Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title file security, bug fix, and enhancement update
Informations
Name RHSA-2016:0760 First vendor Publication 2016-05-10
Vendor RedHat Last vendor Modification 2016-05-10
Severity (Vendor) N/A Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

An update for file is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format (ELF) binary files, system libraries, RPM packages, and different graphics formats.

Security Fix(es):

* Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538)

* A denial of service flaw was found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash file via a specially crafted CDF file. (CVE-2014-3587)

* Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9620, CVE-2014-9653)

Red Hat would like to thank Thomas Jarosch (Intra2net AG) for reporting CVE-2014-8116 and CVE-2014-8117. The CVE-2014-3538 issue was discovered by Jan Kaluža (Red Hat Web Stack Team) and the CVE-2014-3710 issue was discovered by Francisco Alonso (Red Hat Product Security).

For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.8 Release Notes and Red Hat Enterprise Linux 6.8 Technical Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

809898 - RFE: add detection of Python bytecode for recent versions of Python 1080453 - file: incorrectly applied magic/Magdir patch [rhel-6] 1098222 - CVE-2014-3538 file: unrestricted regular expression matching 1128587 - CVE-2014-3587 file: incomplete fix for CVE-2012-1571 in cdf_read_property_info 1154802 - file reports "data" instead of zip file when the first file zipped is a file named "mime" 1155071 - CVE-2014-3710 file: out-of-bounds read in elf note headers 1169509 - file: report full java version for 1.7 and 1.8 class files 1171580 - CVE-2014-8116 file: multiple denial of service issues (resource consumption) 1174606 - CVE-2014-8117 file: denial of service issue (resource consumption) 1180639 - CVE-2014-9620 file: limit the number of ELF notes processed 1190116 - CVE-2014-9653 file: malformed elf file causes access to uninitialized memory 1243650 - If we execute the file command against /var/log/messages then we see "/var/log/messages: ASCII Pascal program text" ?

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2016-0760.html

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-399 Resource Management Errors
25 % CWE-20 Improper Input Validation
12 % CWE-189 Numeric Errors (CWE/SANS Top 25)
12 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:15392
 
Oval ID: oval:org.mitre.oval:def:15392
Title: DSA-2422-1 file -- missing bounds checks
Description: The file type identification tool, file, and its associated library, libmagic, do not properly process malformed files in the Composite Document File format, leading to crashes. Note that after this update, file may return different detection results for CDF files. The new detections are believed to be more accurate.
Family: unix Class: patch
Reference(s): DSA-2422-1
CVE-2012-1571
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): file
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25274
 
Oval ID: oval:org.mitre.oval:def:25274
Title: USN-2278-1 -- file vulnerabilities
Description: File could be made to crash or hang if it processed specially crafted data.
Family: unix Class: patch
Reference(s): USN-2278-1
CVE-2013-7345
CVE-2014-0207
CVE-2014-3478
CVE-2014-3479
CVE-2014-3480
CVE-2014-3487
CVE-2014-3538
Version: 3
Platform(s): Ubuntu 14.04
Ubuntu 13.10
Ubuntu 12.04
Ubuntu 10.04
Product(s): file
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26455
 
Oval ID: oval:org.mitre.oval:def:26455
Title: DSA-3021-1 file - security update
Description: Multiple security issues have been found in file, a tool to determine a file type. These vulnerabilities allow remote attackers to cause a denial of service, via resource consumption or application crash.
Family: unix Class: patch
Reference(s): DSA-3021-1
CVE-2014-0207
CVE-2014-0237
CVE-2014-0238
CVE-2014-3478
CVE-2014-3479
CVE-2014-3480
CVE-2014-3487
CVE-2014-3538
CVE-2014-3587
Version: 3
Platform(s): Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
Product(s): file
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26893
 
Oval ID: oval:org.mitre.oval:def:26893
Title: ELSA-2014-1767 -- php security update (important)
Description: [5.4.16-23.3] - fileinfo: fix out-of-bounds read in elf note headers. CVE-2014-3710 [5.4.16-23.2] - xmlrpc: fix out-of-bounds read flaw in mkgmtime() CVE-2014-3668 - core: fix integer overflow in unserialize() CVE-2014-3669 - exif: fix heap corruption issue in exif_thumbnail() CVE-2014-3670
Family: unix Class: patch
Reference(s): ELSA-2014-1767
CVE-2014-3668
CVE-2014-3669
CVE-2014-3670
CVE-2014-3710
Version: 3
Platform(s): Oracle Linux 6
Oracle Linux 7
Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26957
 
