Amazon Linux AMI : httpd24 (ALAS-2014-309)

The logcookie function in modlogconfig.c in the modlogconfig module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service segmentation fault and daemon crash via a crafted cookie that is not properly handled during truncation. C Tenable Network Security, Inc...

Amazon Linux AMI : yum (ALAS-2014-315)

The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and earlier does not properly check the return value of the sigCheckPkg function, which allows remote attackers to bypass the RMP package signing restriction via an unsigned package. C Tenable Network Security, Inc. The descriptive...

Amazon Linux AMI : net-snmp (ALAS-2014-316)

A buffer overflow flaw was found in the way the decodeicmpmsg function in the ICMP-MIB implementation processed Internet Control Message Protocol ICMP message statistics reported in the /proc/net/snmp file. A remote attacker could send a message for each ICMP message type, which could potentially...

Amazon Linux AMI : kernel (ALAS-2014-317)

The sctpsfdo51Dce function in net/sctp/smstatefuns.c in the Linux kernel through 3.13.6 does not validate certain authenable and authcapable fields before making an sctpsfauthenticate call, which allows remote attackers to cause a denial of service NULL pointer dereference and system crash via an...

Amazon Linux AMI : subversion (ALAS-2014-318)

A flaw was found in the way the moddavsvn module handled OPTIONS requests. A remote attacker with read access to an SVN repository served via HTTP could use this flaw to cause the httpd process that handled such a request to crash. The getresource function in repos.c in the moddavsvn module in...

Amazon Linux AMI : mutt (ALAS-2014-310)

A heap-based buffer overflow flaw was found in the way mutt processed certain email headers. A remote attacker could use this flaw to send an email with specially crafted headers that, when processed, could cause mutt to crash or, potentially, execute arbitrary code with the permissions of the us...

Amazon Linux AMI : php54 (ALAS-2014-313)

A denial of service flaw was found in the way the File Information fileinfo extension handled indirect rules. A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU. C Tenable Network Security, Inc. The descriptive text and...

Amazon Linux AMI : 389-ds-base (ALAS-2014-311)

It was discovered that the 389 Directory Server did not properly handle certain SASL-based authentication mechanisms. A user able to authenticate to the directory using these SASL mechanisms could connect as any other directory user, including the administrative Directory Manager account. This...

Amazon Linux AMI : kernel Privilege Escalation (ALAS-2013-190)

A flaw was found in the way index into perfsweventenabled array was sanitized. A local, unprivileged user could leverage this flaw to gain elevated privileges on the system. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AM...

Amazon Linux AMI : postgresql9 (ALAS-2014-306)

Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions ...

Amazon Linux AMI : postgresql8 (ALAS-2014-305)

Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions ...

Amazon Linux AMI : libtiff (ALAS-2014-307)

A heap-based buffer overflow and a use-after-free flaw were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. CVE-2013-1960 , CVE-2013-4232 Multiple buffer overflow flaws...

Amazon Linux AMI : file (ALAS-2014-304)

Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service infinite recursion, CPU consumption, and crash via a crafted indirect offset value in the magic of a file. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

Amazon Linux AMI : numpy (ALAS-2014-302)

f2py insecurely uses a temporary file. A local attacker could use this flaw to perform a symbolic link attack to modify an arbitrary file accessible to the user running f2py. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux A...

Amazon Linux AMI : openswan (ALAS-2014-303)

A NULL pointer dereference flaw was discovered in the way Openswan's IKE daemon processed IKEv2 payloads. A remote attacker could send specially crafted IKEv2 payloads that, when processed, would lead to a denial of service daemon crash, possibly causing existing VPN connections to be dropped...

Amazon Linux AMI : graphviz-php (ALAS-2014-297)

Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a 'badly formed number' and a 'long digit list.' Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphvi...

Amazon Linux AMI : socat (ALAS-2014-300)

Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service segmentation fault via a long server name in the PROXY-CONNECT address in the command line. C Tenable Network Security, Inc. The descriptive text and package...

Amazon Linux AMI : graphviz (ALAS-2014-296)

Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a 'badly formed number' and a 'long digit list.' Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphvi...

Amazon Linux AMI : mysql51 (ALAS-2014-298)

This update fixes several vulnerabilities in the MySQL database server. CVE-2014-0386 , CVE-2014-0393 , CVE-2014-0401 , CVE-2014-0402 , CVE-2014-0412 , CVE-2014-0437 , CVE-2013-5908 A buffer overflow flaw was found in the way the MySQL command line client tool mysql processed excessively long...

Amazon Linux AMI : gnutls (ALAS-2014-301)

It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by...