Amazon Linux: Security Advisory (ALAS-2012-128)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux: Security Advisory (ALAS-2012-40)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux: Security Advisory (ALAS-2012-48)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux: Security Advisory (ALAS-2012-46)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux: Security Advisory (ALAS-2014-419)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux: Security Advisory (ALAS-2013-185)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux AMI : bind (ALAS-2015-594)

As discussed upstream, parsing a malformed DNSSEC key can cause a validating resolver to exit due to a failed assertion in buffer.c. It is possible for a remote attacker to deliberately trigger this condition, for example by using a query which requires a response from a zone containing a...

Amazon Linux AMI : pam (ALAS-2015-589)

It was discovered that the unixrunhelperbinary function of PAM's unixpam module could write to a blocking pipe, possibly causing the function to become unresponsive. An attacker able to supply large passwords to the unixpam module could use this flaw to enumerate valid user accounts, or cause a...

Amazon Linux AMI : ntp (ALAS-2015-593)

As discussed upstream, a flaw was found in the way ntpd processed certain remote configuration packets. Note that remote configuration is disabled by default in NTP. CVE-2015-5146 It was found that the :config command can be used to set the pidfile and driftfile paths without any restrictions. A...

Amazon Linux AMI : net-snmp (ALAS-2015-590)

It was discovered that the snmppduparse function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd...

Amazon Linux AMI : sqlite (ALAS-2015-591)

A flaw was found in the way SQLite handled dequoting of collation-sequence names. A local attacker could submit a specially crafted COLLATE statement that would crash the SQLite process, or have other unspecified impacts. CVE-2015-3414 It was found that SQLite's sqlite3VdbeExec function did not...

Amazon Linux AMI : openssh (ALAS-2015-592)

The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITORREQPAMINITCTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafte...

Amazon Linux AMI : subversion / mod_dav_svn (ALAS-2015-587)

The moddavsvn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service memory consumption via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes. CVE-2015-0202 An assertion failure flaw was found in the way the SVN server...

Amazon Linux AMI : golang / docker (ALAS-2015-588)

As discussed upstream -- here and here -- the Go project received notification of an HTTP request smuggling vulnerability in the net/http library. Invalid headers are parsed as valid headers like 'Content Length:' with a space in the middle and Double Content-length headers in a request does not...

Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2015-586) (Bar Mitzvah) (Logjam)

Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. CVE-2015-4760 , CVE-2015-2628 , CVE-2015-4731 , CVE-2015-2590 , CVE-2015-4732 , CVE-2015-4733 A flaw wa...

Amazon Linux AMI : httpd24 (ALAS-2015-579)

It was discovered that in httpd 2.4, the internal API function apsomeauthrequired could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied. CVE-2015-3185...

Amazon Linux AMI : wireshark (ALAS-2015-580)

Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. CVE-2014-8714 , CVE-2014-8712 , CVE-2014-8713 , CVE-2014-8711 , CVE-2014-8710 , CVE-2015-0562 , CVE-2015-0564 ,...

Amazon Linux AMI : mailman (ALAS-2015-582)

It was found that mailman did not sanitize the list name before passing it to certain MTAs. A local attacker could use this flaw to execute arbitrary code as the user running mailman. CVE-2015-2775 It was found that mailman stored private email messages in a world-readable directory. A local user...

Amazon Linux AMI : freeradius (ALAS-2015-581)

A stack-based buffer overflow was found in the way the FreeRADIUS rlmpap module handled long password hashes. An attacker able to make radiusd process a malformed password hash could cause the daemon to crash. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

Amazon Linux AMI : httpd (ALAS-2015-578)

Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP...