Important: runc

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 Affected Packages: runc Note: This advisory is applicable to Amazon Linux...

Important: ecs-init

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 Affected Packages: ecs-init Note: This advisory is applicable to Amazon...

Medium: docker

Issue Overview: A flaw was found in the userns-remap feature of Docker. The root user in the remapped namespace can modify files under /var/lib/docker/, leading to possible privilege escalation to the root user in the host. The highest threat from this vulnerability is to data integrity...

Important: runc

Issue Overview: Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192 bits. Based on a survey of publicly trusted RSA keys, there are...

Important: nginx

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-44487 Affected Packages: nginx Note: This advisory is applicable to Amazon Linu...

Medium: ecs-init

Issue Overview: No CVE was issued for this update. Affected Packages: ecs-init Note: This advisory is applicable to Amazon Linux 2 - Ecs Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue...

Medium: djvulibre

Issue Overview: An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero. CVE-2021-46310 Affected Packages: djvulibre Note: This advisory is applicable to Amazon Linux 2 - Mate-desktop1.x Extra. Visit this page to learn more abo...

Important: firefox

Issue Overview: Memory corruption in IPC CanvasTranslator CVE-2023-4573 Memory corruption in IPC ColorPickerShownCallback CVE-2023-4574 Memory corruption in IPC FilePickerShownCallback CVE-2023-4575 XLL file extensions were downloadable without warnings. CVE-2023-4581 Memory safety bug...

Medium: tomcat

Issue Overview: URL Redirection to Untrusted Site 'Open Redirect' vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The...

Medium: python-paramiko

Issue Overview: In Paramiko before 2.10.1, a race condition between creation and chmod in the writeprivatekeyfile function could allow unauthorized information disclosure. CVE-2022-24302 Affected Packages: python-paramiko Note: This advisory is applicable to Amazon Linux 2 - Ansible2 Extra. Visit...

Important: squid

Issue Overview: A flaw was found in squid. Due to improper validation while parsing the request URI, squid is vulnerable to HTTP request smuggling. This issue could allow a trusted client to perform an HTTP request smuggling attack and access services otherwise forbidden by squid. The highest...

Important: postgresql

Issue Overview: A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. CVE-2021-23222 A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the defau...

Important: firefox

Issue Overview: The Mozilla Foundation Security Advisory describes this flaw as: An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages. This bug only affects Firefox for Linux. Other operating systems are...

Medium: nginx

Issue Overview: NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to corrupt NGINX worker memor...

Important: mono

Issue Overview: SharpZipLib or ziplib is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry ../evil.txt may be extracted in the parent directory of destFolder. This leads to arbitrary file write that may lead to code execution. The vulnerability was patched in version...

Important: haproxy2

Issue Overview: An out-of-bounds read in dnsvalidatednsresponse in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-initialized part of the buffer,...

Important: libpq

Issue Overview: A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. CVE-2021-23222 A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged...

Important: haproxy2

Issue Overview: A flaw was found in the way HAProxy processed HTTP responses containing the Set-Cookie2 header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from th...

Medium: emr-puppet

Issue Overview: A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'. CVE-2021-27025 Affected Packages: emr-puppet Note: This advisory is applicable to Amazon Linux 2 -...

Medium: haproxy2

Issue Overview: The HAProxy Github issue describes this vulnerability as follows: Crash SEGV in httpwaitforresponse in 2.2.19, 2.2.24, and 2.2.26 because sl start line variable is NULL. CVE-2023-0056 Affected Packages: haproxy2 Note: This advisory is applicable to Amazon Linux 2 - Haproxy2 Extra...