Medium: krb5

Issue Overview: Authentication bypass by improper validation of certificate EKU and SAN An authentication bypass flaw was found in the way krb5's certauth interface handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to...

Low: libvpx

Issue Overview: Denial of service DoS in vpx/src/vpximage.c file A vulnerability in the Android media framework libvpx related to odd frame width.CVE-2017-13194 Affected Packages: libvpx Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the...

Medium: golang

Issue Overview: Arbitrary code execution during go get or go get -d Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points t...

Medium: libvncserver

Issue Overview: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or...

Amazon Linux 2 : openssl (ALAS-2018-1004)

bnsqrx8xinternal carry bug on x8664 There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to...

Amazon Linux 2 : PackageKit (ALAS-2018-1006)

Authentication bypass allows to install signed packages without administrator privileges An authentication bypass flaw has been found in PackageKit that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable...

Amazon Linux AMI : python34 / python35,python36,python27 (ALAS-2018-1003)

DOS via regular expression catastrophic backtracking in apop method in pop3lib A flaw was found in the way catastrophic backtracking was implemented in python's pop3lib's apop method. An attacker could use this flaw to cause denial of service. CVE-2018-1060 DOS via regular expression backtracking...

Amazon Linux 2 : pcs (ALAS-2018-1005)

Debug parameter removal bypass, allowing information disclosure It was found that the REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to...

Important: pcs

Issue Overview: Debug parameter removal bypass, allowing information disclosure It was found that the REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use...

Medium: PackageKit

Issue Overview: Authentication bypass allows to install signed packages without administrator privileges An authentication bypass flaw has been found in PackageKit that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install...

Medium: openssl

Issue Overview: bnsqrx8xinternal carry bug on x8664 There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be...

Amazon Linux AMI : stunnel / amazon-efs-utils (ALAS-2018-996)

This update adds the checkHost option to stunnel, which verifies the host of the peer certificate subject. Certificates are accepted if no checkHost option was specified, or the host name of the peer certificate matches any of the hosts specified with checkHost. This update adds the OCSPaia optio...

Amazon Linux 2 : curl (ALAS-2018-995)

FTP path trickery leads to NIL byte out of bounds write : It was found that libcurl did not safely parse FTP URLs when using the CURLOPTFTPFILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location,...

Amazon Linux AMI : exim (ALAS-2018-997)

This is an update fixeing dec64table OOB read in b64decode. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AMI Security Advisory ALAS-2018-997. include"compat.inc"; if description scriptid109186; scriptversion"1.1";...

Amazon Linux AMI : curl (ALAS-2018-995)

FTP path trickery leads to NIL byte out of bounds write : It was found that libcurl did not safely parse FTP URLs when using the CURLOPTFTPFILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location,...

Amazon Linux AMI : kernel (ALAS-2018-993)

Missing length check of payload in net/sctp/smmakechunk.c:sctpmakechunk function allows denial of service : An error in the 'sctpmakechunk' function net/sctp/smmakechunk.c when handling SCTP, packet length can be exploited by a malicious local user to cause a kernel crash and a DoS. CVE-2018-5803...

Amazon Linux 2 : kernel (ALAS-2018-994)

Race condition in the storeintwithrestart function in cpu/mcheck/mce.c : A race condition in the storeintwithrestart function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel allows local users to cause a denial of service panic by leveraging root access to write to the checkinterval file ...

Amazon Linux 2 : slf4j (ALAS-2018-999)

Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution : An XML deserialization vulnerability was discovered in slf4j's EventData which accepts anXML serialized string and can lead to arbitrary code execution. CVE-2018-8088 C Tenable Network Security, Inc. T...

Amazon Linux 2 : librelp (ALAS-2018-998)

Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c : rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote...

Medium: curl

Issue Overview: FTP path trickery leads to NIL byte out of bounds write: It was found that libcurl did not safely parse FTP URLs when using the CURLOPTFTPFILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an...