Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2016-693)

It was discovered that the ObjectInputStream class in the Serialization component of OpenJDK failed to properly ensure thread consistency when deserializing serialized input. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. CVE-2016-0686 It was...

Amazon Linux AMI : kernel (ALAS-2016-694)

An integer overflow vulnerability was found in xtalloctableinfo, which on 32-bit systems can lead to small structure allocation and a copyfromuser based heap corruption. CVE-2016-3135 In the marksourcechains function net/ipv4/netfilter/iptables.c it is possible for a user-supplied iptentry...

Amazon Linux AMI : krb5 (ALAS-2016-691)

An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission,...

Amazon Linux AMI : golang (ALAS-2016-687)

An infinite loop in several big integer routines was discovered that makes Go programs vulnerable to remote denial of service attacks. Programs using HTTPS client authentication or the Go ssh server libraries are both exposed to this vulnerability. C Tenable Network Security, Inc. The descriptive...

Amazon Linux AMI : postgresql8 (ALAS-2016-689)

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code. C Tenable Network Security, Inc...

Amazon Linux AMI : foomatic (ALAS-2016-690)

It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands. CVE-2015-8560 It was discovered that the unhtmlify functio...

Linux Vulnerability Scanner: Vuls

Vulnerability scanner for Linux, agentless, written in golang For a system administrator, having to perform security vulnerability analysis and software update on a daily basis can be a burden. To avoid downtime in production environment, it is common for system administrator to choose not to use...

Amazon Linux AMI : samba (ALAS-2016-686) (Badlock)

Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server high CPU load or a crash or, possibly, execute arbitrary code with the permissions of the user running Samba root. Thi...

Amazon Linux AMI : php56 / php55 (ALAS-2016-685)

A stack overflow vulnerability was reported that may occur when decompressing tar archives due to phartarwriteheaders potentially copying non-terminated linknames from entries parsed by pharparsetarfile. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

Amazon Linux AMI : openssl098e (ALAS-2016-682) (DROWN)

A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. CVE-2015-0293 It was...

Amazon Linux AMI : libssh2 (ALAS-2016-683)

A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters. C Tenable Network Security, Inc. Th...

Amazon Linux AMI : openssh (ALAS-2016-675)

An access flaw was discovered in the OpenSSH client where it did not correctly handle failures to generate authentication cookies for untrusted X11 forwarding. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, eve...

Amazon Linux AMI : tomcat8 (ALAS-2016-679)

ResourceLinkFactory.setGlobalContext is a public method and was discovered to be accessible by web applications running under a security manager without any checks. This allowed a malicious web application to inject a malicious global context that could in turn be used to disrupt other web...

Amazon Linux AMI : mod_dav_svn / subversion (ALAS-2016-676)

It was found that when an SVN server both svnserve and httpd with the moddavsvn module searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable for example, if it had been moved. CVE-2015-3187 An integer overflow wa...

Amazon Linux AMI : samba (ALAS-2016-674)

A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this flaw to gain access to an arbitrary file or directory by overwriting its ACL. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon...

Amazon Linux AMI : GraphicsMagick (ALAS-2016-678)

An out-of-bounds read flaw was found in the parsing of GIF files using GraphicsMagick. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AMI Security Advisory ALAS-2016-678. include"compat.inc"; if description scriptid90271;...

Amazon Linux AMI : java-1.8.0-openjdk / java-1.7.0-openjdk (ALAS-2016-677)

An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AMI...

Amazon Linux AMI : tomcat6 (ALAS-2016-681)

A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. slash dot dot in a pathname used by a web application in a getResource, getResourceAsStream, or...

Amazon Linux AMI : tomcat7 (ALAS-2016-680)

ResourceLinkFactory.setGlobalContext is a public method and was discovered to be accessible by web applications running under a security manager without any checks. This allowed a malicious web application to inject a malicious global context that could in turn be used to disrupt other web...

Amazon Linux: Security Advisory (ALAS-2016-675)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...