Amazon Linux AMI : socat (ALAS-2013-202)

socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service file descriptor consumption via multiple request that are refused based on the 1 sourceport, 2 lowport, 3 range, or 4...

Amazon Linux AMI : openswan (ALAS-2011-06)

When an ISAKMP message with an invalid KEYLENGTH attribute is received, the error handling function crashes on a NULL pointer dereference. Openswan automatically restarts the pluto IKE daemon but all ISAKMP state is lost. This vulnerability does NOT allow an attacker access to the system. This ca...

Amazon Linux AMI : php (ALAS-2012-77)

A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially crafted request to a PHP script that would result in the query string being parsed by php-cgi as command line options and arguments. This could le...

Amazon Linux AMI : dhcp (ALAS-2012-115)

A denial of service flaw was found in the way the dhcpd daemon handled zero-length client identifiers. A remote attacker could use this flaw to send a specially crafted request to dhcpd, possibly causing it to enter an infinite loop and consume an excessive amount of CPU time. CVE-2012-3571 Two...

Amazon Linux AMI : rpm (ALAS-2012-61)

Multiple flaws were found in the way RPM parsed package file headers. An attacker could create a specially crafted RPM package that, when its package header was accessed, or during package signature verification, could cause an application using the RPM library such as the rpm command line tool, ...

Amazon Linux AMI : libxml2 (ALAS-2012-143)

A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the...

Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2012-136) (ROBOT)

Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. CVE-2012-5086 , CVE-2012-5084 , CVE-2012-5089 Multiple improper permission check issues...

Amazon Linux AMI : perl (ALAS-2011-19)

A heap-based buffer overflow flaw was found in the way Perl decoded Unicode strings. An attacker could create a malicious Unicode string that, when decoded by a Perl program, would cause the program to crash or, potentially, execute arbitrary code with the permissions of the user running the...

Amazon Linux AMI : icu (ALAS-2012-33)

A stack-based buffer overflow flaw was found in the way ICU performed variant canonicalization for some locale identifiers. If a specially crafted locale representation was opened in an application linked against ICU, it could cause the application to crash or, possibly, execute arbitrary code wi...

Amazon Linux AMI : krb5 (ALAS-2013-208)

It was found that kadmind's kpasswd service did not perform any validation on incoming network packets, causing it to reply to all requests. A remote attacker could use this flaw to send spoofed packets to a kpasswd service that appear to come from kadmind on a different server, causing the...

Amazon Linux AMI : gnutls (ALAS-2013-197)

It was discovered that the fix for the CVE-2013-1619 issue introduced a regression in the way GnuTLS decrypted TLS/SSL encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to crash a server or client application that uses GnuTLS. CVE-2013-2116 C...

Amazon Linux AMI : krb5 (ALAS-2012-114)

An uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled initial authentication requests AS-REQ. A remote, unauthenticated attacker could use this flaw to crash the KDC via a specially crafted AS-REQ request. CVE-2012-1015 A NULL pointer dereference flaw was found in th...

Amazon Linux AMI : krb5 (ALAS-2011-15)

Multiple NULL pointer dereference and assertion failure flaws were found in the MIT Kerberos KDC when it was configured to use an LDAP Lightweight Directory Access Protocol or Berkeley Database Berkeley DB back end. A remote attacker could use these flaws to crash the KDC. CVE-2011-1527 ,...

Amazon Linux AMI : openldap (ALAS-2012-101)

A denial of service flaw was found in the way the OpenLDAP server daemon slapd processed certain search queries requesting only attributes and no values. In certain configurations, a remote attacker could issue a specially crafted LDAP search query that, when processed by slapd, would cause slapd...

Amazon Linux AMI : libproxy (ALAS-2012-140)

A buffer overflow flaw was found in the way libproxy handled the downloading of proxy auto-configuration PAC files. A malicious server hosting a PAC file or a man-in-the-middle attacker could use this flaw to cause an application using libproxy to crash or, possibly, execute arbitrary code, if th...

Amazon Linux AMI : krb5 (ALAS-2011-28)

A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed certain TGS Ticket-granting Server requests. A remote, authenticated attacker could use this flaw to crash the KDC via a specially crafted TGS request. CVE-2011-1530 C Tenable Network Security, Inc. The descriptiv...

Amazon Linux AMI : dhcp (ALAS-2013-157)

A flaw was found in the way the dhcpd daemon handled the expiration time of IPv6 leases. If dhcpd's configuration was changed to reduce the default IPv6 lease time, lease renewal requests for previously assigned leases could cause dhcpd to crash. CVE-2012-3955 C Tenable Network Security, Inc. The...

Amazon Linux AMI : glibc (ALAS-2012-109)

Multiple errors in glibc's formatted printing functionality could allow an attacker to bypass FORTIFYSOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. C...

Amazon Linux AMI : openssl (ALAS-2012-72)

Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 Abstract Syntax Notation One data from BIO OpenSSL's I/O abstraction inputs. Specially crafted DER Distinguished Encoding Rules encoded data read from a file or other BIO input could cause...

Amazon Linux AMI : httpd24 (ALAS-2013-175)

Multiple cross-site scripting XSS vulnerabilities in the balancerhandler function in the manager interface in modproxybalancer.c in the modproxybalancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML vi...