ctdb-devel-4.2.3-11.28.amzn1samba-client-libs-4.2.3-11.28.amzn1samba-winbind-4.2.3-11.28.amzn1samba-debuginfo-4.2.3-11.28.amzn1


Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2015-3223, CVE-2015-5330




Amazon Linux AMIx86_64pyldb-1.1.20-1.7.amzn1pyldb-devel-1.1.20-1.7.amzn1libldb-devel-1.1.20-1.7.amzn1libldb-debuginfo-1.1.20-1.7.amzn1libldb-1.1.20-1.7.amzn1ldb-tools-1.1.20-1.7.amzn1

i686pyldb-1.1.20-1.7.amzn1pyldb-devel-1.1.20-1.7.amzn1libldb-devel-1.1.20-1.7.amzn1ldb-tools-1.1.20-1.7.amzn1libldb-1.1.20-1.7.amzn1libldb-debuginfo-1.1.20-1.7.amzn1


Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: Medium CVE: CVE-2015-7499, CVE-2015-8710




Ubuntu 12.04

libxml2_2.7.8.dfsg-5.1ubuntu4.14

Ubuntu 15.04

libxml2_2.9.2+dfsg1-3ubuntu0.3

Ubuntu 15.10

libxml2_2.9.2+zdfsg1-4ubuntu0.3

Ubuntu 14.04

libxml2_2.9.1+dfsg1-3ubuntu4.7

19455 - (SOL55540723) F5 BIG-IP OpenSSL Vulnerability




A vulnerability is present in some versions of F5 BIG-IP products. The flaw lies in the OpenSSL component. Successful exploitation could allow an attacker to cause a denial of service condition.

19483 - (SOL17525) F5 BIG-IP NTP Vulnerability


DescriptionA buffer overflow vulnerability is present in some versions of F5 BIG-IP products.


A buffer overflow vulnerability is present in some versions of F5 BIG-IP products. The flaw lies in the ntpd component. Successful exploitation could allow an attacker to possibly cause a denial of service condition or to remotely execute arbitrary code.

88732 - Slackware Linux 13.0, 13.1, 13.37, 14.0, 14.1 SSA:2016-014-01 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Slackware Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-0777, CVE-2016-0778

Description

The scan detected that the host is missing the following update:SSA:2016-014-01


http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.677958

Slackware 14.0x86_64openssh-7.1p2-x86_64-1





96027 - Oracle Enterprise Linux ELSA-2016-0043 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-0777, CVE-2016-0778

DescriptionThe scan detected that the host is missing the following update:ELSA-2016-0043


http://oss.oracle.com/pipermail/el-errata/2016-January/005689.html

OEL7x86_64openssh-server-sysvinit-6.6.1p1-23.el7_2openssh-ldap-6.6.1p1-23.el7_2pam_ssh_agent_auth-0.9.3-9.23.el7_2openssh-askpass-6.6.1p1-23.el7_2openssh-server-6.6.1p1-23.el7_2openssh-6.6.1p1-23.el7_2openssh-keycat-6.6.1p1-23.el7_2openssh-clients-6.6.1p1-23.el7_2


Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-0777, CVE-2016-0778




Debian 8.0allopenssh-client_1:6.7p1-5+deb8u1ssh-krb5_1:6.7p1-5+deb8u1openssh-client-udeb_1:6.7p1-5+deb8u1ssh_1:6.7p1-5+deb8u1openssh-server_1:6.7p1-5+deb8u1openssh-server-udeb_1:6.7p1-5+deb8u1ssh-askpass-gnome_1:6.7p1-5+deb8u1openssh-sftp-server_1:6.7p1-5+deb8u1

Debian 7.0allopenssh-server-udeb_1:6.0p1-4+deb7u3ssh-krb5_1:6.0p1-4+deb7u3openssh-client_1:6.0p1-4+deb7u3openssh-server_1:6.0p1-4+deb7u3openssh-client-udeb_1:6.0p1-4+deb7u3ssh-askpass-gnome_1:6.0p1-4+deb7u3ssh_1:6.0p1-4+deb7u3







Category: SSH Module -> NonIntrusive -> Solaris Patches and Hotfixes Risk Level: Medium

CVE: CVE-2016-0428















Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-0777, CVE-2016-0778




RHEL7Dx86_64openssh-server-sysvinit-6.6.1p1-23.el7_2openssh-ldap-6.6.1p1-23.el7_2pam_ssh_agent_auth-0.9.3-9.23.el7_2openssh-debuginfo-6.6.1p1-23.el7_2openssh-askpass-6.6.1p1-23.el7_2openssh-server-6.6.1p1-23.el7_2openssh-6.6.1p1-23.el7_2openssh-keycat-6.6.1p1-23.el7_2openssh-clients-6.6.1p1-23.el7_2

RHEL7Sppc64openssh-server-sysvinit-6.6.1p1-23.el7_2openssh-ldap-6.6.1p1-23.el7_2pam_ssh_agent_auth-0.9.3-9.23.el7_2openssh-debuginfo-6.6.1p1-23.el7_2openssh-askpass-6.6.1p1-23.el7_2openssh-server-6.6.1p1-23.el7_2openssh-6.6.1p1-23.el7_2openssh-keycat-6.6.1p1-23.el7_2openssh-clients-6.6.1p1-23.el7_2

RHEL7WSx86_64openssh-server-sysvinit-6.6.1p1-23.el7_2openssh-ldap-6.6.1p1-23.el7_2pam_ssh_agent_auth-0.9.3-9.23.el7_2openssh-debuginfo-6.6.1p1-23.el7_2openssh-askpass-6.6.1p1-23.el7_2openssh-server-6.6.1p1-23.el7_2openssh-6.6.1p1-23.el7_2openssh-keycat-6.6.1p1-23.el7_2openssh-clients-6.6.1p1-23.el7_2


Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2015-5307, CVE-2015-8104




RHEL6_2Sx86_64python-perf-2.6.32-220.65.1.el6kernel-debug-2.6.32-220.65.1.el6python-perf-debuginfo-2.6.32-220.65.1.el6kernel-debug-devel-2.6.32-220.65.1.el6kernel-debuginfo-common-x86_64-2.6.32-220.65.1.el6perf-2.6.32-220.65.1.el6kernel-devel-2.6.32-220.65.1.el6kernel-headers-2.6.32-220.65.1.el6kernel-2.6.32-220.65.1.el6perf-debuginfo-2.6.32-220.65.1.el6kernel-debug-debuginfo-2.6.32-220.65.1.el6kernel-debuginfo-2.6.32-220.65.1.el6

noarchkernel-firmware-2.6.32-220.65.1.el6kernel-doc-2.6.32-220.65.1.el6


Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-0777, CVE-2016-0778




SuSE Linux 11.4x86_64openssh-debuginfo-5.8p1-11.1openssh-askpass-gnome-debuginfo-5.8p1-11.1openssh-debugsource-5.8p1-11.1openssh-5.8p1-11.1openssh-askpass-debuginfo-5.8p1-11.1openssh-askpass-5.8p1-11.1openssh-askpass-gnome-5.8p1-11.1

i586openssh-debuginfo-5.8p1-11.1openssh-askpass-gnome-debuginfo-5.8p1-11.1openssh-debugsource-5.8p1-11.1openssh-5.8p1-11.1openssh-askpass-debuginfo-5.8p1-11.1openssh-askpass-5.8p1-11.1openssh-askpass-gnome-5.8p1-11.1


Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes

Risk Level: Medium CVE: CVE-2016-0777, CVE-2016-0778




SuSE Linux 13.2x86_64openssh-debugsource-6.6p1-5.3.1openssh-helpers-debuginfo-6.6p1-5.3.1openssh-askpass-gnome-debuginfo-6.6p1-5.3.1openssh-helpers-6.6p1-5.3.1openssh-askpass-gnome-6.6p1-5.3.1openssh-debuginfo-6.6p1-5.3.1openssh-6.6p1-5.3.1openssh-fips-6.6p1-5.3.1

i586openssh-debugsource-6.6p1-5.3.1openssh-helpers-debuginfo-6.6p1-5.3.1openssh-askpass-gnome-debuginfo-6.6p1-5.3.1openssh-helpers-6.6p1-5.3.1openssh-askpass-gnome-6.6p1-5.3.1openssh-debuginfo-6.6p1-5.3.1openssh-6.6p1-5.3.1openssh-fips-6.6p1-5.3.1






SuSE SLED 12x86_64openssh-helpers-debuginfo-6.6p1-33.1openssh-6.6p1-33.1openssh-debuginfo-6.6p1-33.1openssh-helpers-6.6p1-33.1

openssh-askpass-gnome-debuginfo-6.6p1-33.1openssh-askpass-gnome-6.6p1-33.1openssh-debugsource-6.6p1-33.1

SuSE SLES 12x86_64openssh-helpers-debuginfo-6.6p1-33.1openssh-6.6p1-33.1openssh-debuginfo-6.6p1-33.1openssh-helpers-6.6p1-33.1openssh-askpass-gnome-debuginfo-6.6p1-33.1openssh-askpass-gnome-6.6p1-33.1openssh-debugsource-6.6p1-33.1openssh-fips-6.6p1-33.1


Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2015-7830, CVE-2015-8711, CVE-2015-8712, CVE-2015-8713, CVE-2015-8714, CVE-2015-8715, CVE-2015-8716, CVE-2015-8717, CVE-2015-8718, CVE-2015-8719, CVE-2015-8720, CVE-2015-8721, CVE-2015-8722, CVE-2015-8723, CVE-2015-8724, CVE-2015-8725, CVE-2015-8726, CVE-2015-8727, CVE-2015-8728, CVE-2015-8729, CVE-2015-8730, CVE-2015-8731, CVE-2015-8732, CVE-2015-8733




SuSE SLED 12x86_64wireshark-debuginfo-1.12.9-22.1wireshark-1.12.9-22.1wireshark-debugsource-1.12.9-22.1

SuSE SLES 12x86_64wireshark-debuginfo-1.12.9-22.1wireshark-1.12.9-22.1wireshark-debugsource-1.12.9-22.1






SuSE Linux 13.2x86_64libpolarssl7-debuginfo-1.3.9-14.1polarssl-devel-1.3.9-14.1libpolarssl7-1.3.9-14.1

i586libpolarssl7-debuginfo-1.3.9-14.1polarssl-devel-1.3.9-14.1libpolarssl7-1.3.9-14.1






SuSE Linux 13.1x86_64openssh-debugsource-6.2p2-3.7.1openssh-askpass-gnome-6.2p2-3.7.1openssh-6.2p2-3.7.1openssh-askpass-gnome-debuginfo-6.2p2-3.7.1openssh-debuginfo-6.2p2-3.7.1

i586openssh-debugsource-6.2p2-3.7.1openssh-askpass-gnome-6.2p2-3.7.1openssh-6.2p2-3.7.1openssh-askpass-gnome-debuginfo-6.2p2-3.7.1openssh-debuginfo-6.2p2-3.7.1



DescriptionThe scan detected that the host is missing the following update:

SUSE-SU-2016:0149-1



SuSE SLED 12x86_64libsoftokn3-debuginfo-32bit-3.19.2.2-32.1libfreebl3-32bit-3.19.2.2-32.1libfreebl3-3.19.2.2-32.1mozilla-nss-certs-3.19.2.2-32.1libsoftokn3-3.19.2.2-32.1mozilla-nss-32bit-3.19.2.2-32.1mozilla-nss-debugsource-3.19.2.2-32.1mozilla-nss-debuginfo-32bit-3.19.2.2-32.1libfreebl3-debuginfo-32bit-3.19.2.2-32.1mozilla-nss-sysinit-3.19.2.2-32.1mozilla-nss-3.19.2.2-32.1mozilla-nss-certs-debuginfo-3.19.2.2-32.1mozilla-nss-certs-debuginfo-32bit-3.19.2.2-32.1mozilla-nss-tools-debuginfo-3.19.2.2-32.1mozilla-nss-sysinit-debuginfo-3.19.2.2-32.1mozilla-nss-sysinit-32bit-3.19.2.2-32.1libsoftokn3-32bit-3.19.2.2-32.1mozilla-nss-certs-32bit-3.19.2.2-32.1mozilla-nss-sysinit-debuginfo-32bit-3.19.2.2-32.1mozilla-nss-debuginfo-3.19.2.2-32.1libfreebl3-debuginfo-3.19.2.2-32.1mozilla-nss-tools-3.19.2.2-32.1libsoftokn3-debuginfo-3.19.2.2-32.1

SuSE SLES 12x86_64libsoftokn3-hmac-32bit-3.19.2.2-32.1mozilla-nss-certs-debuginfo-3.19.2.2-32.1libfreebl3-3.19.2.2-32.1libfreebl3-hmac-32bit-3.19.2.2-32.1libfreebl3-debuginfo-32bit-3.19.2.2-32.1libsoftokn3-debuginfo-32bit-3.19.2.2-32.1mozilla-nss-3.19.2.2-32.1mozilla-nss-tools-debuginfo-3.19.2.2-32.1mozilla-nss-certs-debuginfo-32bit-3.19.2.2-32.1libsoftokn3-32bit-3.19.2.2-32.1mozilla-nss-sysinit-3.19.2.2-32.1libfreebl3-debuginfo-3.19.2.2-32.1mozilla-nss-certs-3.19.2.2-32.1mozilla-nss-debugsource-3.19.2.2-32.1mozilla-nss-sysinit-debuginfo-3.19.2.2-32.1libsoftokn3-3.19.2.2-32.1libfreebl3-hmac-3.19.2.2-32.1libsoftokn3-debuginfo-3.19.2.2-32.1mozilla-nss-debuginfo-32bit-3.19.2.2-32.1libfreebl3-32bit-3.19.2.2-32.1mozilla-nss-debuginfo-3.19.2.2-32.1mozilla-nss-sysinit-debuginfo-32bit-3.19.2.2-32.1mozilla-nss-tools-3.19.2.2-32.1mozilla-nss-32bit-3.19.2.2-32.1

libsoftokn3-hmac-3.19.2.2-32.1mozilla-nss-sysinit-32bit-3.19.2.2-32.1mozilla-nss-certs-32bit-3.19.2.2-32.1


Category: SSH Module -> NonIntrusive -> Cent OS Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-0777, CVE-2016-0778

DescriptionThe scan detected that the host is missing the following update:CESA-2016-0043


http://lists.centos.org/pipermail/centos-announce/2016-January/021614.html

CentOS 7x86_64openssh-server-sysvinit-6.6.1p1-23.el7_2openssh-ldap-6.6.1p1-23.el7_2pam_ssh_agent_auth-0.9.3-9.23.el7_2openssh-askpass-6.6.1p1-23.el7_2openssh-server-6.6.1p1-23.el7_2openssh-6.6.1p1-23.el7_2openssh-keycat-6.6.1p1-23.el7_2openssh-clients-6.6.1p1-23.el7_2

i686pam_ssh_agent_auth-0.9.3-9.23.el7_2


Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-0777, CVE-2016-0778




Amazon Linux AMIx86_64openssh-keycat-6.6.1p1-23.59.amzn1openssh-debuginfo-6.6.1p1-23.59.amzn1openssh-6.6.1p1-23.59.amzn1openssh-server-6.6.1p1-23.59.amzn1

openssh-ldap-6.6.1p1-23.59.amzn1pam_ssh_agent_auth-0.9.3-9.23.59.amzn1openssh-clients-6.6.1p1-23.59.amzn1

i686openssh-server-6.6.1p1-23.59.amzn1openssh-debuginfo-6.6.1p1-23.59.amzn1openssh-clients-6.6.1p1-23.59.amzn1openssh-ldap-6.6.1p1-23.59.amzn1pam_ssh_agent_auth-0.9.3-9.23.59.amzn1openssh-keycat-6.6.1p1-23.59.amzn1openssh-6.6.1p1-23.59.amzn1

