Amazon Linux AMI : php70 (ALAS-2017-812)

Integer overflow in gdio.c in the GD Graphics Library aka libgd before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image. CVE-2016-10168 In all versions of PHP 7, during the unserialization process, resizing the...

Amazon Linux AMI : php56 (ALAS-2017-808)

Integer overflow in gdio.c in the GD Graphics Library aka libgd before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.CVE-2016-10168 The objectcommon1 function in ext/standard/varunserializer.c in PHP before...

Amazon Linux AMI : curl (ALAS-2017-806)

libcurl's implementation of the printf functions triggers a buffer overflow when doing a large floating point output. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks. This flaw does not exist in the comman...

Amazon Linux AMI : openjpeg (ALAS-2017-807)

Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. CVE-2016-5139 , CVE-2016-5158 , CVE-2016-5159 , CVE-2016-7163 A...

Amazon Linux AMI : openssl (ALAS-2017-803)

An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite. CVE-2017-3731 A denial of service flaw was found in the way the TLS/SSL...

Amazon Linux AMI : libtiff / compat-libtiff3 (ALAS-2017-802)

Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. CVE-2016-9533 , CVE-2016-9534 ,...

Amazon Linux AMI : exim (ALAS-2017-804)

It was found that Exim leaked DKIM signing private keys to the 'mainlog' log file. As a result, an attacker with access to system log files could potentially access these leaked DKIM private keys. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extract...

Amazon Linux AMI : python-crypto (ALAS-2017-801)

A heap-buffer overflow vulnerability was discovered in cryptopp. This vulnerability can be used to remotely gain access to shell. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AMI Security Advisory ALAS-2017-801...

Amazon Linux AMI : mysql51 (ALAS-2017-800)

It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server...

Amazon Linux AMI : tomcat7 / tomcat8 (ALAS-2017-796)

A bug in the error handling of the send file code for the NIO HTTP connector resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information...

Amazon Linux AMI : bind (ALAS-2017-798)

A denial of service flaw was found in the way BIND handled a query response containing inconsistent DNSSEC information. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. C Tenable Network Security, Inc. The...

Amazon Linux AMI : openldap (ALAS-2017-799)

A flaw was found in the way OpenLDAP parsed OpenSSL-style cipher strings. As a result, OpenLDAP could potentially use ciphers that were not intended to be enabled. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AMI Security...

Amazon Linux AMI : subversion / mod_dav_svn (ALAS-2017-794)

It was discovered that Subversion's moddontdothat module and Subversion clients using https:// are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. An authenticated remote attacker can cause denial-of-service conditions on the server using moddontdothat by...

Amazon Linux AMI : krb5 (ALAS-2017-793)

A NULL pointer dereference flaw was found in MIT Kerberos kadmind service. An authenticated attacker with permission to modify a principal entry could use this flaw to cause kadmind to dereference a NULL pointer and crash by supplying an empty DB argument to the modifyprincipal command, if kadmin...

Amazon Linux AMI : glibc (ALAS-2017-792)

A stack overflow vulnerability was found in nssdnsgetnetbynamer. On systems with nsswitch configured to include 'networks: dns' with a privileged or network-facing service that would attempt to resolve user-provided network names, an attacker could provide an excessively long network name,...

Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2017-795)

It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's memory and completely bypass Java sandbox restrictions. CVE-2016-558...

Amazon Linux AMI : php56 (ALAS-2017-787)

A vulnerability was found in gd. Integer underflow in a calculation in dynamicGetbuf was incorrectly handled, leading in some circumstances to an out of bounds write through a very large argument to memcpy. An attacker could create a crafted image that would lead to a crash or, potentially, code...

Amazon Linux AMI : mysql56 (ALAS-2017-790)

The following security-related issues were fixed : CVE-2016-8318 Server: Security: Encryption unspecified vulnerability CVE-2016-8327 Server: Replication unspecified vulnerability CVE-2017-3238 Server: Optimizer unspecified vulnerability CVE-2017-3244 Server: DML unspecified vulnerability...

Amazon Linux AMI : php70 (ALAS-2017-788)

The SplObjectStorage unserialize implementation in ext/spl/splobserver.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service uninitialized memory access via crafted serialized data. CVE-2016-7480...

Amazon Linux AMI : mysql55 (ALAS-2017-789)

The following security-related issues were fixed : CVE-2017-3238 Server: Optimizer unspecified vulnerability CVE-2017-3243 Server: Charsets unspecified vulnerability CVE-2017-3244 Server: DML unspecified vulnerability CVE-2017-3258 Server: DDL unspecified vulnerability CVE-2017-3313 Server: MyISA...