Mcafee Foundstone Fsl Update

2016-JUL-14 FSL version 7.5.834

MCAFEE FOUNDSTONE FSL UPDATE

To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary of the new and updated checks included with this release.

NEW CHECKS

20245 - IBM WebSphere Application Server Apache Struts Multiple Vulnerabilities

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2016-1181, CVE-2016-1182

Description Multiple vulnerabilities are present in some versions of IBM WebSphere Application Server.

Observation IBM WebSphere Application Server is a Java application server.

Multiple vulnerabilities are present in some versions of IBM WebSphere Application Server. The flaws lie in Apache Struts component. Successful exploitation could allow an attacker to execute arbitrary code.

144735 - SuSE Linux 13.1 openSUSE-SU-2016:1767-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2016-1952, CVE-2016-1953, CVE-2016-1954, CVE-2016-1955, CVE-2016-1956, CVE-2016-1957, CVE-2016-1960, CVE- 2016-1961, CVE-2016-1964, CVE-2016-1974, CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016- 2801, CVE-2016-2802, CVE-2016-2806, CVE-2016-2807, CVE-2016-2815, CVE-2016-2818

Description The scan detected that the host is missing the following update: openSUSE-SU-2016:1767-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.opensuse.org/opensuse-updates/2016-07/msg00027.html

SuSE Linux 13.1 x86_64 MozillaThunderbird-buildsymbols-45.2-70.83.1 MozillaThunderbird-translations-other-45.2-70.83.1 MozillaThunderbird-debuginfo-45.2-70.83.1 MozillaThunderbird-debugsource-45.2-70.83.1 MozillaThunderbird-45.2-70.83.1 MozillaThunderbird-devel-45.2-70.83.1 MozillaThunderbird-translations-common-45.2-70.83.1 i586 MozillaThunderbird-buildsymbols-45.2-70.83.1 MozillaThunderbird-translations-other-45.2-70.83.1 MozillaThunderbird-debuginfo-45.2-70.83.1 MozillaThunderbird-debugsource-45.2-70.83.1 MozillaThunderbird-45.2-70.83.1 MozillaThunderbird-devel-45.2-70.83.1 MozillaThunderbird-translations-common-45.2-70.83.1

144736 - SuSE SLES 12 SP1 SUSE-SU-2016:1764-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2015-7566, CVE-2015-8550, CVE-2015-8551, CVE-2015-8552, CVE-2015-8709, CVE-2015-8785, CVE-2015-8812, CVE- 2015-8816, CVE-2016-0723, CVE-2016-2143, CVE-2016-2184, CVE-2016-2185, CVE-2016-2186, CVE-2016-2188, CVE-2016-2384, CVE-2016-2782, CVE-2016-3134, CVE-2016-3136, CVE-2016-3137, CVE-2016-3138, CVE-2016-3139, CVE-2016-3140, CVE-2016- 3156, CVE-2016-3689, CVE-2016-3707, CVE-2016-3951

Description The scan detected that the host is missing the following update: SUSE-SU-2016:1764-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2016-July/002150.html

SuSE SLES 12 SP1 x86_64 kernel-rt-3.12.58-14.1 kernel-rt-debuginfo-3.12.58-14.1 kernel-rt-base-debuginfo-3.12.58-14.1 kernel-compute_debug-debuginfo-3.12.58-14.1 kernel-rt_debug-devel-3.12.58-14.1 kernel-compute-base-3.12.58-14.1 kernel-compute_debug-devel-debuginfo-3.12.58-14.1 kernel-rt-debugsource-3.12.58-14.1 kernel-compute-devel-3.12.58-14.1 kernel-rt-base-3.12.58-14.1 kernel-rt-devel-3.12.58-14.1 kernel-compute-base-debuginfo-3.12.58-14.1 kernel-compute-debuginfo-3.12.58-14.1 kernel-compute-debugsource-3.12.58-14.1 kernel-rt_debug-debugsource-3.12.58-14.1 kernel-compute_debug-debugsource-3.12.58-14.1 kernel-rt_debug-debuginfo-3.12.58-14.1 kernel-compute_debug-devel-3.12.58-14.1 kernel-rt_debug-devel-debuginfo-3.12.58-14.1 kernel-syms-rt-3.12.58-14.1 kernel-compute-3.12.58-14.1 noarch kernel-devel-rt-3.12.58-14.1 kernel-source-rt-3.12.58-14.1

144738 - SuSE SLES 11 SP4 SUSE-SU-2016:1785-1 Update Is Not Installed Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2014-3615, CVE-2014-3689, CVE-2014-9718, CVE-2015-3214, CVE-2015-5239, CVE-2015-5278, CVE-2015-5279, CVE- 2015-5745, CVE-2015-6855, CVE-2015-7295, CVE-2015-7549, CVE-2015-8504, CVE-2015-8558, CVE-2015-8613, CVE-2015-8619, CVE-2015-8743, CVE-2016-1568, CVE-2016-1714, CVE-2016-1922, CVE-2016-1981, CVE-2016-2198, CVE-2016-2538, CVE-2016- 2841, CVE-2016-2857, CVE-2016-2858, CVE-2016-3710, CVE-2016-3712, CVE-2016-4001, CVE-2016-4002, CVE-2016-4020, CVE- 2016-4037, CVE-2016-4439, CVE-2016-4441

Description The scan detected that the host is missing the following update: SUSE-SU-2016:1785-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2016-July/002154.html

SuSE SLES 11 SP4 i586 kvm-1.4.2-44.1 x86_64 kvm-1.4.2-44.1

144741 - SuSE Linux 13.2 openSUSE-SU-2016:1778-1 Update Is Not Installed

Description The scan detected that the host is missing the following update: openSUSE-SU-2016:1778-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.opensuse.org/opensuse-updates/2016-07/msg00038.html

SuSE Linux 13.2 x86_64 MozillaThunderbird-translations-other-45.2-43.1 MozillaThunderbird-debuginfo-45.2-43.1 MozillaThunderbird-45.2-43.1 MozillaThunderbird-translations-common-45.2-43.1 MozillaThunderbird-debugsource-45.2-43.1 MozillaThunderbird-buildsymbols-45.2-43.1 MozillaThunderbird-devel-45.2-43.1 i586 MozillaThunderbird-translations-other-45.2-43.1 MozillaThunderbird-debuginfo-45.2-43.1 MozillaThunderbird-45.2-43.1 MozillaThunderbird-translations-common-45.2-43.1 MozillaThunderbird-debugsource-45.2-43.1 MozillaThunderbird-buildsymbols-45.2-43.1 MozillaThunderbird-devel-45.2-43.1

20317 - (SYM16-010) Symantec Endpoint Protection Multiple Vulnerabilities

Category: Windows Host Assessment -> Anti-Virus Software (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2016-2207, CVE-2016-2209, CVE-2016-2210, CVE-2016-2211, CVE-2016-3644, CVE-2016-3645, CVE-2016-3646

Description Multiple vulnerabilities are present in some versions of Symantec Endpoint Protection.

