Amazon Linux AMI : freetype (ALAS-2015-502)

Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handled Mac fonts. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially,...

Amazon Linux AMI : file (ALAS-2015-497)

The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes. CVE-2014-9620 The ELF parser readelf.c in file before 5.21 allows remote attackers to cause a denial of service CPU consumption or crash via a large number of 1 program or 2...

Amazon Linux AMI : glibc (ALAS-2015-495)

An out-of-bounds read flaw was found in the way glibc's iconv function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv function with a specially crafted argument could use this flaw to crash that application. CVE-2014-6040 It was found that the file...

Amazon Linux AMI : php55 (ALAS-2015-494) (GHOST)

A heap-based buffer overflow was found in glibc's nsshostnamedigitsdots function, which is used by the gethostbyname and gethostbyname2 glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the...

Amazon Linux AMI : openssl (ALAS-2015-498)

A use-after-free flaw was found in the way OpenSSL importrf certain Elliptic Curve private keys. An attacker could use this flaw to crash OpenSSL, if a specially crafted certificate was imported. CVE-2015-0209 A denial of service flaw was found in the way OpenSSL handled certain SSLv2 messages. A...

Amazon Linux AMI : bind (ALAS-2015-490)

A flaw was found in the way BIND handled trust anchor management. A remote attacker could use this flaw to cause the BIND daemon named to crash under certain conditions. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AMI...

Amazon Linux AMI : php54 (ALAS-2015-493) (GHOST)

A heap-based buffer overflow was found in glibc's nsshostnamedigitsdots function, which is used by the gethostbyname and gethostbyname2 glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the...

Amazon Linux AMI : kernel (ALAS-2015-491)

It was reported that stack address is not properly randomized on some 64 bit architectures due to an integer overflow. The stack entropy of the processes is reduced by four. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AM...

Amazon Linux AMI : postgresql92 (ALAS-2015-492)

A buffer overflow flaw was found in the way PostgreSQL handled certain numeric formatting. An authenticated database user could use a specially crafted timestamp formatting template to cause PostgreSQL to crash or, under certain conditions, execute arbitrary code with the permissions of the user...

Amazon Linux AMI : kernel (ALAS-2015-489)

A flaw was found in the way the Linux kernel's XFS file system handled replacing of remote attributes under certain conditions. A local user with access to XFS file system mount could potentially use this flaw to escalate their privileges on the system. C Tenable Network Security, Inc. The...

Amazon Linux AMI : graphviz-php (ALAS-2015-488)

Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string. C Tenable Network Security, Inc. The descriptive text and...

Amazon Linux AMI : graphviz (ALAS-2015-487)

Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string. C Tenable Network Security, Inc. The descriptive text and...

Amazon Linux AMI : clamav (ALAS-2015-486)

ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a 'heap out of bounds condition.' C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AMI Security Advisory...

Amazon Linux AMI : httpd24 (ALAS-2015-483)

modlua.c in the modlua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access...

Amazon Linux AMI : php55 (ALAS-2015-474)

sapi/cgi/cgimain.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a character and lacks a newline character, whi...

Amazon Linux AMI : perl-YAML-LibYAML (ALAS-2015-482)

An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. C Tenable Network Security, Inc. The descriptive text and package checks in this plug...

Amazon Linux AMI : libyaml (ALAS-2015-481)

An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. CVE-2014-9130 C Tenable Network Security, Inc. The descriptive text and package check...

Amazon Linux AMI : puppet (ALAS-2015-484)

Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan...

Amazon Linux AMI : kernel (ALAS-2015-476)

The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the...

Amazon Linux AMI : e2fsprogs (ALAS-2015-478)

A heap-based buffer overflow flaw was found in e2fsprogs. A specially crafted Ext2/3/4 file system could cause an application using the ext2fs library for example, fsck to crash or, possibly, execute arbitrary code. C Tenable Network Security, Inc. The descriptive text and package checks in this...