Oval ID: oval:org.mitre.oval:def:26957
Title: ELSA-2014-1768 -- php53 security update (important)
Description: [5.3.3-26] - fileinfo: fix out-of-bounds read in elf note headers. CVE-2014-3710 [5.3.3-25] - xmlrpc: fix out-of-bounds read flaw in mkgmtime() CVE-2014-3668 - core: fix integer overflow in unserialize() CVE-2014-3669 - exif: fix heap corruption issue in exif_thumbnail() CVE-2014-3670
Family: unix Class: patch
Reference(s): ELSA-2014-1768
CVE-2014-3668
CVE-2014-3669
CVE-2014-3670
CVE-2014-3710
Version: 3
Platform(s): Oracle Linux 5
Product(s): php53
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27096
 
Oval ID: oval:org.mitre.oval:def:27096
Title: USN-2369-1 -- file vulnerability
Description: file could be made to crash or run programs as your login if it opened a specially crafted file.
Family: unix Class: patch
Reference(s): USN-2369-1
CVE-2014-3587
Version: 3
Platform(s): Ubuntu 14.04
Ubuntu 12.04
Ubuntu 10.04
Product(s): file
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27852
 
Oval ID: oval:org.mitre.oval:def:27852
Title: DSA-3072-1 -- file security update
Description: Francisco Alonso of Red Hat Product Security found an issue in the file utility: when checking ELF files, note headers are incorrectly checked, thus potentially allowing attackers to cause a denial of service (out-of-bounds read and application crash) by supplying a specially crafted ELF file.
Family: unix Class: patch
Reference(s): DSA-3072-1
CVE-2014-3710
Version: 3
Platform(s): Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
Product(s): file
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27986
 
Oval ID: oval:org.mitre.oval:def:27986
Title: DSA-3021-2 -- file regression update
Description: Multiple security issues have been found in file, a tool to determine a file type. These vulnerabilities allow remote attackers to cause a denial of service, via resource consumption or application crash.
Family: unix Class: patch
Reference(s): DSA-3021-2
CVE-2014-0207
CVE-2014-0237
CVE-2014-0238
CVE-2014-3478
CVE-2014-3479
CVE-2014-3480
CVE-2014-3487
CVE-2014-3538
CVE-2014-3587
Version: 3
Platform(s): Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
Product(s): file
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27996
 
Oval ID: oval:org.mitre.oval:def:27996
Title: DSA-3074-2 -- php5 regression update
Description: Francisco Alonso of Red Hat Product Security found an issue in the file utility, whose code is embedded in PHP, a general-purpose scripting language. When checking ELF files, note headers are incorrectly checked, thus potentially allowing attackers to cause a denial of service (out-of-bounds read and application crash) by supplying a specially crafted ELF file.
Family: unix Class: patch
Reference(s): DSA-3074-2
CVE-2014-3710
Version: 3
Platform(s): Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28030
 
Oval ID: oval:org.mitre.oval:def:28030
Title: RHSA-2014:1767 -- php security update (Important)
Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. (CVE-2014-3710) An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668) The CVE-2014-3710 issue was discovered by Francisco Alonso of Red Hat Product Security. All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:1767
CESA-2014:1767-CentOS 6
CESA-2014:1767-CentOS 7
CVE-2014-3668
CVE-2014-3669
CVE-2014-3670
CVE-2014-3710
Version: 3
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
CentOS Linux 6
CentOS Linux 7
Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28073
 
Oval ID: oval:org.mitre.oval:def:28073
Title: USN-2391-1 -- php5 vulnerabilities
Description: Symeon Paraschoudis discovered that PHP incorrectly handled the mkgmtime function. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3668">CVE-2014-3668</a>) Symeon Paraschoudis discovered that PHP incorrectly handled unserializing objects. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3669">CVE-2014-3669</a>) Otto Ebeling discovered that PHP incorrectly handled the exif_thumbnail function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3670">CVE-2014-3670</a>) Francisco Alonso that PHP incorrectly handled ELF files in the fileinfo extension. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3710">CVE-2014-3710</a>) It was discovered that PHP incorrectly handled NULL bytes when processing certain URLs with the curl functions. A remote attacker could possibly use this issue to bypass filename restrictions and obtain access to sensitive files. (No CVE number)
Family: unix Class: patch
Reference(s): USN-2391-1
CVE-2014-3668
CVE-2014-3669
CVE-2014-3670
CVE-2014-3710
Version: 5
Platform(s): Ubuntu 14.10
Ubuntu 14.04
Ubuntu 12.04
Ubuntu 10.04
Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28300
 
Oval ID: oval:org.mitre.oval:def:28300
Title: DEPRECATED: DSA-3074-1 -- php5 security update
Description: Francisco Alonso of Red Hat Product Security found an issue in the file utility, whose code is embedded in PHP, a general-purpose scripting language. When checking ELF files, note headers are incorrectly checked, thus potentially allowing attackers to cause a denial of service (out-of-bounds read and application crash) by supplying a specially crafted ELF file.
Family: unix Class: patch
Reference(s): DSA-3074-1
CVE-2014-3710
Version: 4
Platform(s): Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28326
 