Observation Symantec Endpoint Protection is an all-in-one antivirus software.

Multiple vulnerabilities are present in some versions of Symantec Endpoint Protection. The flaws lie in the Symantec Decomposer Engine. Successful exploitation could allow an attacker to cause a denial of service or perform remote code execution.

20327 - (HPSBGN03569) HPE OneView for VMware vCenter Information Disclosure Vulnerability

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2014-3566, CVE-2016-0705, CVE-2016-0799, CVE-2016-0800, CVE-2016-2842

Description Multiple vulnerabilities are present in some versions of HPE OneView for VMware vCenter.

Observation HPE OneView for VMware vCenter manage HPE infrastructure using VMware solutions.

Multiple vulnerabilities are present in some versions of HPE OneView for VMware vCenter. The flaws lie in OpenSSL. Successful exploitation could allow an attacker to retrieve sensitive data or cause a denial of service condition.

178200 - Gentoo Linux GLSA-201607-02 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: High CVE: CVE-2014-8964, CVE-2015-5073, CVE-2015-8380, CVE-2015-8381, CVE-2015-8383, CVE-2015-8384, CVE-2015-8385, CVE- 2015-8386, CVE-2015-8387, CVE-2015-8388, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8392, CVE-2015-8393, CVE-2015-8394, CVE-2015-8395, CVE-2016-1283

Description The scan detected that the host is missing the following update: GLSA-201607-02

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/201607-02

Affected packages: dev-libs/libpcre < 8.38-r1

185351 - Ubuntu Linux 12.04, 14.04, 15.10, 16.04 USN-3029-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: High CVE: CVE-2016-2834

Description The scan detected that the host is missing the following update: USN-3029-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.ubuntu.com/archives/ubuntu-security-announce/2016-July/003496.html

Ubuntu 12.04 libnss3_3.23-0ubuntu0.12.04.1

Ubuntu 16.04 libnss3_3.23-0ubuntu0.16.04.1

Ubuntu 15.10 libnss3_3.23-0ubuntu0.15.10.1

Ubuntu 14.04 libnss3_3.23-0ubuntu0.14.04.1

141220 - Red Hat Enterprise Linux RHSA-2016-1406 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2016-4565

Description The scan detected that the host is missing the following update: RHSA-2016-1406

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.redhat.com/archives/enterprise-watch-list/2016-July/msg00005.html RHEL6D i386 kernel-debug-2.6.32-642.3.1.el6 kernel-devel-2.6.32-642.3.1.el6 kernel-debug-debuginfo-2.6.32-642.3.1.el6 kernel-debug-devel-2.6.32-642.3.1.el6 kernel-debuginfo-2.6.32-642.3.1.el6 kernel-debuginfo-common-i686-2.6.32-642.3.1.el6 kernel-2.6.32-642.3.1.el6 perf-debuginfo-2.6.32-642.3.1.el6 kernel-headers-2.6.32-642.3.1.el6 perf-2.6.32-642.3.1.el6 python-perf-debuginfo-2.6.32-642.3.1.el6 python-perf-2.6.32-642.3.1.el6 noarch kernel-doc-2.6.32-642.3.1.el6 kernel-abi-whitelists-2.6.32-642.3.1.el6 kernel-firmware-2.6.32-642.3.1.el6 x86_64 perf-debuginfo-2.6.32-642.3.1.el6 kernel-debug-2.6.32-642.3.1.el6 python-perf-2.6.32-642.3.1.el6 kernel-debug-devel-2.6.32-642.3.1.el6 kernel-debuginfo-common-x86_64-2.6.32-642.3.1.el6 kernel-devel-2.6.32-642.3.1.el6 kernel-debuginfo-2.6.32-642.3.1.el6 kernel-2.6.32-642.3.1.el6 perf-2.6.32-642.3.1.el6 kernel-debuginfo-common-i686-2.6.32-642.3.1.el6 python-perf-debuginfo-2.6.32-642.3.1.el6 kernel-debug-debuginfo-2.6.32-642.3.1.el6 kernel-headers-2.6.32-642.3.1.el6

RHEL6S i386 kernel-debug-2.6.32-642.3.1.el6 kernel-devel-2.6.32-642.3.1.el6 kernel-debug-debuginfo-2.6.32-642.3.1.el6 kernel-debug-devel-2.6.32-642.3.1.el6 kernel-debuginfo-2.6.32-642.3.1.el6 kernel-debuginfo-common-i686-2.6.32-642.3.1.el6 kernel-2.6.32-642.3.1.el6 perf-debuginfo-2.6.32-642.3.1.el6 kernel-headers-2.6.32-642.3.1.el6 perf-2.6.32-642.3.1.el6 python-perf-debuginfo-2.6.32-642.3.1.el6 python-perf-2.6.32-642.3.1.el6 noarch kernel-doc-2.6.32-642.3.1.el6 kernel-abi-whitelists-2.6.32-642.3.1.el6 kernel-firmware-2.6.32-642.3.1.el6 x86_64 perf-debuginfo-2.6.32-642.3.1.el6 kernel-debug-2.6.32-642.3.1.el6 python-perf-2.6.32-642.3.1.el6 kernel-debug-devel-2.6.32-642.3.1.el6 kernel-debuginfo-common-x86_64-2.6.32-642.3.1.el6 kernel-devel-2.6.32-642.3.1.el6 kernel-debuginfo-2.6.32-642.3.1.el6 kernel-2.6.32-642.3.1.el6 perf-2.6.32-642.3.1.el6 kernel-debuginfo-common-i686-2.6.32-642.3.1.el6 python-perf-debuginfo-2.6.32-642.3.1.el6 kernel-debug-debuginfo-2.6.32-642.3.1.el6 kernel-headers-2.6.32-642.3.1.el6

