Amazon Linux AMI : kernel (ALAS-2012-78)

The rioioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call. C Tenable Network Security, Inc. The descriptive text and package check...

Amazon Linux AMI : postgresql8 (ALAS-2012-129)

It was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges of the database server when parsing Extensible Stylesheet Language Transformations XSLT. An unprivileged database user could use this flaw to read and...

Amazon Linux AMI : bind (ALAS-2012-146)

A flaw was found in the DNS64 implementation in BIND. If a remote attacker sent a specially crafted query to a named server, named could exit unexpectedly with an assertion failure. Note that DNS64 support is not enabled by default. CVE-2012-5688 C Tenable Network Security, Inc. The descriptive...

Amazon Linux AMI : puppet (ALAS-2012-53)

Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login. The changeuser method in the SUIDManager...

Amazon Linux AMI : perl (ALAS-2013-177)

A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application...

Amazon Linux AMI : libpng (ALAS-2012-49)

A heap-based buffer overflow flaw was found in libpng. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. CVE-2011-3026 C Tenable...

Amazon Linux AMI : mesa (ALAS-2013-198)

An out-of-bounds access flaw was found in Mesa. If an application using Mesa exposed the Mesa API to untrusted inputs Mozilla Firefox does this, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application...

Amazon Linux AMI : openswan (ALAS-2013-192)

A buffer overflow flaw was found in Openswan. If Opportunistic Encryption were enabled 'oe=yes' in '/etc/ipsec.conf' and an RSA key configured, an attacker able to cause a system to perform a DNS lookup for an attacker-controlled domain containing malicious records such as by sending an email tha...

Amazon Linux AMI : php54 (ALAS-2013-206)

Heap-based buffer overflow in the phpquotprintencode function in ext/standard/quotprint.c in PHP before 5.3.26 and 5.4.x before 5.4.16 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted argument to the quotedprintableenco...

Amazon Linux AMI : nvidia (ALAS-2012-67)

The NVIDIA UNIX driver before 295.40 allows local users to access arbitrary memory locations by leveraging GPU device-node read/write privileges. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AMI Security Advisory...

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2013-168)

An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. CVE-2013-0809 It was...

Amazon Linux AMI : mysql55 (ALAS-2012-93)

sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remo...

Amazon Linux AMI : libxml2 (ALAS-2012-52)

It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added ...

Amazon Linux AMI : puppet (ALAS-2012-75)

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction...

Amazon Linux AMI : postgresql9 (ALAS-2012-91)

The cryptdes aka DES-based crypt function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an...

Amazon Linux AMI : openjpeg (ALAS-2012-111)

An input validation flaw, leading to a heap-based buffer overflow, was found in the way OpenJPEG handled the tile number and size in an image tile header. A remote attacker could provide a specially crafted image file that, when decoded using an application linked against OpenJPEG, would cause th...

Amazon Linux AMI : openssh (ALAS-2012-99)

A denial of service flaw was found in the OpenSSH GSSAPI authentication implementation. A remote, authenticated user could use this flaw to make the OpenSSH server daemon sshd use an excessive amount of memory, leading to a denial of service. GSSAPI authentication is enabled by default...

Amazon Linux AMI : ghostscript (ALAS-2012-127)

An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library icclib. An attacker could create a specially crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execu...

Amazon Linux AMI : quagga (ALAS-2012-90)

The bgpcapabilityorf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service assertion failure and daemon exit by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering ORF capability TLV in an OPEN message. C Tenable...

Amazon Linux AMI : kernel (ALAS-2012-34)

The Linux kernel before 3.2.2 does not properly restrict SGIO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to 1 a partition block device or 2 an LVM volume. C Tenable Network Security, Inc. The descriptive text a...