Amazon Linux AMI : kernel (ALAS-2012-133)

An integer overflow flaw was found in the i915gemdoexecbuffer function in the Intel i915 driver in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service. This issue only affected 32-bit systems. CVE-2012-2384 , Moderate A memory leak flaw was found in the w...

Amazon Linux AMI : php (ALAS-2011-07)

The MITRE CVE database describes these CVEs as : Revert isa behavior to php = 5.3.6 and add a new new option allowstring for the new behavior accept string and raise autoload if needed Use-after-free vulnerability in the substrreplace function in PHP 5.3.6 and earlier allows context-dependent...

Amazon Linux AMI : ruby (ALAS-2012-35)

Ruby aka CRuby before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an application that maintains a hash table. C Tenable Network...

Amazon Linux AMI : mysql55 (ALAS-2012-144)

A stack-based buffer overflow flaw was found in the user permission checking code in MySQL. An authenticated database user could use this flaw to crash the mysqld daemon or, potentially, execute arbitrary code with the privileges of the user running the mysqld daemon. CVE-2012-5611 C Tenable...

Amazon Linux AMI : puppet (ALAS-2012-135)

Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. dot dot in a...

Amazon Linux AMI : munin (ALAS-2012-130)

Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart plugin. C Tenable Network Security, Inc. The descriptive text and...

Amazon Linux AMI : systemtap (ALAS-2012-54)

An invalid pointer read flaw was found in the way SystemTap handled malformed debugging information in DWARF format. When SystemTap unprivileged mode was enabled, an unprivileged user in the stapusr group could use this flaw to crash the system or, potentially, read arbitrary kernel memory...

Amazon Linux AMI : cyrus-imapd (ALAS-2011-27)

An authentication bypass flaw was found in the cyrus-imapd NNTP server, nntpd. A remote user able to use the nntpd service could use this flaw to read or post newsgroup messages on an NNTP server configured to require user authentication, without providing valid authentication credentials...

Amazon Linux AMI : bind (ALAS-2011-24)

A flaw was discovered in the way BIND handled certain DNS queries, which caused it to cache an invalid record. A remote attacker could use this flaw to send repeated queries for this invalid record, causing the resolvers to exit unexpectedly due to a failed assertion. C Tenable Network Security,...

Amazon Linux AMI : nginx (ALAS-2012-74)

Buffer overflow in ngxhttpmp4module.c in the ngxhttpmp4module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service memory overwrite or possibly execute arbitrary code via a crafted MP4 file. C Tenable...

Amazon Linux AMI : libtasn1 (ALAS-2012-60)

A flaw was found in the way libtasn1 decoded DER data. An attacker could create carefully-crafted DER encoded input such as an X.509 certificate that, when parsed by an application that uses libtasn1 such as applications using GnuTLS, could cause the application to crash. CVE-2012-1569 C Tenable...

Amazon Linux AMI : openldap (ALAS-2012-101)

A denial of service flaw was found in the way the OpenLDAP server daemon slapd processed certain search queries requesting only attributes and no values. In certain configurations, a remote attacker could issue a specially crafted LDAP search query that, when processed by slapd, would cause slapd...

Amazon Linux AMI : nrpe (ALAS-2013-203)

Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor NRPE before 2.14 might allow remote attackers to execute arbitrary shell commands via '$' shell metacharacters, which are processed by bash. C Tenable Network Security, Inc. The descriptive text and package checks in...

Amazon Linux AMI : puppet (ALAS-2011-11)

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files. Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users ...

Amazon Linux AMI : httpd (ALAS-2011-01)

The MITRE CVE database describes CVE-2011-3192 as : The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service memory and CPU consumption via a Range header that expresses multiple overlapping ranges, a...

Amazon Linux AMI : kernel / nvidia (ALAS-2013-154)

The xenfailsafecallback function in Xen for the Linux kernel 2.6.23 and other versions, when running a 32-bit PVOPS guest, allows local users to cause a denial of service guest crash by triggering an iret fault, leading to use of an incorrect stack pointer and stack corruption. C Tenable Network...

Amazon Linux AMI : gnutls (ALAS-2012-59)

A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer. CVE-2012-1573 A boundary error was found in the gnutlssessiongetdata function. A malicious...

Amazon Linux AMI : openjpeg (ALAS-2012-125)

It was found that OpenJPEG failed to sanity-check an image header field before using it. A remote attacker could provide a specially crafted image file that could cause an application linked against OpenJPEG to crash or, possibly, execute arbitrary code. CVE-2012-3535 C Tenable Network Security,...

Amazon Linux AMI : bind (ALAS-2012-113)

An uninitialized data structure use flaw was found in BIND when DNSSEC validation was enabled. A remote attacker able to send a large number of queries to a DNSSEC validating BIND resolver could use this flaw to cause it to exit unexpectedly with an assertion failure. CVE-2012-3817 C Tenable...

Amazon Linux AMI : php (ALAS-2012-116)

Unspecified vulnerability in the phpstreamscandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an 'overflow.' C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...