RHEL6WS i386 kernel-debug-2.6.32-642.3.1.el6 kernel-devel-2.6.32-642.3.1.el6 kernel-debug-debuginfo-2.6.32-642.3.1.el6 kernel-debug-devel-2.6.32-642.3.1.el6 kernel-debuginfo-2.6.32-642.3.1.el6 kernel-debuginfo-common-i686-2.6.32-642.3.1.el6 kernel-2.6.32-642.3.1.el6 perf-debuginfo-2.6.32-642.3.1.el6 kernel-headers-2.6.32-642.3.1.el6 perf-2.6.32-642.3.1.el6 python-perf-debuginfo-2.6.32-642.3.1.el6 noarch kernel-doc-2.6.32-642.3.1.el6 kernel-abi-whitelists-2.6.32-642.3.1.el6 kernel-firmware-2.6.32-642.3.1.el6 x86_64 kernel-debug-2.6.32-642.3.1.el6 kernel-debuginfo-common-x86_64-2.6.32-642.3.1.el6 kernel-devel-2.6.32-642.3.1.el6 kernel-debug-debuginfo-2.6.32-642.3.1.el6 kernel-debug-devel-2.6.32-642.3.1.el6 kernel-debuginfo-2.6.32-642.3.1.el6 kernel-debuginfo-common-i686-2.6.32-642.3.1.el6 kernel-2.6.32-642.3.1.el6 perf-debuginfo-2.6.32-642.3.1.el6 kernel-headers-2.6.32-642.3.1.el6 perf-2.6.32-642.3.1.el6 python-perf-debuginfo-2.6.32-642.3.1.el6

144733 - SuSE Linux 13.1 openSUSE-SU-2016:1766-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: openSUSE-SU-2016:1766-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.opensuse.org/opensuse-updates/2016-07/msg00026.html SuSE Linux 13.1 x86_64 libircclient-doc-1.6-6.3.1 libircclient1-1.6-6.3.1 libircclient-devel-1.6-6.3.1 i586 libircclient-doc-1.6-6.3.1 libircclient1-1.6-6.3.1 libircclient-devel-1.6-6.3.1

144734 - SuSE Linux 13.2 openSUSE-SU-2016:1761-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2015-8935, CVE-2016-5766, CVE-2016-5767, CVE-2016-5768, CVE-2016-5769, CVE-2016-5770, CVE-2016-5771, CVE- 2016-5772, CVE-2016-5773

Description The scan detected that the host is missing the following update: openSUSE-SU-2016:1761-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.opensuse.org/opensuse-updates/2016-07/msg00023.html