174888 - Scientific Linux Security ERRATA Moderate: openssh on SL7.x x86_64 (1601-7514)

Category: SSH Module -> NonIntrusive -> Scientific Linux Patches and HotFixes Risk Level: Medium CVE: CVE-2016-0777, CVE-2016-0778

DescriptionThe scan detected that the host is missing the following update:Security ERRATA Moderate: openssh on SL7.x x86_64 (1601-7514)


https://listserv.fnal.gov/scripts/wa.exe?A2=ind1601&L=scientific-linux-errata&F=&S=&P=7514

SL7x86_64openssh-server-sysvinit-6.6.1p1-23.el7_2openssh-ldap-6.6.1p1-23.el7_2pam_ssh_agent_auth-0.9.3-9.23.el7_2openssh-debuginfo-6.6.1p1-23.el7_2openssh-askpass-6.6.1p1-23.el7_2openssh-server-6.6.1p1-23.el7_2openssh-6.6.1p1-23.el7_2openssh-keycat-6.6.1p1-23.el7_2openssh-clients-6.6.1p1-23.el7_2

178147 - Gentoo Linux GLSA-201601-01 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-2016-0777, CVE-2016-0778

DescriptionThe scan detected that the host is missing the following update:GLSA-201601-01


https://security.gentoo.org/glsa/201601-01

Affected packages: net-misc/openssh < 7.1_p2

181771 - FreeBSD ffmpeg Remote Attacker Can Access Local Files (046fedd1-bd01-11e5-bbf4-5404a68ad561)


DescriptionThe scan detected that the host is missing the following update:ffmpeg -- remote attacker can access local files (046fedd1-bd01-11e5-bbf4-5404a68ad561)


http://www.vuxml.org/freebsd/046fedd1-bd01-11e5-bbf4-5404a68ad561.html

Affected packages: 2.0,1 < ffmpeg < 2.8.5,1mplayer < 1.2.r20151219_2mencoder < 1.2.r20151219_2

181775 - FreeBSD openssh Information Disclosure (dfe0cdc1-baf2-11e5-863a-b499baebfeaf)


DescriptionThe scan detected that the host is missing the following update:openssh -- information disclosure (dfe0cdc1-baf2-11e5-863a-b499baebfeaf)


http://www.vuxml.org/freebsd/dfe0cdc1-baf2-11e5-863a-b499baebfeaf.html

Affected packages: 5.4.p0,1 < openssh-portable < 7.1.p2,1


Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-0777, CVE-2016-0778




Ubuntu 12.04

openssh-client_5.9p1-5ubuntu1.8

Ubuntu 15.04


Ubuntu 15.10


Ubuntu 14.04


190202 - Fedora Linux 23 FEDORA-2016-67c6ef0d4f Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-0777

DescriptionThe scan detected that the host is missing the following update:FEDORA-2016-67c6ef0d4f


http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html

Fedora Core 23

openssh-7.1p2-1.fc23

190214 - Fedora Linux 22 FEDORA-2016-c330264861 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-0777, CVE-2016-1907

DescriptionThe scan detected that the host is missing the following update:FEDORA-2016-c330264861



Fedora Core 22

openssh-6.9p1-10.fc22

19572 - Cisco Adaptive Security Appliance Non DCERPC Traffic Bypass Vulnerability

Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: Low CVE: CVE-2015-6423

DescriptionA security bypass vulnerability is present in some versions of Cisco ASA 5500 series devices.

ObservationCisco Adaptive Security Appliance is a word-class line of network security devices.

A security bypass vulnerability is present in some versions of Cisco ASA 5500 series devices. The flaw lies in the Distributed Computing Environment/Remote Procedure Calls Inspection feature (DCERPC). Successful exploitation could allow an attacker to bypass security access restrictions.

33326 - Oracle Solaris 152260-01 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Solaris Patches and Hotfixes Risk Level: Low CVE: CVE-2016-0535

DescriptionThe scan detected that the host is missing the following update:152260-01


https://getupdates.oracle.com/readme/152260-01

SunOS 5.10: libnsl patch

SOLARIS_10

SUNWcslr:11.10.0,REV=2005.01.21.15.53



DescriptionThe scan detected that the host is missing the following update:152261-01


https://getupdates.oracle.com/readme/152261-01

SunOS 5.10(x86): libnsl patch

SOLARIS_10_x86

SUNWcslr:11.10.0,REV=2005.01.21.16.34

88733 - Slackware Linux 13.0, 13.1, 13.37, 14.0, 14.1 SSA:2016-012-01 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Slackware Patches and Hotfixes Risk Level: Low CVE: CVE-2015-8605

DescriptionThe scan detected that the host is missing the following update:SSA:2016-012-01


http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.494213

Slackware 14.0x86_64dhcp-4.3.3_P1-x86_64-1






Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Low CVE: CVE-2015-8472, CVE-2015-8540


DSA-3443-1



Debian 8.0alllibpng12-0_1.2.50-2+deb8u2libpng12-dev_1.2.50-2+deb8u2libpng12-0-udeb_1.2.50-2+deb8u2libpng3_1.2.50-2+deb8u2

Debian 7.0alllibpng12-0_1.2.49-1+deb7u2libpng12-dev_1.2.49-1+deb7u2libpng3_1.2.49-1+deb7u2libpng12-0-udeb_1.2.49-1+deb7u2

130362 - Debian Linux 8.0 DSA-3448-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Low CVE: CVE-2013-4312, CVE-2015-7566, CVE-2015-8767, CVE-2016-0723, CVE-2016-0728




Debian 8.0allext4-modules-3.16.0-4-arm64-di_3.16.7-ckt20-1+deb8u3sata-modules-3.16.0-4-armmp-di_3.16.7-ckt20-1+deb8u3crypto-modules-3.16.0-4-loongson-2e-di_3.16.7-ckt20-1+deb8u3isofs-modules-3.16.0-4-versatile-di_3.16.7-ckt20-1+deb8u3kernel-image-3.16.0-4-versatile-di_3.16.7-ckt20-1+deb8u3jfs-modules-3.16.0-4-powerpc64-di_3.16.7-ckt20-1+deb8u3usb-serial-modules-3.16.0-4-versatile-di_3.16.7-ckt20-1+deb8u3crypto-dm-modules-3.16.0-4-versatile-di_3.16.7-ckt20-1+deb8u3event-modules-3.16.0-4-4kc-malta-di_3.16.7-ckt20-1+deb8u3sound-modules-3.16.0-4-octeon-di_3.16.7-ckt20-1+deb8u3uinput-modules-3.16.0-4-armmp-di_3.16.7-ckt20-1+deb8u3kernel-image-3.16.0-4-loongson-2f-di_3.16.7-ckt20-1+deb8u3ipv6-modules-3.16.0-4-orion5x-di_3.16.7-ckt20-1+deb8u3firewire-core-modules-3.16.0-4-amd64-di_3.16.7-ckt20-1+deb8u3crc-modules-3.16.0-4-powerpc-di_3.16.7-ckt20-1+deb8u3pata-modules-3.16.0-4-powerpc64-di_3.16.7-ckt20-1+deb8u3usb-storage-modules-3.16.0-4-powerpc64le-di_3.16.7-ckt20-1+deb8u3