Oval ID: oval:org.mitre.oval:def:28326
Title: RHSA-2014:1768 -- php53 security update (Important)
Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. (CVE-2014-3710) An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668) The CVE-2014-3710 issue was discovered by Francisco Alonso of Red Hat Product Security. All php53 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:1768
CESA-2014:1768
CVE-2014-3668
CVE-2014-3669
CVE-2014-3670
CVE-2014-3710
Version: 3
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): php53
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28466
 
Oval ID: oval:org.mitre.oval:def:28466
Title: SUSE-SU-2014:1555-1 -- Security update for file (moderate)
Description: file was updated to fix one security issue. This security issue was fixed: - Out-of-bounds read in elf note headers (CVE-2014-3710). This non-security issues was fixed: - Correctly identify GDBM files created by libgdbm4 (bnc#888308).
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1555-1
CVE-2014-3710
Version: 3
Platform(s): SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Desktop 12
Product(s): file
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28468
 
Oval ID: oval:org.mitre.oval:def:28468
Title: SUSE-SU-2014:1473-1 -- Security update for file (moderate)
Description: file was updated to fix one security issue. * An out-of-bounds read flaw file's donote() function. This could possibly lead to file executable crash (CVE-2014-3710). Security Issues: * CVE-2014-3710 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710>
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1473-1
CVE-2014-3710
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): file
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29238
 
Oval ID: oval:org.mitre.oval:def:29238
Title: DSA-2422-2 -- file -- missing bounds checks
Description: The file type identification tool, file, and its associated library, libmagic, do not properly process malformed files in the Composite Document File (CDF) format, leading to crashes.
Family: unix Class: patch
Reference(s): DSA-2422-2
CVE-2012-1571
Version: 3
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): file
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 53
Application 14
Application 552
Application 1
Os 4
Os 1
Os 1
Os 1

OpenVAS Exploits

Date Description
2012-09-26 Name : Gentoo Security Advisory GLSA 201209-14 (file)
File : nvt/glsa_201209_14.nasl
2012-08-03 Name : Mandriva Update for file MDVSA-2012:035 (file)
File : nvt/gb_mandriva_MDVSA_2012_035.nasl
2012-05-31 Name : Debian Security Advisory DSA 2422-2 (file)
File : nvt/deb_2422_2.nasl
2012-03-12 Name : Debian Security Advisory DSA 2422-1 (file)
File : nvt/deb_2422_1.nasl

Snort® IPS/IDS

Date Description
2016-03-14 PHP fileinfo cdf_read_property_info denial of service attempt
RuleID : 36262 - Revision : 3 - Type : SERVER-WEBAPP
2016-03-14 PHP fileinfo cdf_read_property_info denial of service attempt
RuleID : 36261 - Revision : 3 - Type : SERVER-WEBAPP