SuSE Linux 13.2 i586 php5-suhosin-5.6.1-69.1 php5-xmlwriter-5.6.1-69.1 php5-mcrypt-debuginfo-5.6.1-69.1 php5-devel-5.6.1-69.1 php5-pcntl-5.6.1-69.1 php5-fileinfo-debuginfo-5.6.1-69.1 php5-shmop-debuginfo-5.6.1-69.1 apache2-mod_php5-debuginfo-5.6.1-69.1 php5-ftp-debuginfo-5.6.1-69.1 php5-sockets-5.6.1-69.1 php5-5.6.1-69.1 php5-ldap-5.6.1-69.1 php5-gmp-5.6.1-69.1 php5-snmp-debuginfo-5.6.1-69.1 php5-calendar-5.6.1-69.1 php5-sysvmsg-5.6.1-69.1 php5-pdo-5.6.1-69.1 php5-xsl-5.6.1-69.1 php5-curl-5.6.1-69.1 php5-ctype-5.6.1-69.1 php5-dom-debuginfo-5.6.1-69.1 php5-intl-debuginfo-5.6.1-69.1 php5-mssql-debuginfo-5.6.1-69.1 php5-suhosin-debuginfo-5.6.1-69.1 php5-openssl-5.6.1-69.1 php5-sysvsem-debuginfo-5.6.1-69.1 php5-mbstring-debuginfo-5.6.1-69.1 php5-gettext-debuginfo-5.6.1-69.1 php5-calendar-debuginfo-5.6.1-69.1 php5-exif-5.6.1-69.1 php5-sysvshm-5.6.1-69.1 php5-pspell-5.6.1-69.1 php5-ldap-debuginfo-5.6.1-69.1 php5-pdo-debuginfo-5.6.1-69.1 php5-curl-debuginfo-5.6.1-69.1 php5-pspell-debuginfo-5.6.1-69.1 php5-mbstring-5.6.1-69.1 php5-shmop-5.6.1-69.1 php5-tokenizer-debuginfo-5.6.1-69.1 php5-wddx-debuginfo-5.6.1-69.1 php5-tidy-debuginfo-5.6.1-69.1 php5-wddx-5.6.1-69.1 php5-xmlrpc-debuginfo-5.6.1-69.1 php5-sqlite-5.6.1-69.1 php5-sysvmsg-debuginfo-5.6.1-69.1 php5-enchant-5.6.1-69.1 php5-fileinfo-5.6.1-69.1 php5-sqlite-debuginfo-5.6.1-69.1 php5-pgsql-debuginfo-5.6.1-69.1 php5-bz2-debuginfo-5.6.1-69.1 php5-ftp-5.6.1-69.1 php5-zip-debuginfo-5.6.1-69.1 php5-fastcgi-5.6.1-69.1 php5-enchant-debuginfo-5.6.1-69.1 php5-firebird-debuginfo-5.6.1-69.1 php5-imap-5.6.1-69.1 php5-readline-5.6.1-69.1 php5-soap-5.6.1-69.1 php5-debugsource-5.6.1-69.1 php5-gd-debuginfo-5.6.1-69.1 php5-intl-5.6.1-69.1 php5-mcrypt-5.6.1-69.1 php5-odbc-debuginfo-5.6.1-69.1 php5-readline-debuginfo-5.6.1-69.1 php5-dom-5.6.1-69.1 php5-tokenizer-5.6.1-69.1 php5-imap-debuginfo-5.6.1-69.1 php5-firebird-5.6.1-69.1 php5-phar-debuginfo-5.6.1-69.1 php5-pgsql-5.6.1-69.1 apache2-mod_php5-5.6.1-69.1 php5-odbc-5.6.1-69.1 php5-zlib-5.6.1-69.1 php5-mssql-5.6.1-69.1 php5-gmp-debuginfo-5.6.1-69.1 php5-fastcgi-debuginfo-5.6.1-69.1 php5-sysvsem-5.6.1-69.1 php5-zlib-debuginfo-5.6.1-69.1 php5-fpm-5.6.1-69.1 php5-gettext-5.6.1-69.1 php5-posix-debuginfo-5.6.1-69.1 php5-sysvshm-debuginfo-5.6.1-69.1 php5-json-debuginfo-5.6.1-69.1 php5-bcmath-5.6.1-69.1 php5-dba-5.6.1-69.1 php5-gd-5.6.1-69.1 php5-xmlrpc-5.6.1-69.1 php5-ctype-debuginfo-5.6.1-69.1 php5-xsl-debuginfo-5.6.1-69.1 php5-exif-debuginfo-5.6.1-69.1 php5-tidy-5.6.1-69.1 php5-fpm-debuginfo-5.6.1-69.1 php5-iconv-5.6.1-69.1 php5-opcache-5.6.1-69.1 php5-sockets-debuginfo-5.6.1-69.1 php5-json-5.6.1-69.1 php5-phar-5.6.1-69.1 php5-xmlreader-5.6.1-69.1 php5-mysql-debuginfo-5.6.1-69.1 php5-dba-debuginfo-5.6.1-69.1 php5-pcntl-debuginfo-5.6.1-69.1 php5-iconv-debuginfo-5.6.1-69.1 php5-debuginfo-5.6.1-69.1 php5-openssl-debuginfo-5.6.1-69.1 php5-posix-5.6.1-69.1 php5-mysql-5.6.1-69.1 php5-snmp-5.6.1-69.1 php5-zip-5.6.1-69.1 php5-xmlwriter-debuginfo-5.6.1-69.1 php5-opcache-debuginfo-5.6.1-69.1 php5-bcmath-debuginfo-5.6.1-69.1 php5-xmlreader-debuginfo-5.6.1-69.1 php5-soap-debuginfo-5.6.1-69.1 php5-bz2-5.6.1-69.1 noarch php5-pear-5.6.1-69.1 x86_64 php5-suhosin-5.6.1-69.1 php5-xmlwriter-5.6.1-69.1 php5-mcrypt-debuginfo-5.6.1-69.1 php5-devel-5.6.1-69.1 php5-pcntl-5.6.1-69.1 php5-fileinfo-debuginfo-5.6.1-69.1 php5-shmop-debuginfo-5.6.1-69.1 apache2-mod_php5-debuginfo-5.6.1-69.1 php5-ftp-debuginfo-5.6.1-69.1 php5-sockets-5.6.1-69.1 php5-5.6.1-69.1 php5-ldap-5.6.1-69.1 php5-gmp-5.6.1-69.1 php5-snmp-debuginfo-5.6.1-69.1 php5-calendar-5.6.1-69.1 php5-sysvmsg-5.6.1-69.1 php5-pdo-5.6.1-69.1 php5-xsl-5.6.1-69.1 php5-curl-5.6.1-69.1 php5-ctype-5.6.1-69.1 php5-dom-debuginfo-5.6.1-69.1 php5-intl-debuginfo-5.6.1-69.1 php5-mssql-debuginfo-5.6.1-69.1 php5-suhosin-debuginfo-5.6.1-69.1 php5-openssl-5.6.1-69.1 php5-sysvsem-debuginfo-5.6.1-69.1 php5-mbstring-debuginfo-5.6.1-69.1 php5-gettext-debuginfo-5.6.1-69.1 php5-calendar-debuginfo-5.6.1-69.1 php5-exif-5.6.1-69.1 php5-sysvshm-5.6.1-69.1 php5-pspell-5.6.1-69.1 php5-ldap-debuginfo-5.6.1-69.1 php5-pdo-debuginfo-5.6.1-69.1 php5-curl-debuginfo-5.6.1-69.1 php5-pspell-debuginfo-5.6.1-69.1 php5-mbstring-5.6.1-69.1 php5-shmop-5.6.1-69.1 php5-tokenizer-debuginfo-5.6.1-69.1 php5-wddx-debuginfo-5.6.1-69.1 php5-tidy-debuginfo-5.6.1-69.1 php5-wddx-5.6.1-69.1 php5-xmlrpc-debuginfo-5.6.1-69.1 php5-sqlite-5.6.1-69.1 php5-sysvmsg-debuginfo-5.6.1-69.1 php5-enchant-5.6.1-69.1 php5-fileinfo-5.6.1-69.1 php5-sqlite-debuginfo-5.6.1-69.1 php5-pgsql-debuginfo-5.6.1-69.1 php5-bz2-debuginfo-5.6.1-69.1 php5-ftp-5.6.1-69.1 php5-zip-debuginfo-5.6.1-69.1 php5-fastcgi-5.6.1-69.1 php5-enchant-debuginfo-5.6.1-69.1 php5-firebird-debuginfo-5.6.1-69.1 php5-imap-5.6.1-69.1 php5-readline-5.6.1-69.1 php5-soap-5.6.1-69.1 php5-debugsource-5.6.1-69.1 php5-gd-debuginfo-5.6.1-69.1 php5-intl-5.6.1-69.1 php5-mcrypt-5.6.1-69.1 php5-odbc-debuginfo-5.6.1-69.1 php5-readline-debuginfo-5.6.1-69.1 php5-dom-5.6.1-69.1 php5-tokenizer-5.6.1-69.1 php5-imap-debuginfo-5.6.1-69.1 php5-firebird-5.6.1-69.1 php5-phar-debuginfo-5.6.1-69.1 php5-pgsql-5.6.1-69.1 apache2-mod_php5-5.6.1-69.1 php5-odbc-5.6.1-69.1 php5-zlib-5.6.1-69.1 php5-mssql-5.6.1-69.1 php5-gmp-debuginfo-5.6.1-69.1 php5-fastcgi-debuginfo-5.6.1-69.1 php5-sysvsem-5.6.1-69.1 php5-zlib-debuginfo-5.6.1-69.1 php5-fpm-5.6.1-69.1 php5-gettext-5.6.1-69.1 php5-posix-debuginfo-5.6.1-69.1 php5-sysvshm-debuginfo-5.6.1-69.1 php5-json-debuginfo-5.6.1-69.1 php5-bcmath-5.6.1-69.1 php5-dba-5.6.1-69.1 php5-gd-5.6.1-69.1 php5-xmlrpc-5.6.1-69.1 php5-ctype-debuginfo-5.6.1-69.1 php5-xsl-debuginfo-5.6.1-69.1 php5-exif-debuginfo-5.6.1-69.1 php5-tidy-5.6.1-69.1 php5-fpm-debuginfo-5.6.1-69.1 php5-iconv-5.6.1-69.1 php5-opcache-5.6.1-69.1 php5-sockets-debuginfo-5.6.1-69.1 php5-json-5.6.1-69.1 php5-phar-5.6.1-69.1 php5-xmlreader-5.6.1-69.1 php5-mysql-debuginfo-5.6.1-69.1 php5-dba-debuginfo-5.6.1-69.1 php5-pcntl-debuginfo-5.6.1-69.1 php5-iconv-debuginfo-5.6.1-69.1 php5-debuginfo-5.6.1-69.1 php5-openssl-debuginfo-5.6.1-69.1 php5-posix-5.6.1-69.1 php5-mysql-5.6.1-69.1 php5-snmp-5.6.1-69.1 php5-zip-5.6.1-69.1 php5-xmlwriter-debuginfo-5.6.1-69.1 php5-opcache-debuginfo-5.6.1-69.1 php5-bcmath-debuginfo-5.6.1-69.1 php5-xmlreader-debuginfo-5.6.1-69.1 php5-soap-debuginfo-5.6.1-69.1 php5-bz2-5.6.1-69.1

