Amazon Linux AMI : xorg-x11-server (ALAS-2015-519)

A buffer over-read flaw was found in the way the X.Org server handled XkbGetGeometry requests. A malicious, authorized client could use this flaw to disclose portions of the X.Org server memory, or cause the X.Org server to crash using a specially crafted XkbGetGeometry request. CVE-2015-0255 C...

Amazon Linux AMI : python-tornado (ALAS-2015-521)

A denial of service flaw was found in the way Python's SSL module implementation performed matching of certain certificate names. A remote attacker able to obtain a valid certificate that contained multiple wildcard characters could use this flaw to issue a request to validate such a certificate,...

Amazon Linux AMI : krb5 (ALAS-2015-518)

A use-after-free flaw was found in the way the MIT Kerberos libgssapikrb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library libgssapi could call the gssprocesscontexttoken function and use this flaw to crash that application...

Amazon Linux AMI : glibc (ALAS-2015-513)

A buffer overflow flaw was found in the way glibc's gethostbynamer and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the...

Amazon Linux AMI : curl (ALAS-2015-514)

It was discovered that libcurl could incorrectly reuse NTLM-authenticated connections for subsequent unauthenticated requests to the same host. If an application using libcurl established an NTLM-authenticated connection to a server, and sent subsequent unauthenticed requests to the same server,...

Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2015-515)

An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox...

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2015-516)

An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox...

Amazon Linux AMI : python-botocore (ALAS-2015-512)

A flaw was found in the way python-requests set the domain cookie parameter for certain HTTP responses. A remote attacker could use this flaw to modify a cookie to be sent to an arbitrary URL. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

Amazon Linux AMI : php56 (ALAS-2015-511)

A use-after-free flaw was found in PHP's OPcache extension. This flaw could possibly lead to a disclosure of portion of server memory. CVE-2015-1351 A NULL pointer dereference flaw was found in PHP's pgsql extension. A specially crafted table name passed to function as pginsert or pgselect could...

Amazon Linux AMI : php54 (ALAS-2015-509)

A buffer overflow vulnerability was found in PHP's phar PHP Archive implementation. See https://bugs.php.net/bug.php?id=69324 for more details. CVE-2015-2783 A use-after-free flaw was found in PHP's phar PHP Archive paths implementation. A malicious script author could possibly use this flaw to...

Amazon Linux AMI : php55 (ALAS-2015-510)

A use-after-free flaw was found in PHP's OPcache extension. This flaw could possibly lead to a disclosure of portion of server memory. CVE-2015-1351 A NULL pointer dereference flaw was found in PHP's pgsql extension. A specially crafted table name passed to function as pginsert or pgselect could...

Amazon Linux AMI : php55 (ALAS-2015-507)

A use-after-free flaw was found in the way PHP's unserialize function processed data. If a remote attacker was able to pass crafted input to PHP's unserialize function, they could cause the PHP interpreter to crash or, possibly, execute arbitrary code. CVE-2015-0231 An integer overflow flaw,...

Amazon Linux AMI : flac (ALAS-2015-505)

A buffer overflow flaw was found in the way flac decoded FLAC audio files. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash or execute arbitrary code when the file was read. CVE-2014-9028 A buffer over-read flaw was found...

Amazon Linux AMI : php54 (ALAS-2015-506)

A use-after-free flaw was found in the way PHP's unserialize function processed data. If a remote attacker was able to pass crafted input to PHP's unserialize function, they could cause the PHP interpreter to crash or, possibly, execute arbitrary code. CVE-2015-0231 An integer overflow flaw,...

Amazon Linux AMI : unzip (ALAS-2015-504)

A buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with unzip's '-t' option. CVE-2014-9636 A buffer overflow flaw was found in the way...

Amazon Linux AMI : postgresql8 (ALAS-2015-503)

An information leak flaw was found in the way the PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to execute by observing the constraint violation error messages produced when the...

Amazon Linux AMI : php56 (ALAS-2015-508)

A use-after-free flaw was found in the way PHP's unserialize function processed data. If a remote attacker was able to pass crafted input to PHP's unserialize function, they could cause the PHP interpreter to crash or, possibly, execute arbitrary code. CVE-2015-0231 An integer overflow flaw,...

Amazon Linux AMI : freetype (ALAS-2015-502)

Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handled Mac fonts. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially,...

Amazon Linux AMI : 389-ds-base (ALAS-2015-501)

An information disclosure flaw was found in the way the 389 Directory Server stored information in the Changelog that is exposed via the 'cn=changelog' LDAP sub-tree. An unauthenticated user could in certain cases use this flaw to read data from the Changelog, which could include sensitive...

Amazon Linux AMI : gpgme (ALAS-2015-500)

Multiple heap-based buffer overflows in the statushandler function in 1 engine-gpgsm.c and 2 engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via vectors related to 'different line lengths in a specific order.' C...