Amazon Linux AMI : ca-certificates (ALAS-2014-281)

It was found that a subordinate Certificate Authority CA mis-issued an intermediate certificate, which could be used to conduct man-in-the-middle attacks. This update renders that particular intermediate certificate as untrusted. C Tenable Network Security, Inc. The descriptive text and package...

Amazon Linux AMI : openjpeg (ALAS-2014-271)

Multiple heap-based buffer overflow flaws were found in OpenJPEG. An attacker could create a specially crafted OpenJPEG image that, when opened, could cause an application using openjpeg to crash or, possibly, execute arbitrary code with the privileges of the user running the application...

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2014-280)

An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger Java Virtual Machine memory corruption when processed. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions...

Amazon Linux AMI : libXfont (ALAS-2014-282)

A stack-based buffer overflow flaw was found in the way the libXfont library parsed Glyph Bitmap Distribution Format BDF fonts. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. CVE-2013-6462 C Tenable Network Security,...

Amazon Linux AMI : bind (ALAS-2014-287)

A denial of service flaw was found in the way BIND handled queries for NSEC3-signed zones. A remote attacker could use this flaw against an authoritative name server that served NCES3-signed zones by sending a specially crafted query, which, when processed, would cause named to crash. CVE-2014-05...

Amazon Linux AMI : munin (ALAS-2014-275)

The getgrouptree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service infinite loop and memory consumption in the munin-html process via crafted multigraph data. Munin::Master::Node in Munin before 2.0.18 allows remote attackers to cau...

Amazon Linux AMI : mod_nss (ALAS-2013-253)

A flaw was found in the way modnss handled the NSSVerifyClient setting for the per-directory context. When configured to not require a client certificate for the initial connection and only require it for a specific directory, modnss failed to enforce this requirement and allowed a client to acce...

Amazon Linux AMI : glibc (ALAS-2013-270)

Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions pvalloc, valloc, and memalign. If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of t...

Amazon Linux AMI : ganglia (ALAS-2013-268)

Cross-site scripting XSS vulnerability in header.php in Ganglia Web 3.5.8 and 3.5.10 allows remote attackers to inject arbitrary web script or HTML via the hostregex parameter to the default URI, which is processed by getcontext.php. C Tenable Network Security, Inc. The descriptive text and packa...

Amazon Linux AMI : nspr (ALAS-2013-266)

A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. CVE-2013-5605 It was found that the fix for...

Amazon Linux AMI : nss (ALAS-2013-265)

A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. CVE-2013-5605 It was found that the fix for...

Amazon Linux AMI : subversion (ALAS-2013-269)

The isthislegal function in moddontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service resource consumption via a relative URL in a REPORT request. The getparentresource...

Amazon Linux AMI : php (ALAS-2013-262)

The asn1timetotimet function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse 1 notBefore and 2 notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service memory...

Amazon Linux AMI : php54 (ALAS-2013-263)

A memory corruption flaw was found in the way the opensslx509parse function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the...

Amazon Linux AMI : libjpeg-turbo (ALAS-2013-267)

An uninitialized memory read issue was found in the way libjpeg-turbo decoded images with missing Start Of Scan SOS JPEG markers or Define Huffman Table DHT JPEG markers. A remote attacker could create a specially crafted JPEG image that, when decoded, could possibly lead to a disclosure of...

Amazon Linux AMI : php55 (ALAS-2013-264)

A memory corruption flaw was found in the way the opensslx509parse function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the...

Amazon Linux AMI : sudo (ALAS-2013-259)

A flaw was found in the way sudo handled time stamp files. An attacker able to run code as a local user and with the ability to control the system clock could possibly gain additional privileges by running commands that the victim user was allowed to run via sudo, without knowing the victim's...

Amazon Linux AMI : coreutils (ALAS-2013-261)

It was discovered that the sort, uniq, and join utilities did not properly restrict the use of the alloca function. An attacker could use this flaw to crash those utilities by providing long input strings. CVE-2013-0221 , CVE-2013-0222 , CVE-2013-0223 C Tenable Network Security, Inc. The...

Amazon Linux AMI : 389-ds-base (ALAS-2013-255)

It was discovered that the 389 Directory Server did not properly handle certain Get Effective Rights GER search queries when the attribute list, which is a part of the query, included several names using the '@' character. An attacker able to submit search queries to the 389 Directory Server coul...

Amazon Linux AMI : xorg-x11-server (ALAS-2013-260)

A flaw was found in the way the X.org X11 server registered new hot plugged devices. If a local user switched to a different session and plugged in a new device, input from that device could become available in the previous session, possibly leading to information disclosure. CVE-2013-1940 C...