144737 - SuSE SLES 12 SP1, SLED 12 SP1 SUSE-SU-2016:1784-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2014-9805, CVE-2014-9806, CVE-2014-9807, CVE-2014-9808, CVE-2014-9809, CVE-2014-9810, CVE-2014-9811, CVE- 2014-9812, CVE-2014-9813, CVE-2014-9814, CVE-2014-9815, CVE-2014-9816, CVE-2014-9817, CVE-2014-9818, CVE-2014-9819, CVE-2014-9820, CVE-2014-9821, CVE-2014-9822, CVE-2014-9823, CVE-2014-9824, CVE-2014-9825, CVE-2014-9826, CVE-2014- 9828, CVE-2014-9829, CVE-2014-9830, CVE-2014-9831, CVE-2014-9832, CVE-2014-9833, CVE-2014-9834, CVE-2014-9835, CVE- 2014-9836, CVE-2014-9837, CVE-2014-9838, CVE-2014-9839, CVE-2014-9840, CVE-2014-9841, CVE-2014-9842, CVE-2014-9843, CVE-2014-9844, CVE-2014-9845, CVE-2014-9846, CVE-2014-9847, CVE-2014-9848, CVE-2014-9849, CVE-2014-9850, CVE-2014- 9851, CVE-2014-9852, CVE-2014-9853, CVE-2014-9854, CVE-2015-8894, CVE-2015-8895, CVE-2015-8896, CVE-2015-8897, CVE- 2015-8898, CVE-2015-8900, CVE-2015-8901, CVE-2015-8902, CVE-2015-8903, CVE-2016-4562, CVE-2016-4563, CVE-2016-4564, CVE-2016-5687, CVE-2016-5688, CVE-2016-5689, CVE-2016-5690, CVE-2016-5691, CVE-2016-5841, CVE-2016-5842

Description The scan detected that the host is missing the following update: SUSE-SU-2016:1784-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2016-July/002153.html

SuSE SLES 12 SP1 x86_64 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-30.2 ImageMagick-debugsource-6.8.8.1-30.2 ImageMagick-debuginfo-6.8.8.1-30.2 libMagickWand-6_Q16-1-6.8.8.1-30.2 libMagickCore-6_Q16-1-6.8.8.1-30.2 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-30.2 SuSE SLED 12 SP1 x86_64 libMagick++-6_Q16-3-debuginfo-6.8.8.1-30.2 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-30.2 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-30.2 ImageMagick-debugsource-6.8.8.1-30.2 ImageMagick-debuginfo-6.8.8.1-30.2 libMagickWand-6_Q16-1-6.8.8.1-30.2 libMagick++-6_Q16-3-6.8.8.1-30.2 ImageMagick-6.8.8.1-30.2 libMagickCore-6_Q16-1-6.8.8.1-30.2 libMagickCore-6_Q16-1-32bit-6.8.8.1-30.2 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-30.2

144739 - SuSE Linux 13.2 openSUSE-SU-2016:1748-1 Update Is Not Installed

Description The scan detected that the host is missing the following update: openSUSE-SU-2016:1748-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.opensuse.org/opensuse-updates/2016-07/msg00018.html

SuSE Linux 13.2 i586 ImageMagick-extra-debuginfo-6.8.9.8-26.1 ImageMagick-6.8.9.8-26.1 libMagick++-6_Q16-5-6.8.9.8-26.1 ImageMagick-devel-6.8.9.8-26.1 ImageMagick-extra-6.8.9.8-26.1 ImageMagick-debuginfo-6.8.9.8-26.1 libMagickWand-6_Q16-2-6.8.9.8-26.1 perl-PerlMagick-debuginfo-6.8.9.8-26.1 libMagickCore-6_Q16-2-6.8.9.8-26.1 libMagickWand-6_Q16-2-debuginfo-6.8.9.8-26.1 perl-PerlMagick-6.8.9.8-26.1 ImageMagick-debugsource-6.8.9.8-26.1 libMagick++-6_Q16-5-debuginfo-6.8.9.8-26.1 libMagickCore-6_Q16-2-debuginfo-6.8.9.8-26.1 libMagick++-devel-6.8.9.8-26.1 noarch ImageMagick-doc-6.8.9.8-26.1 x86_64 ImageMagick-extra-debuginfo-6.8.9.8-26.1 ImageMagick-6.8.9.8-26.1 libMagick++-6_Q16-5-32bit-6.8.9.8-26.1 libMagick++-6_Q16-5-6.8.9.8-26.1 ImageMagick-devel-6.8.9.8-26.1 libMagickWand-6_Q16-2-debuginfo-32bit-6.8.9.8-26.1 ImageMagick-extra-6.8.9.8-26.1 ImageMagick-debuginfo-6.8.9.8-26.1 libMagickWand-6_Q16-2-6.8.9.8-26.1 ImageMagick-devel-32bit-6.8.9.8-26.1 libMagickCore-6_Q16-2-debuginfo-32bit-6.8.9.8-26.1 perl-PerlMagick-debuginfo-6.8.9.8-26.1 libMagickCore-6_Q16-2-6.8.9.8-26.1 libMagickWand-6_Q16-2-debuginfo-6.8.9.8-26.1 perl-PerlMagick-6.8.9.8-26.1 ImageMagick-debugsource-6.8.9.8-26.1 libMagickCore-6_Q16-2-32bit-6.8.9.8-26.1 libMagick++-devel-32bit-6.8.9.8-26.1 libMagick++-6_Q16-5-debuginfo-6.8.9.8-26.1 libMagickCore-6_Q16-2-debuginfo-6.8.9.8-26.1 libMagick++-devel-6.8.9.8-26.1 libMagickWand-6_Q16-2-32bit-6.8.9.8-26.1 libMagick++-6_Q16-5-debuginfo-32bit-6.8.9.8-26.1