pata-modules-3.16.0-4-amd64-di_3.16.7-ckt20-1+deb8u3kernel-image-3.16.0-4-octeon-di_3.16.7-ckt20-1+deb8u3efi-modules-3.16.0-4-arm64-di_3.16.7-ckt20-1+deb8u3linux-image-3.16.0-4-sb1-bcm91250a_3.16.7-ckt20-1+deb8u3nbd-modules-3.16.0-4-powerpc64-di_3.16.7-ckt20-1+deb8u3serial-modules-3.16.0-4-686-pae-di_3.16.7-ckt20-1+deb8u3squashfs-modules-3.16.0-4-686-pae-di_3.16.7-ckt20-1+deb8u3nic-shared-modules-3.16.0-4-r4k-ip22-di_3.16.7-ckt20-1+deb8u3usb-storage-modules-3.16.0-4-kirkwood-di_3.16.7-ckt20-1+deb8u3linux-compiler-gcc-4.8-s390_3.16.7-ckt20-1+deb8u3nbd-modules-3.16.0-4-686-pae-di_3.16.7-ckt20-1+deb8u3nic-shared-modules-3.16.0-4-versatile-di_3.16.7-ckt20-1+deb8u3isofs-modules-3.16.0-4-586-di_3.16.7-ckt20-1+deb8u3ata-modules-3.16.0-4-armmp-di_3.16.7-ckt20-1+deb8u3ext4-modules-3.16.0-4-amd64-di_3.16.7-ckt20-1+deb8u3usb-modules-3.16.0-4-4kc-malta-di_3.16.7-ckt20-1+deb8u3nic-shared-modules-3.16.0-4-r5k-ip32-di_3.16.7-ckt20-1+deb8u3cdrom-core-modules-3.16.0-4-loongson-2e-di_3.16.7-ckt20-1+deb8u3multipath-modules-3.16.0-4-loongson-2f-di_3.16.7-ckt20-1+deb8u3linux-headers-3.16.0-4-all_3.16.7-ckt20-1+deb8u3fat-modules-3.16.0-4-powerpc-di_3.16.7-ckt20-1+deb8u3cdrom-core-modules-3.16.0-4-arm64-di_3.16.7-ckt20-1+deb8u3sata-modules-3.16.0-4-kirkwood-di_3.16.7-ckt20-1+deb8u3crypto-dm-modules-3.16.0-4-powerpc64-di_3.16.7-ckt20-1+deb8u3core-modules-3.16.0-4-arm64-di_3.16.7-ckt20-1+deb8u3udf-modules-3.16.0-4-powerpc-di_3.16.7-ckt20-1+deb8u3ntfs-modules-3.16.0-4-loongson-2f-di_3.16.7-ckt20-1+deb8u3crypto-dm-modules-3.16.0-4-arm64-di_3.16.7-ckt20-1+deb8u3fat-modules-3.16.0-4-versatile-di_3.16.7-ckt20-1+deb8u3nic-modules-3.16.0-4-s390x-di_3.16.7-ckt20-1+deb8u3usb-storage-modules-3.16.0-4-orion5x-di_3.16.7-ckt20-1+deb8u3input-modules-3.16.0-4-sb1-bcm91250a-di_3.16.7-ckt20-1+deb8u3md-modules-3.16.0-4-kirkwood-di_3.16.7-ckt20-1+deb8u3uinput-modules-3.16.0-4-powerpc64-di_3.16.7-ckt20-1+deb8u3core-modules-3.16.0-4-kirkwood-di_3.16.7-ckt20-1+deb8u3rtc-modules-3.16.0-4-octeon-di_3.16.7-ckt20-1+deb8u3scsi-core-modules-3.16.0-4-sb1-bcm91250a-di_3.16.7-ckt20-1+deb8u3nic-usb-modules-3.16.0-4-586-di_3.16.7-ckt20-1+deb8u3btrfs-modules-3.16.0-4-powerpc64le-di_3.16.7-ckt20-1+deb8u3linux-doc-3.16_3.16.7-ckt20-1+deb8u3mouse-modules-3.16.0-4-powerpc-di_3.16.7-ckt20-1+deb8u3linux-headers-3.16.0-4-all-arm64_3.16.7-ckt20-1+deb8u3event-modules-3.16.0-4-octeon-di_3.16.7-ckt20-1+deb8u3linux-image-3.16.0-4-586_3.16.7-ckt20-1+deb8u3squashfs-modules-3.16.0-4-kirkwood-di_3.16.7-ckt20-1+deb8u3virtio-modules-3.16.0-4-octeon-di_3.16.7-ckt20-1+deb8u3core-modules-3.16.0-4-powerpc64le-di_3.16.7-ckt20-1+deb8u3udf-modules-3.16.0-4-586-di_3.16.7-ckt20-1+deb8u3crc-modules-3.16.0-4-r5k-ip32-di_3.16.7-ckt20-1+deb8u3usb-serial-modules-3.16.0-4-loongson-2e-di_3.16.7-ckt20-1+deb8u3scsi-core-modules-3.16.0-4-armmp-di_3.16.7-ckt20-1+deb8u3fuse-modules-3.16.0-4-kirkwood-di_3.16.7-ckt20-1+deb8u3cdrom-core-modules-3.16.0-4-loongson-2f-di_3.16.7-ckt20-1+deb8u3crypto-dm-modules-3.16.0-4-orion5x-di_3.16.7-ckt20-1+deb8u3usb-storage-modules-3.16.0-4-sb1-bcm91250a-di_3.16.7-ckt20-1+deb8u3loop-modules-3.16.0-4-powerpc64le-di_3.16.7-ckt20-1+deb8u3core-modules-3.16.0-4-versatile-di_3.16.7-ckt20-1+deb8u3acpi-modules-3.16.0-4-amd64-di_3.16.7-ckt20-1+deb8u3crc-modules-3.16.0-4-powerpc64le-di_3.16.7-ckt20-1+deb8u3event-modules-3.16.0-4-sb1-bcm91250a-di_3.16.7-ckt20-1+deb8u3

scsi-common-modules-3.16.0-4-4kc-malta-di_3.16.7-ckt20-1+deb8u3multipath-modules-3.16.0-4-versatile-di_3.16.7-ckt20-1+deb8u3usb-storage-modules-3.16.0-4-586-di_3.16.7-ckt20-1+deb8u3crc-modules-3.16.0-4-r4k-ip22-di_3.16.7-ckt20-1+deb8u3linux-headers-3.16.0-4-r4k-ip22_3.16.7-ckt20-1+deb8u3ata-modules-3.16.0-4-arm64-di_3.16.7-ckt20-1+deb8u3btrfs-modules-3.16.0-4-4kc-malta-di_3.16.7-ckt20-1+deb8u3xfs-modules-3.16.0-4-loongson-2f-di_3.16.7-ckt20-1+deb8u3sata-modules-3.16.0-4-686-pae-di_3.16.7-ckt20-1+deb8u3fat-modules-3.16.0-4-586-di_3.16.7-ckt20-1+deb8u3multipath-modules-3.16.0-4-octeon-di_3.16.7-ckt20-1+deb8u3udf-modules-3.16.0-4-686-pae-di_3.16.7-ckt20-1+deb8u3ata-modules-3.16.0-4-loongson-2f-di_3.16.7-ckt20-1+deb8u3squashfs-modules-3.16.0-4-r4k-ip22-di_3.16.7-ckt20-1+deb8u3scsi-core-modules-3.16.0-4-s390x-di_3.16.7-ckt20-1+deb8u3crypto-modules-3.16.0-4-loongson-2f-di_3.16.7-ckt20-1+deb8u3serial-modules-3.16.0-4-powerpc-di_3.16.7-ckt20-1+deb8u3nic-modules-3.16.0-4-octeon-di_3.16.7-ckt20-1+deb8u3usb-modules-3.16.0-4-686-pae-di_3.16.7-ckt20-1+deb8u3multipath-modules-3.16.0-4-armmp-di_3.16.7-ckt20-1+deb8u3linux-headers-3.16.0-4-all-i386_3.16.7-ckt20-1+deb8u3jfs-modules-3.16.0-4-loongson-2e-di_3.16.7-ckt20-1+deb8u3scsi-core-modules-3.16.0-4-kirkwood-di_3.16.7-ckt20-1+deb8u3hyperv-modules-3.16.0-4-amd64-di_3.16.7-ckt20-1+deb8u3nbd-modules-3.16.0-4-r4k-ip22-di_3.16.7-ckt20-1+deb8u3linux-image-3.16.0-4-686-pae_3.16.7-ckt20-1+deb8u3i2c-modules-3.16.0-4-sb1-bcm91250a-di_3.16.7-ckt20-1+deb8u3ppp-modules-3.16.0-4-4kc-malta-di_3.16.7-ckt20-1+deb8u3minix-modules-3.16.0-4-orion5x-di_3.16.7-ckt20-1+deb8u3crypto-dm-modules-3.16.0-4-586-di_3.16.7-ckt20-1+deb8u3hfs-modules-3.16.0-4-4kc-malta-di_3.16.7-ckt20-1+deb8u3dasd-extra-modules-3.16.0-4-s390x-di_3.16.7-ckt20-1+deb8u3pata-modules-3.16.0-4-686-pae-di_3.16.7-ckt20-1+deb8u3sata-modules-3.16.0-4-loongson-3-di_3.16.7-ckt20-1+deb8u3nic-modules-3.16.0-4-armmp-di_3.16.7-ckt20-1+deb8u3nic-wireless-modules-3.16.0-4-loongson-2e-di_3.16.7-ckt20-1+deb8u3jfs-modules-3.16.0-4-kirkwood-di_3.16.7-ckt20-1+deb8u3speakup-modules-3.16.0-4-loongson-2f-di_3.16.7-ckt20-1+deb8u3mmc-modules-3.16.0-4-armmp-di_3.16.7-ckt20-1+deb8u3cdrom-core-modules-3.16.0-4-versatile-di_3.16.7-ckt20-1+deb8u3hypervisor-modules-3.16.0-4-powerpc64-di_3.16.7-ckt20-1+deb8u3rtc-modules-3.16.0-4-sb1-bcm91250a-di_3.16.7-ckt20-1+deb8u3pcmcia-modules-3.16.0-4-powerpc64-di_3.16.7-ckt20-1+deb8u3mmc-modules-3.16.0-4-kirkwood-di_3.16.7-ckt20-1+deb8u3


Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Low CVE: CVE-2016-1564




Debian 8.0allwordpress_4.1+dfsg-1+deb8u7

Debian 7.0allwordpress_3.6.1+dfsg-1~deb7u9






Debian 8.0allbind9_1:9.9.5.dfsg-9+deb8u5

Debian 7.0allbind9_1:9.8.4.dfsg.P1-6+nmu2+deb7u9






Debian 8.0allisc-dhcp-relay-dbg_4.3.1-6+deb8u2isc-dhcp-client-dbg_4.3.1-6+deb8u2isc-dhcp-common_4.3.1-6+deb8u2

isc-dhcp-server-ldap_4.3.1-6+deb8u2isc-dhcp-server-dbg_4.3.1-6+deb8u2isc-dhcp-dev_4.3.1-6+deb8u2isc-dhcp-client-udeb_4.3.1-6+deb8u2isc-dhcp-relay_4.3.1-6+deb8u2isc-dhcp-client_4.3.1-6+deb8u2isc-dhcp-dbg_4.3.1-6+deb8u2isc-dhcp-server_4.3.1-6+deb8u2

Debian 7.0allisc-dhcp-server-ldap_4.2.2.dfsg.1-5+deb70u8isc-dhcp-client_4.2.2.dfsg.1-5+deb70u8isc-dhcp-relay-dbg_4.2.2.dfsg.1-5+deb70u8isc-dhcp-common_4.2.2.dfsg.1-5+deb70u8isc-dhcp-client-udeb_4.2.2.dfsg.1-5+deb70u8isc-dhcp-relay_4.2.2.dfsg.1-5+deb70u8isc-dhcp-dev_4.2.2.dfsg.1-5+deb70u8isc-dhcp-client-dbg_4.2.2.dfsg.1-5+deb70u8isc-dhcp-server_4.2.2.dfsg.1-5+deb70u8isc-dhcp-server-dbg_4.2.2.dfsg.1-5+deb70u8

















Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and Hotfixes Risk Level: Low CVE: CVE-2015-7551




Amazon Linux AMIi686ruby22-debuginfo-2.2.4-1.8.amzn1ruby20-debuginfo-2.0.0.648-1.29.amzn1ruby21-2.1.8-1.19.amzn1rubygem21-psych-2.0.5-1.19.amzn1ruby20-devel-2.0.0.648-1.29.amzn1rubygem21-bigdecimal-1.2.4-1.19.amzn1ruby19-1.9.3.551-32.70.amzn1ruby19-doc-1.9.3.551-32.70.amzn1rubygem20-io-console-0.4.2-1.29.amzn1ruby19-devel-1.9.3.551-32.70.amzn1rubygem19-io-console-0.3-32.70.amzn1rubygem22-io-console-0.4.3-1.8.amzn1rubygem20-psych-2.0.0-1.29.amzn1rubygem22-bigdecimal-1.2.6-1.8.amzn1rubygem21-io-console-0.4.3-1.19.amzn1ruby21-libs-2.1.8-1.19.amzn1ruby21-debuginfo-2.1.8-1.19.amzn1ruby20-libs-2.0.0.648-1.29.amzn1ruby19-libs-1.9.3.551-32.70.amzn1ruby22-libs-2.2.4-1.8.amzn1rubygem19-json-1.5.5-32.70.amzn1rubygem22-psych-2.0.8-1.8.amzn1ruby19-debuginfo-1.9.3.551-32.70.amzn1ruby21-devel-2.1.8-1.19.amzn1

ruby20-2.0.0.648-1.29.amzn1rubygem20-bigdecimal-1.2.0-1.29.amzn1ruby22-2.2.4-1.8.amzn1ruby22-devel-2.2.4-1.8.amzn1rubygem19-bigdecimal-1.1.0-32.70.amzn1

noarchrubygem19-rdoc-3.9.5-32.70.amzn1ruby22-irb-2.2.4-1.8.amzn1rubygems21-2.2.5-1.19.amzn1ruby21-doc-2.1.8-1.19.amzn1ruby20-irb-2.0.0.648-1.29.amzn1rubygems20-2.0.14.1-1.29.amzn1rubygem19-rake-0.9.2.2-32.70.amzn1rubygems20-devel-2.0.14.1-1.29.amzn1ruby19-irb-1.9.3.551-32.70.amzn1ruby20-doc-2.0.0.648-1.29.amzn1rubygems22-devel-2.4.5.1-1.8.amzn1rubygems21-devel-2.2.5-1.19.amzn1rubygems19-1.8.23.2-32.70.amzn1rubygems22-2.4.5.1-1.8.amzn1ruby21-irb-2.1.8-1.19.amzn1ruby22-doc-2.2.4-1.8.amzn1rubygems19-devel-1.8.23.2-32.70.amzn1rubygem19-minitest-2.5.1-32.70.amzn1

x86_64ruby22-debuginfo-2.2.4-1.8.amzn1ruby20-debuginfo-2.0.0.648-1.29.amzn1ruby21-2.1.8-1.19.amzn1rubygem21-psych-2.0.5-1.19.amzn1ruby20-devel-2.0.0.648-1.29.amzn1rubygem21-bigdecimal-1.2.4-1.19.amzn1ruby19-1.9.3.551-32.70.amzn1ruby19-doc-1.9.3.551-32.70.amzn1ruby22-devel-2.2.4-1.8.amzn1rubygem20-io-console-0.4.2-1.29.amzn1ruby19-devel-1.9.3.551-32.70.amzn1rubygem19-io-console-0.3-32.70.amzn1rubygem22-io-console-0.4.3-1.8.amzn1rubygem22-bigdecimal-1.2.6-1.8.amzn1rubygem21-io-console-0.4.3-1.19.amzn1ruby21-libs-2.1.8-1.19.amzn1ruby21-debuginfo-2.1.8-1.19.amzn1ruby20-libs-2.0.0.648-1.29.amzn1ruby19-libs-1.9.3.551-32.70.amzn1ruby22-libs-2.2.4-1.8.amzn1rubygem19-json-1.5.5-32.70.amzn1rubygem22-psych-2.0.8-1.8.amzn1ruby19-debuginfo-1.9.3.551-32.70.amzn1ruby21-devel-2.1.8-1.19.amzn1ruby20-2.0.0.648-1.29.amzn1rubygem20-psych-2.0.0-1.29.amzn1ruby22-2.2.4-1.8.amzn1rubygem20-bigdecimal-1.2.0-1.29.amzn1rubygem19-bigdecimal-1.1.0-32.70.amzn1

