Amazon Linux AMI : openssl (ALAS-2011-04)

The MITRE CVE database describes CVE-2011-3207 as : crypto/x509/x509vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past. C Tenable...

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2013-156)

Multiple improper permission check issues were discovered in the AWT, CORBA, JMX, Libraries, and Beans components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. CVE-2013-0442 , CVE-2013-0445 , CVE-2013-0441 , CVE-2013-1475 ,...

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2013-151)

Two improper permission check issues were discovered in the reflection API in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2012-88)

Multiple flaws were discovered in the CORBA Common Object Request Broker Architecture implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandbox restrictions or modify immutable object data. CVE-2012-1711 , CVE-2012-1719 It was discovered that the...

Amazon Linux AMI : openssl (ALAS-2013-171)

It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a paddi...

Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2012-119)

It was discovered that the Beans component in OpenJDK did not perform permission checks properly. An untrusted Java application or applet could use this flaw to use classes from restricted packages, allowing it to bypass Java sandbox restrictions. CVE-2012-1682 A hardening fix was applied to the...

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2013-162)

Multiple improper permission check issues were discovered in the JMX and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. CVE-2013-1486 , CVE-2013-1484 An improper permission check issue was discovered in the...

Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2013-163)

An improper permission check issue was discovered in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. CVE-2013-1486 It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted...

Amazon Linux AMI : krb5 (ALAS-2013-182)

A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed certain TGS Ticket-granting Server requests. A remote, authenticated attacker could use this flaw to crash the KDC via a specially crafted TGS request. CVE-2013-1416 C Tenable Network Security, Inc. The descriptiv...

Amazon Linux AMI : dhcp (ALAS-2012-31)

A denial of service flaw was found in the way the dhcpd daemon handled DHCP request packets when regular expression matching was used in '/etc/dhcp/dhcpd.conf'. A remote attacker could use this flaw to crash dhcpd. CVE-2011-4539 C Tenable Network Security, Inc. The descriptive text and package...

Amazon Linux AMI : ruby (ALAS-2012-139)

Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the nameerrmesgtostr API function, which marks the string as tainted, a different vulnerability than...

Amazon Linux AMI : nagios (ALAS-2012-50)

Multiple cross-site scripting XSS vulnerabilities in config.c in config.cgi in 1 Nagios 3.2.3 and 2 Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an a command action or a b hosts action. C Tenable Network Security,...

Amazon Linux AMI : tomcat6 (ALAS-2011-25)

Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret...

Amazon Linux AMI : kernel (ALAS-2012-55)

A buffer overflow flaw was found in the way the Linux kernel's XFS file system implementation handled links with overly long path names. A local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges by mounting a specially crafted disk. CVE-2011-4077 ,...

Amazon Linux AMI : mysql (ALAS-2012-44)

This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. CVE-2011-2262 , CVE-2012-0075 , CVE-2012-0087 , CVE-2012-0101 , CVE-2012-0102 , CVE-2012-0112 ,...

Amazon Linux AMI : kernel (ALAS-2011-26)

IPv6 fragment identification value generation could allow a remote attacker to disrupt a target system's networking, preventing legitimate users from accessing its services. CVE-2011-2699 , Important A signedness issue was found in the Linux kernel's CIFS Common Internet File System implementatio...

Amazon Linux AMI : php (ALAS-2012-41)

It was discovered that the fix for CVE-2011-4885 introduced an uninitialized memory use flaw. A remote attacker could send a specially crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code. C Tenable Network Security, Inc. The descriptive text and package...

Amazon Linux AMI : php (ALAS-2012-37)

It was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash value, a large amount of CPU time would be consumed. This flaw has been mitigated by...

Medium: mysql51

Issue Overview: This update fixes several vulnerabilities in the MySQL database server. Affected Packages: mysql51 Issue Correction: Run yum update mysql51 or yum update --advisory ALAS-2013-152 to update your system. New Packages: i686: mysql51-5.1.67-1.60.amzn1.i686 ...

Important: nss

Issue Overview: It was found that a Certificate Authority CA mis-issued two intermediate certificates to customers. These certificates could be used to launch man-in-the-middle attacks. This update renders those certificates as untrusted. This covers all uses of the certificates, including SSL,...