144740 - SuSE SLES 11 SP4 SUSE-SU-2016:1782-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2014-9805, CVE-2014-9806, CVE-2014-9807, CVE-2014-9808, CVE-2014-9809, CVE-2014-9810, CVE-2014-9811, CVE- 2014-9812, CVE-2014-9813, CVE-2014-9814, CVE-2014-9815, CVE-2014-9816, CVE-2014-9817, CVE-2014-9818, CVE-2014-9819, CVE-2014-9820, CVE-2014-9822, CVE-2014-9823, CVE-2014-9824, CVE-2014-9826, CVE-2014-9828, CVE-2014-9829, CVE-2014- 9830, CVE-2014-9831, CVE-2014-9834, CVE-2014-9835, CVE-2014-9836, CVE-2014-9837, CVE-2014-9838, CVE-2014-9839, CVE- 2014-9840, CVE-2014-9842, CVE-2014-9844, CVE-2014-9845, CVE-2014-9846, CVE-2014-9847, CVE-2014-9849, CVE-2014-9851, CVE-2014-9853, CVE-2014-9854, CVE-2015-8894, CVE-2015-8896, CVE-2015-8897, CVE-2015-8898, CVE-2015-8901, CVE-2015- 8902, CVE-2015-8903, CVE-2016-4562, CVE-2016-4563, CVE-2016-4564, CVE-2016-5687, CVE-2016-5688, CVE-2016-5689, CVE- 2016-5690, CVE-2016-5691, CVE-2016-5841, CVE-2016-5842

Description The scan detected that the host is missing the following update: SUSE-SU-2016:1782-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2016-July/002151.html

SuSE SLES 11 SP4 i586 libMagickCore1-6.4.3.6-7.45.1 x86_64 libMagickCore1-6.4.3.6-7.45.1 libMagickCore1-32bit-6.4.3.6-7.45.1 160118 - CentOS 6 CESA-2016-1406 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Cent OS Patches and Hotfixes Risk Level: High CVE: CVE-2016-4565

Description The scan detected that the host is missing the following update: CESA-2016-1406

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.centos.org/pipermail/centos-announce/2016-July/021977.html

CentOS 6 i686 kernel-debug-2.6.32-642.3.1.el6 kernel-headers-2.6.32-642.3.1.el6 kernel-debug-devel-2.6.32-642.3.1.el6 kernel-devel-2.6.32-642.3.1.el6 kernel-2.6.32-642.3.1.el6 python-perf-2.6.32-642.3.1.el6 perf-2.6.32-642.3.1.el6 noarch kernel-doc-2.6.32-642.3.1.el6 kernel-abi-whitelists-2.6.32-642.3.1.el6 kernel-firmware-2.6.32-642.3.1.el6 x86_64 kernel-debug-2.6.32-642.3.1.el6 kernel-headers-2.6.32-642.3.1.el6 kernel-debug-devel-2.6.32-642.3.1.el6 kernel-devel-2.6.32-642.3.1.el6 kernel-2.6.32-642.3.1.el6 python-perf-2.6.32-642.3.1.el6 perf-2.6.32-642.3.1.el6

163116 - Oracle Enterprise Linux ELSA-2016-1406 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2016-4565

Description The scan detected that the host is missing the following update: ELSA-2016-1406

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2016-July/006194.html OEL6 x86_64 kernel-debug-2.6.32-642.3.1.el6 kernel-doc-2.6.32-642.3.1.el6 kernel-headers-2.6.32-642.3.1.el6 kernel-abi-whitelists-2.6.32-642.3.1.el6 kernel-devel-2.6.32-642.3.1.el6 kernel-2.6.32-642.3.1.el6 python-perf-2.6.32-642.3.1.el6 kernel-firmware-2.6.32-642.3.1.el6 perf-2.6.32-642.3.1.el6 kernel-debug-devel-2.6.32-642.3.1.el6 i386 kernel-debug-2.6.32-642.3.1.el6 kernel-doc-2.6.32-642.3.1.el6 kernel-headers-2.6.32-642.3.1.el6 kernel-abi-whitelists-2.6.32-642.3.1.el6 kernel-devel-2.6.32-642.3.1.el6 kernel-2.6.32-642.3.1.el6 python-perf-2.6.32-642.3.1.el6 kernel-firmware-2.6.32-642.3.1.el6 perf-2.6.32-642.3.1.el6 kernel-debug-devel-2.6.32-642.3.1.el6

178201 - Gentoo Linux GLSA-201607-01 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: High CVE: CVE-2014-6270, CVE-2016-2569, CVE-2016-2570, CVE-2016-2571, CVE-2016-2572, CVE-2016-3947, CVE-2016-3948, CVE- 2016-4051, CVE-2016-4052, CVE-2016-4053, CVE-2016-4054, CVE-2016-4553, CVE-2016-4554, CVE-2016-4555, CVE-2016-4556

Description The scan detected that the host is missing the following update: GLSA-201607-01

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/201607-01

Affected packages: net-proxy/squid < 3.5.19

20251 - IBM WebSphere Application Server HTTP Response Splitting Vulnerability

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2016-0359

Description A vulnerability is present in some versions of IBM WebSphere Application Server.

Observation IBM WebSphere Application Server is a Java EE application server.

A vulnerability is present in some versions of IBM WebSphere Application Server. The flaw lies in the HTTP server component. Successful exploitation could allow an attacker to conduct an HTTP response splitting attack allowing him to perform further attacks and possibly affect confidentiality.

20252 - IBM WebSphere Application Server Liberty Profile HTTP Response Splitting Vulnerability

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2016-0359

Description A vulnerability is present in some versions of IBM WebSphere Application Server Liberty Profile.

Observation IBM WebSphere Application Liberty Profile Server is a Java EE application server.

A vulnerability is present in some versions of IBM WebSphere Application Server Liberty Profile. The flaw lies in the HTTP server component. Successful exploitation could allow an attacker to conduct an HTTP response splitting attack allowing him to perform further attacks and possibly affect confidentiality.