181772 - FreeBSD h2o Directory Traversal Vulnerability (6c808811-bb9a-11e5-a65c-485d605f4717)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes

Risk Level: Low CVE: CVE-2016-1133

DescriptionThe scan detected that the host is missing the following update:h2o -- directory traversal vulnerability (6c808811-bb9a-11e5-a65c-485d605f4717)


http://www.vuxml.org/freebsd/6c808811-bb9a-11e5-a65c-485d605f4717.html

Affected packages: h2o < 1.6.2

181773 - FreeBSD isc-dhcpd Denial Of Service (05eeb7e9-b987-11e5-83ef-14dae9d210b8)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Low CVE: CVE-2015-8605

DescriptionThe scan detected that the host is missing the following update:isc-dhcpd -- Denial of Service (05eeb7e9-b987-11e5-83ef-14dae9d210b8)


http://www.vuxml.org/freebsd/05eeb7e9-b987-11e5-83ef-14dae9d210b8.html

Affected packages: isc-dhcp41-server < 4.1.e_10,2isc-dhcp41-client < 4.1.e_3,2isc-dhcp41-relay < 4.1.e_6,2isc-dhcp43-client < 4.3.3.p1isc-dhcp43-server < 4.3.3.p1isc-dhcp43-relay < 4.3.3.p1

181776 - FreeBSD claws-mail No Bounds Checking On The Output Buffer In Conv_jistoeuc, Conv_euctojis, Conv_sjistoeuc (51358314-bec8-11e5-8


DescriptionThe scan detected that the host is missing the following update:claws-mail -- no bounds checking on the output buffer in conv_jistoeuc, conv_euctojis, conv_sjistoeuc (51358314-bec8-11e5-82cd-bcaec524bf84)

ObservationUpdates often remediate critical security problems that should be quickly addressed.

For more information see:

http://www.vuxml.org/freebsd/51358314-bec8-11e5-82cd-bcaec524bf84.html

Affected packages: claws-mail < 3.13.2

181777 - FreeBSD kibana4 XSS Vulnerability (a7a4e96c-ba50-11e5-9728-002590263bf5)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH

DescriptionThe scan detected that the host is missing the following update:kibana4 -- XSS vulnerability (a7a4e96c-ba50-11e5-9728-002590263bf5)


http://www.vuxml.org/freebsd/a7a4e96c-ba50-11e5-9728-002590263bf5.html

Affected packages: kibana4 < 4.1.4kibana41 < 4.1.4kibana42 < 4.2.2kibana43 < 4.3.1

181778 - FreeBSD go Information Disclosure Vulnerability (6809c6db-bdeb-11e5-b5fe-002590263bf5)


DescriptionThe scan detected that the host is missing the following update:go -- information disclosure vulnerability (6809c6db-bdeb-11e5-b5fe-002590263bf5)


http://www.vuxml.org/freebsd/6809c6db-bdeb-11e5-b5fe-002590263bf5.html

Affected packages: 1.5,1 <= go < 1.5.3,1

181779 - FreeBSD prosody Multiple Vulnerabilities (842cd117-ba54-11e5-9728-002590263bf5)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Low CVE: CVE-2016-1231, CVE-2016-1232

DescriptionThe scan detected that the host is missing the following update:prosody -- multiple vulnerabilities (842cd117-ba54-11e5-9728-002590263bf5)


http://www.vuxml.org/freebsd/842cd117-ba54-11e5-9728-002590263bf5.html

Affected packages: prosody < 0.9.9

185123 - Ubuntu Linux 12.04 USN-2870-2 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: Low CVE: CVE-2016-0728




Ubuntu 12.04

linux-image-3.13.0-76-generic_3.13.0-76.120~precise1linux-image-3.13.0-76-generic-lpae_3.13.0-76.120~precise1






Ubuntu 15.10

linux-image-4.2.0-1020-raspi2_4.2.0-1020.27






Ubuntu 14.04

linux-image-3.13.0-76-powerpc-e500mc_3.13.0-76.120linux-image-3.13.0-76-generic-lpae_3.13.0-76.120linux-image-3.13.0-76-generic_3.13.0-76.120linux-image-3.13.0-76-powerpc-smp_3.13.0-76.120linux-image-3.13.0-76-powerpc-e500_3.13.0-76.120linux-image-3.13.0-76-powerpc64-smp_3.13.0-76.120linux-image-3.13.0-76-powerpc64-emb_3.13.0-76.120linux-image-3.13.0-76-lowlatency_3.13.0-76.120






Ubuntu 15.10

linux-image-4.2.0-25-generic_4.2.0-25.30linux-image-4.2.0-25-lowlatency_4.2.0-25.30linux-image-4.2.0-25-powerpc-smp_4.2.0-25.30linux-image-4.2.0-25-generic-lpae_4.2.0-25.30linux-image-4.2.0-25-powerpc64-smp_4.2.0-25.30linux-image-4.2.0-25-powerpc-e500mc_4.2.0-25.30linux-image-4.2.0-25-powerpc64-emb_4.2.0-25.30


Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes





Ubuntu 14.04

linux-image-4.2.0-25-lowlatency_4.2.0-25.30~14.04.1linux-image-4.2.0-25-powerpc-e500mc_4.2.0-25.30~14.04.1linux-image-4.2.0-25-generic_4.2.0-25.30~14.04.1linux-image-4.2.0-25-powerpc-smp_4.2.0-25.30~14.04.1linux-image-4.2.0-25-powerpc64-smp_4.2.0-25.30~14.04.1linux-image-4.2.0-25-generic-lpae_4.2.0-25.30~14.04.1linux-image-4.2.0-25-powerpc64-emb_4.2.0-25.30~14.04.1






Ubuntu 14.04

linux-image-3.19.0-47-generic-lpae_3.19.0-47.53~14.04.1linux-image-3.19.0-47-powerpc64-smp_3.19.0-47.53~14.04.1linux-image-3.19.0-47-powerpc-e500mc_3.19.0-47.53~14.04.1linux-image-3.19.0-47-lowlatency_3.19.0-47.53~14.04.1linux-image-3.19.0-47-powerpc-smp_3.19.0-47.53~14.04.1linux-image-3.19.0-47-powerpc64-emb_3.19.0-47.53~14.04.1linux-image-3.19.0-47-generic_3.19.0-47.53~14.04.1






Ubuntu 15.04

linux-image-3.19.0-47-generic_3.19.0-47.53linux-image-3.19.0-47-generic-lpae_3.19.0-47.53linux-image-3.19.0-47-lowlatency_3.19.0-47.53linux-image-3.19.0-47-powerpc64-emb_3.19.0-47.53linux-image-3.19.0-47-powerpc64-smp_3.19.0-47.53linux-image-3.19.0-47-powerpc-e500mc_3.19.0-47.53linux-image-3.19.0-47-powerpc-smp_3.19.0-47.53






Ubuntu 14.04

linux-image-3.16.0-59-lowlatency_3.16.0-59.79~14.04.1linux-image-3.16.0-59-powerpc-smp_3.16.0-59.79~14.04.1linux-image-3.16.0-59-generic-lpae_3.16.0-59.79~14.04.1linux-image-3.16.0-59-powerpc64-emb_3.16.0-59.79~14.04.1linux-image-3.16.0-59-powerpc-e500mc_3.16.0-59.79~14.04.1linux-image-3.16.0-59-generic_3.16.0-59.79~14.04.1linux-image-3.16.0-59-powerpc64-smp_3.16.0-59.79~14.04.1






Ubuntu 12.04

isc-dhcp-client_4.1.ESV-R4-0ubuntu5.10isc-dhcp-server_4.1.ESV-R4-0ubuntu5.10isc-dhcp-server-ldap_4.1.ESV-R4-0ubuntu5.10isc-dhcp-relay_4.1.ESV-R4-0ubuntu5.10

Ubuntu 15.04

isc-dhcp-server_4.3.1-5ubuntu2.3isc-dhcp-server-ldap_4.3.1-5ubuntu2.3isc-dhcp-relay_4.3.1-5ubuntu2.3isc-dhcp-client_4.3.1-5ubuntu2.3

Ubuntu 15.10

isc-dhcp-client_4.3.1-5ubuntu3.1isc-dhcp-relay_4.3.1-5ubuntu3.1isc-dhcp-server_4.3.1-5ubuntu3.1isc-dhcp-server-ldap_4.3.1-5ubuntu3.1

Ubuntu 14.04

isc-dhcp-server-ldap_4.2.4-7ubuntu12.4isc-dhcp-server_4.2.4-7ubuntu12.4isc-dhcp-client_4.2.4-7ubuntu12.4isc-dhcp-relay_4.2.4-7ubuntu12.4






Ubuntu 12.04

bind9_9.8.1.dfsg.P1-4ubuntu0.15

Ubuntu 15.04

bind9_9.9.5.dfsg-9ubuntu0.5

Ubuntu 15.10


Ubuntu 14.04


190193 - Fedora Linux 22 FEDORA-2016-8f950932c1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH

DescriptionThe scan detected that the host is missing the following update:FEDORA-2016-8f950932c1



Fedora Core 22

libxmp-4.3.10-1.fc22

190194 - Fedora Linux 22 FEDORA-2016-5207e0c1a1 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2016-5207e0c1a1



Fedora Core 22

php-5.6.17-1.fc22

190195 - Fedora Linux 23 FEDORA-2016-3509d27585 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2016-3509d27585



Fedora Core 23

nodejs-ws-1.0.1-1.fc23

190196 - Fedora Linux 23 FEDORA-2016-f048c43393 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2015-8747, CVE-2015-8748

DescriptionThe scan detected that the host is missing the following update:FEDORA-2016-f048c43393



Fedora Core 23

radicale-1.1.1-1.fc23

190197 - Fedora Linux 23 FEDORA-2016-c82e5c322c Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2015-8688

DescriptionThe scan detected that the host is missing the following update:FEDORA-2016-c82e5c322c



Fedora Core 23

gajim-0.16.5-1.fc23

190198 - Fedora Linux 23 FEDORA-2016-558167a417 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2016-558167a417



Fedora Core 23

php-5.6.17-1.fc23

190199 - Fedora Linux 23 FEDORA-2016-902a2b18d8 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2016-902a2b18d8



Fedora Core 23

shotwell-0.23.0-0.1.20160105gitf2fb1f7.fc23

190200 - Fedora Linux 23 FEDORA-2016-0c5bb21bf1 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2016-0c5bb21bf1



Fedora Core 23

dhcp-4.3.3-8.P1.fc23

190201 - Fedora Linux 23 FEDORA-2015-12739 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2015-12739



Fedora Core 23

python-kdcproxy-0.3.2-1.fc23

190203 - Fedora Linux 23 FEDORA-2016-21f5261525 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2016-21f5261525



Fedora Core 23

wordpress-4.4.1-1.fc23

190204 - Fedora Linux 22 FEDORA-2016-191ff70357 Update Is Not Installed



FEDORA-2016-191ff70357



Fedora Core 22

shotwell-0.23.0-0.1.20160105gitf2fb1f7.fc22

190205 - Fedora Linux 22 FEDORA-2016-4c8956da04 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2016-4c8956da04



Fedora Core 22

wordpress-4.4.1-1.fc22

190206 - Fedora Linux 23 FEDORA-2015-66439aa9e2 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2015-66439aa9e2



Fedora Core 23

openstack-glance-2015.1.2-1.fc23

190207 - Fedora Linux 22 FEDORA-2016-cbb76d0e3a Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes


DescriptionThe scan detected that the host is missing the following update:FEDORA-2016-cbb76d0e3a



Fedora Core 22

pitivi-0.94-5.fc22

190208 - Fedora Linux 22 FEDORA-2016-2ac04ea72f Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2016-2ac04ea72f



Fedora Core 22

wireshark-1.12.9-1.fc22

190209 - Fedora Linux 22 FEDORA-2016-a6f02951a2 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2016-a6f02951a2



Fedora Core 22

nodejs-ws-1.0.1-1.fc22

190210 - Fedora Linux 22 FEDORA-2016-11cca392ff Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2016-11cca392ff



Fedora Core 22

mbedtls-1.3.16-1.fc22

190211 - Fedora Linux 22 FEDORA-2016-cf9e2429b5 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2016-cf9e2429b5



Fedora Core 22

radicale-1.1.1-1.fc22

190212 - Fedora Linux 23 FEDORA-2016-b3784096ef Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2016-b3784096ef

Observation

Updates often remediate critical security problems that should be quickly addressed.For more information see:


Fedora Core 23

mbedtls-2.2.1-1.fc23

190213 - Fedora Linux 22 FEDORA-2016-51195e6b92 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2016-51195e6b92



Fedora Core 22

openvpn-2.3.10-1.fc22

190215 - Fedora Linux 23 FEDORA-2016-69e506e02d Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2016-69e506e02d



Fedora Core 23

perl-PathTools-3.60-2.fc23

190216 - Fedora Linux 23 FEDORA-2016-64c69ec297 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2016-64c69ec297



Fedora Core 23

libxmp-4.3.10-1.fc23

190217 - Fedora Linux 22 FEDORA-2016-838200213e Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2016-838200213e



Fedora Core 22

gajim-0.16.5-1.fc22

190218 - Fedora Linux 23 FEDORA-2016-105b3b8804 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2016-105b3b8804



Fedora Core 23

salt-2015.5.8-1.fc23

190219 - Fedora Linux 22 FEDORA-2016-890e612f52 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2015-7549, CVE-2015-8558, CVE-2015-8666, CVE-2015-8744, CVE-2015-8745

DescriptionThe scan detected that the host is missing the following update:FEDORA-2016-890e612f52



Fedora Core 22

qemu-2.3.1-10.fc22

190220 - Fedora Linux 23 FEDORA-2016-5a073cbd93 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2016-5a073cbd93



Fedora Core 23

golang-1.5.3-1.fc23












Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and Hotfixes Risk Level: Low CVE: CVE-2015-1345




Amazon Linux AMIx86_64grep-debuginfo-2.20-1.16.amzn1grep-2.20-1.16.amzn1

i686grep-debuginfo-2.20-1.16.amzn1grep-2.20-1.16.amzn1




Observation

Updates often remediate critical security problems that should be quickly addressed.For more information see:







19492 - (SOL90230486) F5 BIG-IP Linux Kernel Vulnerability

Category: SSH Module -> NonIntrusive -> F5 Risk Level: Informational CVE: CVE-2015-7613



A vulnerability is present in some versions of F5 BIG-IP products. The flaw lies in the Linux kernel. Successful exploitation could allow an attacker to escalate privileges. The attacker needs local shell access in order to trigger this vulnerability.

ENHANCED CHECKS

The following checks have been updated. Enhancements may include optimizations, changes that reflect new information on a vulnerability and anything else that improves upon an existing FSL check.

