Amazon Linux AMI : freetype (ALAS-2012-66)

Multiple flaws were found in the way FreeType handled fonts in various formats. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

Amazon Linux AMI : xorg-x11-server (ALAS-2012-104)

A flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack. CVE-2011-4028 A race condition was found in the way the...

Amazon Linux AMI : libxml2 (ALAS-2012-134)

Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way libxml2 handled documents that enable entity expansion. A remote attacker could provide a large, specially crafted XML file that, when opened in an application linked against libxml2, would cause the...

Amazon Linux AMI : bind (ALAS-2013-158)

A flaw was found in the DNS64 implementation in BIND when using Response Policy Zones RPZ. If a remote attacker sent a specially crafted query to a named server that is using RPZ rewrite rules, named could exit unexpectedly with an assertion failure. Note that DNS64 support is not enabled by...

Amazon Linux AMI : kernel (ALAS-2012-142)

A use-after-free flaw was found in the Linux kernel's memory management subsystem in the way quota handling for huge pages was performed. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges. CVE-2012-2133 , Moderate A use-after-fr...

Amazon Linux AMI : nginx (ALAS-2012-63)

Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request. C Tenable Network Security, Inc. The descriptive text and package checks...

Amazon Linux AMI : kernel (ALAS-2011-16)

The skbgroheaderslow function in include/linux/netdevice.h in the Linux kernel before 2.6.39.4, when Generic Receive Offload GRO is enabled, resets certain fields in incorrect situations, which allows remote attackers to cause a denial of service system crash via crafted network traffic. Race...

Amazon Linux AMI : perl-FCGI (ALAS-2011-05)

The MITRE CVE database describes CVE-2011-2766 as : The FCGI aka Fast CGI module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP header...

Amazon Linux AMI : kernel (ALAS-2012-58)

The ExecShield feature does not properly handle use of many shared libraries by a 32-bit executable file, which makes it easier for context-dependent attackers to bypass the ASLR protection mechanism by leveraging a predictable base address for one of these libraries. C Tenable Network Security,...

Amazon Linux AMI : rsyslog (ALAS-2012-105)

A numeric truncation error, leading to a heap-based buffer overflow, was found in the way the rsyslog imfile module processed text files containing long lines. An attacker could use this flaw to crash the rsyslogd daemon or, possibly, execute arbitrary code with the privileges of rsyslogd, if the...

Amazon Linux AMI : kernel (ALAS-2011-22)

The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service CPU consumption via a crafted application that makes epollcreate and epollctl system calls. Buffer overflow in the...

Amazon Linux AMI : krb5 (ALAS-2012-114)

An uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled initial authentication requests AS-REQ. A remote, unauthenticated attacker could use this flaw to crash the KDC via a specially crafted AS-REQ request. CVE-2012-1015 A NULL pointer dereference flaw was found in th...

Amazon Linux AMI : krb5 (ALAS-2011-28)

A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed certain TGS Ticket-granting Server requests. A remote, authenticated attacker could use this flaw to crash the KDC via a specially crafted TGS request. CVE-2011-1530 C Tenable Network Security, Inc. The descriptiv...

Amazon Linux AMI : dhcp (ALAS-2013-157)

A flaw was found in the way the dhcpd daemon handled the expiration time of IPv6 leases. If dhcpd's configuration was changed to reduce the default IPv6 lease time, lease renewal requests for previously assigned leases could cause dhcpd to crash. CVE-2012-3955 C Tenable Network Security, Inc. The...

Amazon Linux AMI : httpd (ALAS-2013-193)

Cross-site scripting XSS flaws were found in the modproxybalancer module's manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially crafted URL, it would lead to arbitrary web script execution in the context of the...

Amazon Linux AMI : gnutls (ALAS-2013-197)

It was discovered that the fix for the CVE-2013-1619 issue introduced a regression in the way GnuTLS decrypted TLS/SSL encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to crash a server or client application that uses GnuTLS. CVE-2013-2116 C...

Amazon Linux AMI : krb5 (ALAS-2011-15)

Multiple NULL pointer dereference and assertion failure flaws were found in the MIT Kerberos KDC when it was configured to use an LDAP Lightweight Directory Access Protocol or Berkeley Database Berkeley DB back end. A remote attacker could use these flaws to crash the KDC. CVE-2011-1527 ,...

Amazon Linux AMI : freetype (ALAS-2011-20)

Multiple input validation flaws were found in the way FreeType processed CID-keyed fonts. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running...

Amazon Linux AMI : libtiff (ALAS-2012-65)

Two integer overflow flaws, leading to heap-based buffer overflows, were found in the way libtiff attempted to allocate space for a tile in a TIFF image file. An attacker could use these flaws to create a specially crafted TIFF file that, when opened, would cause an application linked against...

Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2013-167)

An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. CVE-2013-0809 It was...