141219 - Red Hat Enterprise Linux RHSA-2016-1392 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-2818

Description The scan detected that the host is missing the following update: RHSA-2016-1392

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.redhat.com/archives/enterprise-watch-list/2016-July/msg00003.html

RHEL6S i386 thunderbird-debuginfo-45.2-1.el6_8 thunderbird-45.2-1.el6_8 x86_64 thunderbird-debuginfo-45.2-1.el6_8 thunderbird-45.2-1.el6_8

RHEL6WS x86_64 thunderbird-debuginfo-45.2-1.el6_8 thunderbird-45.2-1.el6_8 i386 thunderbird-debuginfo-45.2-1.el6_8 thunderbird-45.2-1.el6_8 RHEL5D x86_64 thunderbird-45.2-1.el5_11 thunderbird-debuginfo-45.2-1.el5_11 i386 thunderbird-45.2-1.el5_11 thunderbird-debuginfo-45.2-1.el5_11

RHEL7D x86_64 thunderbird-45.2-1.el7_2 thunderbird-debuginfo-45.2-1.el7_2

RHEL6D x86_64 thunderbird-debuginfo-45.2-1.el6_8 thunderbird-45.2-1.el6_8 i386 thunderbird-debuginfo-45.2-1.el6_8 thunderbird-45.2-1.el6_8

RHEL7WS x86_64 thunderbird-45.2-1.el7_2 thunderbird-debuginfo-45.2-1.el7_2

160119 - CentOS 5, 6, 7 CESA-2016-1392 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Cent OS Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-2818

Description The scan detected that the host is missing the following update: CESA-2016-1392

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.centos.org/pipermail/centos-announce/2016-July/021956.html http://lists.centos.org/pipermail/centos-announce/2016-July/021955.html http://lists.centos.org/pipermail/centos-announce/2016-July/021959.html

CentOS 6 x86_64 thunderbird-45.2-1.el6.centos i686 thunderbird-45.2-1.el6.centos

CentOS 7 x86_64 thunderbird-45.2-1.el7.centos CentOS 5 x86_64 thunderbird-45.2-1.el5.centos i386 thunderbird-45.2-1.el5.centos

163115 - Oracle Enterprise Linux ELSA-2016-1392 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-2818

Description The scan detected that the host is missing the following update: ELSA-2016-1392

OEL7 x86_64 thunderbird-45.2-1.0.1.el7_2

OEL6 x86_64 thunderbird-45.2-1.0.1.el6_8 i386 thunderbird-45.2-1.0.1.el6_8

174983 - Scientific Linux Security ERRATA Moderate: ocaml on SL7.x x86_64 (1607-75)

Category: SSH Module -> NonIntrusive -> Scientific Linux Patches and HotFixes Risk Level: Medium CVE: CVE-2015-8869

Description The scan detected that the host is missing the following update: Security ERRATA Moderate: ocaml on SL7.x x86_64 (1607-75)

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://listserv.fnal.gov/scripts/wa.exe?A2=ind1607&L=scientific-linux-errata&F=&S=&P=75

SL7 x86_64 graphviz-ocaml-2.30.1-19.el7 ocaml-libguestfs-devel-1.28.1-1.18.el7 graphviz-tcl-2.30.1-19.el7 tcl-brlapi-0.6.0-9.el7 graphviz-ruby-2.30.1-19.el7 ocaml-calendar-2.03.2-5.el7 ocaml-xml-light-2.3-0.6.svn234.el7 graphviz-perl-2.30.1-19.el7 graphviz-devel-2.30.1-19.el7 ocaml-hivex-devel-1.3.10-5.7.sl7 brlapi-devel-0.6.0-9.el7 graphviz-guile-2.30.1-19.el7 ruby-hivex-1.3.10-5.7.sl7 ocaml-curses-devel-1.0.3-18.el7 brltty-docs-4.5-9.el7 graphviz-lua-2.30.1-19.el7 brltty-4.5-9.el7 hivex-1.3.10-5.7.sl7 graphviz-java-2.30.1-19.el7 ocaml-camlp4-4.01.0-22.7.el7_2 ocaml-4.01.0-22.7.el7_2 graphviz-2.30.1-19.el7 ocaml-libvirt-0.6.1.2-10.el7 ocaml-source-4.01.0-22.7.el7_2 brlapi-java-0.6.0-9.el7 ocaml-docs-4.01.0-22.7.el7_2 graphviz-python-2.30.1-19.el7 ocaml-csv-1.2.3-6.el7 graphviz-graphs-2.30.1-19.el7 python-brlapi-0.6.0-9.el7 ocaml-findlib-devel-1.3.3-6.el7 ocaml-debuginfo-4.01.0-22.7.el7_2 ocaml-runtime-4.01.0-22.7.el7_2 python-hivex-1.3.10-5.7.sl7 ocaml-extlib-1.5.3-5.el7 ocaml-fileutils-devel-0.4.4-7.el7 ocaml-compiler-libs-4.01.0-22.7.el7_2 graphviz-php-2.30.1-19.el7 ocaml-x11-4.01.0-22.7.el7_2 graphviz-doc-2.30.1-19.el7 ocaml-xml-light-devel-2.3-0.6.svn234.el7 ocaml-labltk-4.01.0-22.7.el7_2 ocaml-extlib-devel-1.5.3-5.el7 brltty-at-spi-4.5-9.el7 ocaml-calendar-devel-2.03.2-5.el7 ocaml-hivex-1.3.10-5.7.sl7 ocaml-labltk-devel-4.01.0-22.7.el7_2 ocaml-gettext-0.3.4-13.el7 brltty-xw-4.5-9.el7 ocaml-emacs-4.01.0-22.7.el7_2 ocaml-camlp4-devel-4.01.0-22.7.el7_2 brlapi-0.6.0-9.el7 ocaml-csv-devel-1.2.3-6.el7 ocaml-libvirt-devel-0.6.1.2-10.el7 ocaml-fileutils-0.4.4-7.el7 perl-hivex-1.3.10-5.7.sl7 hivex-devel-1.3.10-5.7.sl7 ocaml-ocamldoc-4.01.0-22.7.el7_2 ocaml-gettext-devel-0.3.4-13.el7 ocaml-brlapi-0.6.0-9.el7 ocaml-findlib-1.3.3-6.el7 graphviz-gd-2.30.1-19.el7 ocaml-curses-1.0.3-18.el7 ocaml-labltk-devel-4.01.0-22.2.el7

174984 - Scientific Linux Security ERRATA Important: thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64 (1607-390)

