Amazon Linux AMI : curl (ALAS-2014-295)

cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request. C Tenable Network Security, Inc. The descriptive text and package checks in this plugi...

Amazon Linux AMI : kernel (ALAS-2014-289)

The pnrecvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a 1 recvfrom, 2 recvmmsg, ...

Amazon Linux AMI : python27 (ALAS-2014-293)

Buffer overflow in the socket.recvfrominto function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. C Tenable Network Security, Inc. The descriptive text and package checks in...

Amazon Linux AMI : ruby19 (ALAS-2014-290)

Algorithmic complexity vulnerability in Gem::Version::ANCHOREDVERSIONPATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service CP...

Amazon Linux AMI : python26 (ALAS-2014-292)

Buffer overflow in the socket.recvfrominto function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. C Tenable Network Security, Inc. The descriptive text and package checks in...

Amazon Linux AMI : openjpeg (ALAS-2014-271)

Multiple heap-based buffer overflow flaws were found in OpenJPEG. An attacker could create a specially crafted OpenJPEG image that, when opened, could cause an application using openjpeg to crash or, possibly, execute arbitrary code with the privileges of the user running the application...

Amazon Linux AMI : ca-certificates (ALAS-2014-281)

It was found that a subordinate Certificate Authority CA mis-issued an intermediate certificate, which could be used to conduct man-in-the-middle attacks. This update renders that particular intermediate certificate as untrusted. C Tenable Network Security, Inc. The descriptive text and package...

Amazon Linux AMI : gnupg (ALAS-2014-278)

GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not...

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2014-280)

An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger Java Virtual Machine memory corruption when processed. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions...

Amazon Linux AMI : libXfont (ALAS-2014-282)

A stack-based buffer overflow flaw was found in the way the libXfont library parsed Glyph Bitmap Distribution Format BDF fonts. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. CVE-2013-6462 C Tenable Network Security,...

Amazon Linux AMI : nss (ALAS-2014-274)

It was found that a subordinate Certificate Authority CA mis-issued an intermediate certificate, which could be used to conduct man-in-the-middle attacks. This update renders that particular intermediate certificate as untrusted. C Tenable Network Security, Inc. The descriptive text and package...

Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2014-283)

An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger a Java Virtual Machine memory corruption when processed. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions...

Amazon Linux AMI : graphviz-php (ALAS-2014-285)

Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AM...

Amazon Linux AMI : augeas (ALAS-2014-286)

A flaw was found in the way Augeas handled certain umask settings when creating new configuration files. This flaw could result in configuration files being created as world-writable, allowing unprivileged local users to modify their content. CVE-2013-6412 C Tenable Network Security, Inc. The...

Amazon Linux AMI : bind (ALAS-2014-287)

A denial of service flaw was found in the way BIND handled queries for NSEC3-signed zones. A remote attacker could use this flaw against an authoritative name server that served NCES3-signed zones by sending a specially crafted query, which, when processed, would cause named to crash. CVE-2014-05...

Amazon Linux AMI : munin (ALAS-2014-275)

The getgrouptree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service infinite loop and memory consumption in the munin-html process via crafted multigraph data. Munin::Master::Node in Munin before 2.0.18 allows remote attackers to cau...

Amazon Linux AMI : quagga (ALAS-2014-279)

The bgpattrunknown function in bgpattr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service bgpd crash via a crafted BGP update. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

Amazon Linux AMI : xorg-x11-server (ALAS-2014-277)

An integer overflow, which led to a heap-based buffer overflow, was found in the way X.Org server handled trapezoids. A malicious, authorized client could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with root privileges. CVE-2013-6424 C Tenable Network Security...

Amazon Linux AMI : openssl (ALAS-2014-273)

A flaw was found in the way OpenSSL determined which hashing algorithm to use when TLS protocol version 1.2 was enabled. This could possibly cause OpenSSL to use an incorrect hashing algorithm, leading to a crash of an application using the library. CVE-2013-6449 It was discovered that the Datagr...

Amazon Linux AMI : pixman (ALAS-2014-272)

An integer overflow, which led to a heap-based buffer overflow, was found in the way pixman handled trapezoids. If a remote attacker could trick an application using pixman into rendering a trapezoid shape with specially crafted coordinates, it could cause the application to crash or, possibly,...