Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2013-156)

Multiple improper permission check issues were discovered in the AWT, CORBA, JMX, Libraries, and Beans components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. CVE-2013-0442 , CVE-2013-0445 , CVE-2013-0441 , CVE-2013-1475 ,...

Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2012-88)

Multiple flaws were discovered in the CORBA Common Object Request Broker Architecture implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandbox restrictions or modify immutable object data. CVE-2012-1711 , CVE-2012-1719 It was discovered that the...

Amazon Linux AMI : mysql (ALAS-2012-44)

This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. CVE-2011-2262 , CVE-2012-0075 , CVE-2012-0087 , CVE-2012-0101 , CVE-2012-0102 , CVE-2012-0112 ,...

Amazon Linux AMI : libxml2 (ALAS-2012-134)

Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way libxml2 handled documents that enable entity expansion. A remote attacker could provide a large, specially crafted XML file that, when opened in an application linked against libxml2, would cause the...

Amazon Linux AMI : freetype (ALAS-2012-66)

Multiple flaws were found in the way FreeType handled fonts in various formats. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

Amazon Linux AMI : net-snmp (ALAS-2012-97)

An array index error, leading to an out-of-bounds buffer read flaw, was found in the way the net-snmp agent looked up entries in the extension table. A remote attacker with read privileges to a Management Information Base MIB subtree handled by the 'extend' directive in '/etc/snmp/snmpd.conf' cou...

Amazon Linux AMI : lighttpd (ALAS-2012-107)

Integer signedness error in the base64decode function in the HTTP authentication functionality httpauth.c in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service segmentation fault via crafted base64 input that triggers an out-of-bounds...

Amazon Linux AMI : ghostscript (ALAS-2012-42)

An integer overflow flaw was found in Ghostscript's TrueType bytecode interpreter. An attacker could create a specially crafted PostScript or PDF file that, when interpreted, could cause Ghostscript to crash or, potentially, execute arbitrary code. CVE-2009-3743 It was found that Ghostscript alwa...

Amazon Linux AMI : mysql55 (ALAS-2013-187)

This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found in the References section. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AMI Security Advisory ALAS-2013-18...

Amazon Linux AMI : nss (ALAS-2013-149)

It was found that a Certificate Authority CA mis-issued two intermediate certificates to customers. These certificates could be used to launch man-in-the-middle attacks. This update renders those certificates as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and code...

Amazon Linux AMI : httpd (ALAS-2011-09)

The MITRE CVE database describes these CVEs as : The modproxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which...

Amazon Linux AMI : httpd (ALAS-2012-46)

It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request, or by using a specially crafted URI...

Amazon Linux AMI : puppet (ALAS-2011-11)

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files. Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users ...

Amazon Linux AMI : php (ALAS-2012-41)

It was discovered that the fix for CVE-2011-4885 introduced an uninitialized memory use flaw. A remote attacker could send a specially crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code. C Tenable Network Security, Inc. The descriptive text and package...

Amazon Linux AMI : php (ALAS-2011-07)

The MITRE CVE database describes these CVEs as : Revert isa behavior to php = 5.3.6 and add a new new option allowstring for the new behavior accept string and raise autoload if needed Use-after-free vulnerability in the substrreplace function in PHP 5.3.6 and earlier allows context-dependent...

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2013-162)

Multiple improper permission check issues were discovered in the JMX and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. CVE-2013-1486 , CVE-2013-1484 An improper permission check issue was discovered in the...

Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2013-163)

An improper permission check issue was discovered in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. CVE-2013-1486 It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted...

Amazon Linux AMI : openssl (ALAS-2013-171)

It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a paddi...

Amazon Linux AMI : php (ALAS-2012-37)

It was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash value, a large amount of CPU time would be consumed. This flaw has been mitigated by...

Amazon Linux AMI : openssh (ALAS-2013-165)

Due to the way the pamsshagentauth PAM module was built, the glibc's error function was called rather than the intended error function in pamsshagentauth to report errors. As these two functions expect different arguments, it was possible for an attacker to cause an application using...