190177 - Fedora Linux 22 FEDORA-2016-8e13ac5754 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2015-8659

Update DetailsRisk is updated

190190 - Fedora Linux 23 FEDORA-2016-54f85ec6e8 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes

Risk Level: High CVE: CVE-2015-8659


18102 - Cisco IOS Software Common Industrial Protocol Multiple Vulnerabilities

Category: SSH Module -> NonIntrusive -> Cisco IOS Patches and Hotfixes Risk Level: High CVE: CVE-2015-0647, CVE-2015-0648, CVE-2015-0649

Update DetailsRecommendation is updated

18524 - (SOL16715) F5 BIG-IP Multiple libTIFF Vulnerabilities

Category: SSH Module -> NonIntrusive -> F5 Risk Level: High CVE: CVE-2013-1960, CVE-2013-1961, CVE-2013-4231, CVE-2013-4232, CVE-2013-4243, CVE-2013-4244

Update DetailsFASLScript is updated

19180 - (HT205375) Apple OS X Multiple Vulnerabilities

Category: SSH Module -> NonIntrusive -> Mac OS X Patches and Hotfixes Risk Level: High CVE: CVE-2012-6151, CVE-2014-3565, CVE-2015-0235, CVE-2015-0273, CVE-2015-5924, CVE-2015-5925, CVE-2015-5926, CVE-2015-5927, CVE-2015-5932, CVE-2015-5933, CVE-2015-5934, CVE-2015-5935, CVE-2015-5936, CVE-2015-5937, CVE-2015-5938, CVE-2015-5939, CVE-2015-5940, CVE-2015-5942, CVE-2015-5943, CVE-2015-5944, CVE-2015-5945, CVE-2015-6563, CVE-2015-6834, CVE-2015-6835, CVE-2015-6836, CVE-2015-6837, CVE-2015-6838, CVE-2015-6974, CVE-2015-6975, CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6980, CVE-2015-6983, CVE-2015-6984, CVE-2015-6985, CVE-2015-6987, CVE-2015-6988, CVE-2015-6989, CVE-2015-6990, CVE-2015-6991, CVE-2015-6992, CVE-2015-6993, CVE-2015-6994, CVE-2015-6995, CVE-2015-6996, CVE-2015-7003, CVE-2015-7006, CVE-2015-7007, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, CVE-2015-7015, CVE-2015-7016, CVE-2015-7017, CVE-2015-7018, CVE-2015-7019, CVE-2015-7020, CVE-2015-7021, CVE-2015-7023, CVE-2015-7024, CVE-2015-7035

Update DetailsCVE is updated

19506 - (MS16-002) Microsoft Edge Scripting Engine Memory Corruption Remote Code Execution (3124904)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2016-0024

Update DetailsRecommendation is updated


Category: SSH Module -> NonIntrusive -> Solaris Patches and Hotfixes Risk Level: High CVE: CVE-2008-2086, CVE-2009-3910

Update DetailsName is updated Description is updated Observation is updated Recommendation is updated FASLScript is updated










19163 - (SOL17378) F5 BIG-IP SNMP Vulnerability

Category: SSH Module -> NonIntrusive -> F5 Risk Level: High CVE: CVE-2015-5621

Update DetailsDocumentation is updated


Category: SSH Module -> NonIntrusive -> Cent OS Patches and Hotfixes Risk Level: High CVE: CVE-2015-1779

Update Details

Risk is updated


Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2015-1779


93615 - Mandriva Linux MBS1, MBS2 MDVSA-2015-210 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Mandriva Patches and Hotfixes Risk Level: High CVE: CVE-2015-1779



Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2015-1779


174773 - Scientific Linux Security ERRATA Moderate: qemu-kvm on SL7.x x86_64 (1510-6479)

Category: SSH Module -> NonIntrusive -> Scientific Linux Patches and HotFixes Risk Level: High CVE: CVE-2015-1779


189157 - Fedora Linux 22 FEDORA-2015-5541 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2015-1779


19487 - Joomla! SQL Injection Vulnerability (20151207)

Category: General Vulnerability Assessment -> NonIntrusive -> Web Server Risk Level: Medium

CVE: CVE-2015-8769

Update DetailsCVE is updated

18726 - (SOL16907) F5 BIG-IP Apache HTTPD Vulnerability



19012 - (SOL16728) F5 BIG-IP iCall Privilege Escalation Vulnerability







Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2015-7575















Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2015-7575







Update Details

Risk is updated







160023 - CentOS 6, 7 CESA-2016-0007 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Cent OS Patches and Hotfixes Risk Level: Medium CVE: CVE-2015-7575








174878 - Scientific Linux Security ERRATA Moderate: openssl on SL6.x, SL7.x i386/x86_64 (1601-1160)

Category: SSH Module -> NonIntrusive -> Scientific Linux Patches and HotFixes Risk Level: Medium

CVE: CVE-2015-7575


174879 - Scientific Linux Security ERRATA Moderate: gnutls on SL6.x, SL7.x i386/x86_64 (1601-2989)

Category: SSH Module -> NonIntrusive -> Scientific Linux Patches and HotFixes Risk Level: Medium CVE: CVE-2015-7575


174881 - Scientific Linux Security ERRATA Moderate: nss on SL6.x, SL7.x i386/x86_64 (1601-832)

Category: SSH Module -> NonIntrusive -> Scientific Linux Patches and HotFixes Risk Level: Medium CVE: CVE-2015-7575


181736 - FreeBSD NSS MD5 Downgrade In TLS 1.2 Signatures (10f7bc76-0335-4a88-b391-0b05b3a8ce1c)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Medium CVE: CVE-2015-7575


185115 - Ubuntu Linux 12.04, 14.04, 15.04 USN-2865-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: Medium CVE: CVE-2015-7575












Category: SSH Module -> NonIntrusive -> Solaris Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH










Update Details

Name is updated Description is updated Observation is updated Recommendation is updated FASLScript is updated







181570 - FreeBSD OpenSSH PAM Vulnerabilities (2920c449-4850-11e5-825f-c80aa9043978)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH


19160 - (SOL17462) F5 BIG-IP Linux Kernel Vulnerability

Category: SSH Module -> NonIntrusive -> F5 Risk Level: Low CVE: CVE-2015-2830

Update DetailsDocumentation is updated

HOW TO UPDATE

FS1000 APPLIANCE customers should follow the instructions for Enterprise/Professional customers, below. In addition, we strongly urge all appliance customers to authorize and install any Windows Update critical patches. The appliance will auto-download any critical updates but will wait for your explicit authorization before installing.

FOUNDSTONE ENTERPRISE and PROFESSIONAL customers may obtain these new scripts using the FSUpdate Utility by selecting "FoundScan Update" on the help menu. Make sure that you have a valid FSUpdate username and password. The new vulnerability scripts will be automatically included in your scans if you have selected that option by right-clicking the selected vulnerability category and checking the "Run New Checks" checkbox.

MANAGED SERVICE CUSTOMERS already have the newest update applied to their environment. The new vulnerability scripts will be automatically included when your scans are next scheduled, provided the Run New Scripts option has been turned on.

MCAFEE TECHNICAL SUPPORT

ServicePortal: https://mysupport.mcafee.comMulti-National Phone Support available here:

http://www.mcafee.com/us/about/contact/index.htmlNon-US customers - Select your country from the list of Worldwide Offices.

This email may contain confidential and privileged material for the sole use of the intended recipient. Any review or distribution by others is strictly prohibited. If you are not the intended recipient please contact the sender and delete all copies.

Copyright 2016 McAfee, Inc.McAfee is a registered trademark of McAfee, Inc. and/or its affiliates

https://mysupport.mcafee.com/

http://www.mcafee.com/us/about/contact/index.html

McAfee Foundstone FSL Update · 2016-JAN-20 FSL version 7.5.787 MCAFEE FOUNDSTONE FSL UPDATE To...

Documents

Transcript of McAfee Foundstone FSL Update · 2016-JAN-20 FSL version 7.5.787 MCAFEE FOUNDSTONE FSL UPDATE To...