Amazon Linux AMI : postgresql9 (ALAS-2012-91)

The cryptdes aka DES-based crypt function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an...

Amazon Linux AMI : glibc (ALAS-2012-57)

An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFYSOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such...

Amazon Linux AMI : libtiff (ALAS-2012-106)

libtiff did not properly convert between signed and unsigned integer values, leading to a buffer overflow. An attacker could use this flaw to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code...

Amazon Linux AMI : kernel (ALAS-2011-16)

The skbgroheaderslow function in include/linux/netdevice.h in the Linux kernel before 2.6.39.4, when Generic Receive Offload GRO is enabled, resets certain fields in incorrect situations, which allows remote attackers to cause a denial of service system crash via crafted network traffic. Race...

Amazon Linux AMI : socat (ALAS-2012-87)

Heap-based buffer overflow in the xioscanreadline function in xio-readline.c in socat 1.4.0.0 through 1.7.2.0 and 2.0.0-b1 through 2.0.0-b4 allows local users to execute arbitrary code via the READLINE address. C Tenable Network Security, Inc. The descriptive text and package checks in this plugi...

Amazon Linux AMI : nss (ALAS-2012-108)

A flaw was found in the way the ASN.1 Abstract Syntax Notation One decoder in NSS handled zero length items. This flaw could cause the decoder to incorrectly skip or replace certain items with a default value, or could cause an application to crash if, for example, it received a specially crafted...

Amazon Linux AMI : php (ALAS-2012-41)

It was discovered that the fix for CVE-2011-4885 introduced an uninitialized memory use flaw. A remote attacker could send a specially crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code. C Tenable Network Security, Inc. The descriptive text and package...

Amazon Linux AMI : php (ALAS-2012-37)

It was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash value, a large amount of CPU time would be consumed. This flaw has been mitigated by...

Amazon Linux AMI : dhcp (ALAS-2012-31)

A denial of service flaw was found in the way the dhcpd daemon handled DHCP request packets when regular expression matching was used in '/etc/dhcp/dhcpd.conf'. A remote attacker could use this flaw to crash dhcpd. CVE-2011-4539 C Tenable Network Security, Inc. The descriptive text and package...

Amazon Linux AMI : mysql (ALAS-2012-44)

This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. CVE-2011-2262 , CVE-2012-0075 , CVE-2012-0087 , CVE-2012-0101 , CVE-2012-0102 , CVE-2012-0112 ,...

Amazon Linux AMI : krb5 (ALAS-2013-182)

A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed certain TGS Ticket-granting Server requests. A remote, authenticated attacker could use this flaw to crash the KDC via a specially crafted TGS request. CVE-2013-1416 C Tenable Network Security, Inc. The descriptiv...