Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ubi: Fix race condition between ctrlcdevioctl and ubicdevioctl CVE-2021-47634 A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write. This flaw allows a local user t...

Medium: unixODBC

Issue Overview: An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8 bytes. This issue may go unnoticed on little-endian architectures, while big-endian architectures can be broken. CVE-2024-1013 Affected Packages: unixOD...

Medium: unixODBC

Issue Overview: An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8 bytes. This issue may go unnoticed on little-endian architectures, while big-endian architectures can be broken. CVE-2024-1013 Affected Packages: unixOD...

Medium: opensc

Issue Overview: A vulnerability was found in OpenSC where PKCS1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data. CVE-2023-5992 Affected Packages: opensc Note: This advisory is applicable to Amazon Linux 2 AL2 Cor...

Medium: freerdp

Issue Overview: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible NULL access and crash. Version 3.5.1 contains a patch for the issue. No known workarounds are available. CVE-2024-32661 Affected Packages:...

Important: ghostscript

Issue Overview: NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7145885041bb52cc23964f0aa2aec1b1c82b5908 ghostpdl-10.03.1 NOTE: https://bugs.ghostscript.com/showbug.cgi?id=707754 CVE-2024-33871 Affected...

Amazon Linux 2 : cri-tools (ALAS-2024-2568)

The version of cri-tools installed on the remote host is prior to 1.29.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2568 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of...

Amazon Linux 2 : openssl11 (ALAS-2024-2564)

The version of openssl11 installed on the remote host is prior to 1.1.1g-12. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2564 advisory. Issue summary: Some non-default TLS server configurations can cause unboundedmemory growth when processing TLSv1.3 sessions...

Amazon Linux 2 : ghostscript (ALAS-2024-2562)

The version of ghostscript installed on the remote host is prior to 9.54.0-9. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2562 advisory. NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.htmlNOTE: https://cgit.ghostscript.com/cgi-...

Amazon Linux 2 : unixODBC (ALAS-2024-2565)

The version of unixODBC installed on the remote host is prior to 2.3.1-15. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2565 advisory. An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8...

Medium: cri-tools

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

Amazon Linux 2 : kernel (ALAS-2024-2569)

The version of kernel installed on the remote host is prior to 4.14.276-211.499. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2569 advisory. In the Linux kernel, the following vulnerability has been resolved: ubi: Fix race condition between ctrlcdevioctl...

Amazon Linux 2 : postgresql (ALAS-2024-2567)

The version of postgresql installed on the remote host is prior to 9.2.24-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2567 advisory. While modifying certain SQL array values, missing overflow checks let authenticated database users write arbitrary bytes to a...

Amazon Linux 2 : freerdp (ALAS-2024-2563)

The version of freerdp installed on the remote host is prior to 2.11.7-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2563 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a...

Amazon Linux 2 : ruby (ALAS-2024-2570)

The version of ruby installed on the remote host is prior to 2.0.0.648-36. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2570 advisory. An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception...

Amazon Linux 2 : opensc (ALAS-2024-2566)

The version of opensc installed on the remote host is prior to 0.19.0-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2566 advisory. A vulnerability was found in OpenSC where PKCS1 encryption padding removal is not implemented as side- channel resistant. This issu...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2024-059 (ALASKERNEL-5.10-2024-059)

The version of kernel installed on the remote host is prior to 5.10.176-157.645. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2024-059 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: block range must be validated...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2024-070 (ALASKERNEL-5.4-2024-070)

The version of kernel installed on the remote host is prior to 5.4.238-148.347. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2024-070 advisory. An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x8664 lacks...

Amazon Linux 2 : firefox (ALASFIREFOX-2024-025)

The version of firefox installed on the remote host is prior to 115.11.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2024-025 advisory. A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the...

Amazon Linux 2 : postgresql (ALASPOSTGRESQL14-2024-011)

The version of postgresql installed on the remote host is prior to 14.12-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2POSTGRESQL14-2024-011 advisory. postgresql: PostgreSQL pgstatsext and pgstatsextexprs lack authorization checks CVE-2024-4317 Tenable has extracted t...