Nessus® Vulnerability Scanner

Date Description
2017-11-27 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-3048-1.nasl - Type : ACT_GATHER_INFO
2017-11-27 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2017-1298.nasl - Type : ACT_GATHER_INFO
2017-02-28 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL16347.nasl - Type : ACT_GATHER_INFO
2017-01-18 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201701-42.nasl - Type : ACT_GATHER_INFO
2016-10-05 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-1156.nasl - Type : ACT_GATHER_INFO
2016-09-19 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-2328-1.nasl - Type : ACT_GATHER_INFO
2016-09-08 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-2210-1.nasl - Type : ACT_GATHER_INFO
2016-08-12 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_70140f20600711e6a6c314dae9d210b8.nasl - Type : ACT_GATHER_INFO
2016-06-09 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20160510_file_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2016-05-17 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2016-0760.nasl - Type : ACT_GATHER_INFO
2016-05-16 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2016-0050.nasl - Type : ACT_GATHER_INFO
2016-05-16 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2016-0760.nasl - Type : ACT_GATHER_INFO
2016-05-12 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-0760.nasl - Type : ACT_GATHER_INFO
2016-01-22 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL16875.nasl - Type : ACT_GATHER_INFO
2015-12-22 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20151119_file_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2015-12-02 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-2155.nasl - Type : ACT_GATHER_INFO
2015-11-24 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-2155.nasl - Type : ACT_GATHER_INFO
2015-11-20 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-2155.nasl - Type : ACT_GATHER_INFO
2015-07-22 Name : The remote web server is affected by multiple vulnerabilities.
File : hpsmh_7_5.nasl - Type : ACT_GATHER_INFO
2015-05-27 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-1555-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-1730-1.nasl - Type : ACT_GATHER_INFO
2015-04-20 Name : The remote Debian host is missing a security update.
File : debian_DLA-204.nasl - Type : ACT_GATHER_INFO
2015-04-10 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_SecUpd2015-004.nasl - Type : ACT_GATHER_INFO
2015-04-10 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_10_10_3.nasl - Type : ACT_GATHER_INFO
2015-03-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-080.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-94.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-86.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-67.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-50.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-145.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-131.nasl - Type : ACT_GATHER_INFO
2015-03-25 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-497.nasl - Type : ACT_GATHER_INFO
2015-03-24 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201503-08.nasl - Type : ACT_GATHER_INFO
2015-03-19 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2535-1.nasl - Type : ACT_GATHER_INFO
2015-03-19 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3196.nasl - Type : ACT_GATHER_INFO
2015-03-09 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201503-03.nasl - Type : ACT_GATHER_INFO
2015-02-18 Name : The remote Fedora host is missing a security update.
File : fedora_2015-2020.nasl - Type : ACT_GATHER_INFO
2015-02-05 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2494-1.nasl - Type : ACT_GATHER_INFO
2015-01-09 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-010.nasl - Type : ACT_GATHER_INFO
2015-01-09 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3121.nasl - Type : ACT_GATHER_INFO
2015-01-05 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_9575259a92d511e4bce6d050992ecde8.nasl - Type : ACT_GATHER_INFO
2014-12-29 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201412-48.nasl - Type : ACT_GATHER_INFO
2014-12-29 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-817.nasl - Type : ACT_GATHER_INFO
2014-11-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-236.nasl - Type : ACT_GATHER_INFO
2014-11-28 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-723.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-453.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-451.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-450.nasl - Type : ACT_GATHER_INFO
2014-11-20 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3074.nasl - Type : ACT_GATHER_INFO
2014-11-13 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3072.nasl - Type : ACT_GATHER_INFO
2014-11-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1606.nasl - Type : ACT_GATHER_INFO
2014-11-03 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1768.nasl - Type : ACT_GATHER_INFO
2014-11-03 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1767.nasl - Type : ACT_GATHER_INFO
2014-10-31 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2391-1.nasl - Type : ACT_GATHER_INFO
2014-10-31 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1767.nasl - Type : ACT_GATHER_INFO
2014-10-31 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1768.nasl - Type : ACT_GATHER_INFO
2014-10-17 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1606.nasl - Type : ACT_GATHER_INFO
2014-10-14 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1606.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-415.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-398.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-382.nasl - Type : ACT_GATHER_INFO
2014-10-03 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2369-1.nasl - Type : ACT_GATHER_INFO
2014-10-01 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1327.nasl - Type : ACT_GATHER_INFO
2014-10-01 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1326.nasl - Type : ACT_GATHER_INFO
2014-10-01 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1327.nasl - Type : ACT_GATHER_INFO
2014-10-01 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1326.nasl - Type : ACT_GATHER_INFO
2014-10-01 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1327.nasl - Type : ACT_GATHER_INFO
2014-09-30 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1326.nasl - Type : ACT_GATHER_INFO
2014-09-12 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-172.nasl - Type : ACT_GATHER_INFO
2014-09-12 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-167.nasl - Type : ACT_GATHER_INFO
2014-09-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2344-1.nasl - Type : ACT_GATHER_INFO
2014-09-10 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3021.nasl - Type : ACT_GATHER_INFO
2014-09-03 Name : The remote Fedora host is missing a security update.
File : fedora_2014-9679.nasl - Type : ACT_GATHER_INFO
2014-09-03 Name : The remote Fedora host is missing a security update.
File : fedora_2014-9684.nasl - Type : ACT_GATHER_INFO
2014-08-22 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3008.nasl - Type : ACT_GATHER_INFO
2014-08-07 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-149.nasl - Type : ACT_GATHER_INFO
2014-08-07 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1012.nasl - Type : ACT_GATHER_INFO
2014-08-06 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1012.nasl - Type : ACT_GATHER_INFO
2014-08-01 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-146.nasl - Type : ACT_GATHER_INFO
2014-07-16 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2278-1.nasl - Type : ACT_GATHER_INFO
2014-07-06 Name : The remote Fedora host is missing a security update.
File : fedora_2014-7992.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-221.nasl - Type : ACT_GATHER_INFO
2014-02-27 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2123-1.nasl - Type : ACT_GATHER_INFO
2012-09-27 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201209-14.nasl - Type : ACT_GATHER_INFO
2012-03-26 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-035.nasl - Type : ACT_GATHER_INFO
2012-03-01 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2422.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2016-05-18 13:27:58
  • Multiple Updates
2016-05-17 13:29:41
  • Multiple Updates
2016-05-13 13:29:30
  • Multiple Updates
2016-05-11 00:25:17
  • First insertion