Category: SSH Module -> NonIntrusive -> Scientific Linux Patches and HotFixes Risk Level: Medium CVE: CVE-2016-2818

Description The scan detected that the host is missing the following update: Security ERRATA Important: thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64 (1607-390)

SL5 x86_64 thunderbird-45.2-1.el5_11 thunderbird-debuginfo-45.2-1.el5_11 i386 thunderbird-45.2-1.el5_11 thunderbird-debuginfo-45.2-1.el5_11

SL7 x86_64 thunderbird-45.2-1.el7_2 thunderbird-debuginfo-45.2-1.el7_2

SL6 x86_64 thunderbird-debuginfo-45.2-1.el6_8 thunderbird-45.2-1.el6_8 i386 thunderbird-debuginfo-45.2-1.el6_8 thunderbird-45.2-1.el6_8

182011 - FreeBSD quassel Remote Denial Of Service (7d64d00c-43e3-11e6-ab34-002590263bf5)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-4414

Description The scan detected that the host is missing the following update: quassel -- remote denial of service (7d64d00c-43e3-11e6-ab34-002590263bf5)

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.vuxml.org/freebsd/7d64d00c-43e3-11e6-ab34-002590263bf5.html Affected packages: quassel < 0.12.4

130534 - Debian Linux 8.0 DSA-3617-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Medium CVE: CVE-2015-3219, CVE-2016-4428

Description The scan detected that the host is missing the following update: DSA-3617-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2016/dsa-3617

Debian 8.0 all python-django-horizon_2014.1.3-7+deb8u2 openstack-dashboard-apache_2014.1.3-7+deb8u2 openstack-dashboard_2014.1.3-7+deb8u2

88789 - Slackware Linux 14.0, 14.1, 14.2 SSA:2016-189-01 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Slackware Patches and Hotfixes Risk Level: Low CVE: CVE-2016-2119

Description The scan detected that the host is missing the following update: SSA:2016-189-01

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.447238

Slackware 14.0 x86_64 samba-4.2.14-x86_64-1

Slackware 14.2 x86_64 samba-4.4.5-x86_64-1 i586 samba-4.4.5-i586-1

Slackware 14.1 x86_64 samba-4.2.14-x86_64-1 182009 - FreeBSD ruby-saml XML Signature Wrapping Attack (3fcd52b2-4510-11e6-a15f-00248c0c745d)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Low CVE: CVE-2016-5697

Description The scan detected that the host is missing the following update: ruby-saml -- XML signature wrapping attack (3fcd52b2-4510-11e6-a15f-00248c0c745d)

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.vuxml.org/freebsd/3fcd52b2-4510-11e6-a15f-00248c0c745d.html

Affected packages: rubygem-ruby-saml < 1.3.0

182010 - FreeBSD samba Client Side SMB2/3 Required Signing Can Be Downgraded (4729c849-4897-11e6-b704- 000c292e4fd8)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Low CVE: CVE-2016-2119

Description The scan detected that the host is missing the following update: samba -- client side SMB2/3 required signing can be downgraded (4729c849-4897-11e6-b704-000c292e4fd8)

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.vuxml.org/freebsd/4729c849-4897-11e6-b704-000c292e4fd8.html

Affected packages: 4.0.0 <= samba4 <= 4.0.26 4.1.0 <= samba41 <= 4.1.23 4.2.0 <= samba42 < 4.2.14 4.3.0 <= samba43 < 4.3.11 4.4.0 <= samba44 < 4.4.5

185348 - Ubuntu Linux 12.04, 14.04, 15.10, 16.04 USN-3028-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: Low CVE: CVE-2016-1951

Description The scan detected that the host is missing the following update: USN-3028-1 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.ubuntu.com/archives/ubuntu-security-announce/2016-July/003495.html

Ubuntu 12.04 libnspr4_4.12-0ubuntu0.12.04.1

Ubuntu 16.04 libnspr4_4.12-0ubuntu0.16.04.1

Ubuntu 15.10 libnspr4_4.12-0ubuntu0.15.10.1

Ubuntu 14.04 libnspr4_4.12-0ubuntu0.14.04.1

185349 - Ubuntu Linux 16.04 USN-3027-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: Low CVE: CVE-2016-3092

Description The scan detected that the host is missing the following update: USN-3027-1

Ubuntu 16.04 tomcat8_8.0.32-1ubuntu1.1

185350 - Ubuntu Linux 12.04, 14.04, 15.10 USN-3031-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: Low CVE: CVE-2016-2365, CVE-2016-2366, CVE-2016-2367, CVE-2016-2368, CVE-2016-2369, CVE-2016-2370, CVE-2016-2371, CVE- 2016-2372, CVE-2016-2373, CVE-2016-2374, CVE-2016-2375, CVE-2016-2376, CVE-2016-2377, CVE-2016-2378, CVE-2016-2380, CVE-2016-4323

Description The scan detected that the host is missing the following update: USN-3031-1

Ubuntu 12.04 libpurple0_2.10.3-0ubuntu1.7

Ubuntu 15.10 libpurple0_2.10.11-0ubuntu4.2

Ubuntu 14.04 libpurple0_2.10.9-0ubuntu3.3

185352 - Ubuntu Linux 12.04, 14.04, 15.10, 16.04 USN-3030-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: Low CVE: CVE-2013-7456, CVE-2016-5116, CVE-2016-5766, CVE-2016-6128, CVE-2016-6161

Description The scan detected that the host is missing the following update: USN-3030-1

Ubuntu 12.04 libgd2-noxpm_2.0.36~rc1~dfsg-6ubuntu2.2 libgd2-xpm_2.0.36~rc1~dfsg-6ubuntu2.2

Ubuntu 16.04 libgd3_2.1.1-4ubuntu0.16.04.2

Ubuntu 15.10 libgd3_2.1.1-4ubuntu0.15.10.2

Ubuntu 14.04 libgd3_2.1.0-3ubuntu0.2

ENHANCED CHECKS

The following checks have been updated. Enhancements may include optimizations, changes that reflect new information on a vulnerability and anything else that improves upon an existing FSL check. 16914 - Oracle WebLogic Server Critical Patch Update July 2014

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2013-5855, CVE-2014-2479, CVE-2014-2480, CVE-2014-2481, CVE-2014-4201, CVE-2014-4202, CVE-2014-4210, CVE- 2014-4217, CVE-2014-4241, CVE-2014-4242, CVE-2014-4253, CVE-2014-4254, CVE-2014-4255, CVE-2014-4256, CVE-2014-4267