Important: kernel

Issue Overview: A stack buffer overflow issue was found in the getrawsocket routine of the Host kernel accelerator for virtio net vhost-net driver. It could occur while doing an ictolVHOSTNETSETBACKEND call, and retrieving socket name in a kernel stack variable via getrawsocket. A user able to...

Amazon Linux 2 : sudo (ALAS-2020-1404)

The version of sudo installed on the remote host is prior to 1.8.23-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1404 advisory. In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged su...

Amazon Linux 2 : java-1.7.0-openjdk (ALAS-2020-1403)

The version of java-1.7.0-openjdk installed on the remote host is prior to 1.7.0.251-2.6.21.0. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1403 advisory. Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization...

Amazon Linux AMI : sudo (ALAS-2020-1356)

The version of sudo installed on the remote host is prior to 1.8.6p3-29.30. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1356 advisory. In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privilege...

Amazon Linux AMI : nss, nss-softokn, nss-util, nspr (ALAS-2020-1355)

The version of nspr installed on the remote host is prior to 4.21.0-1.43. The version of nss installed on the remote host is prior to 3.44.0-7.84. The version of nss-softokn installed on the remote host is prior to 3.44.0-8.44. The version of nss-util installed on the remote host is prior to...

Important: sudo

Issue Overview: In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, an...

Amazon Linux AMI : freetype (ALAS-2020-1348)

The version of freetype installed on the remote host is prior to 2.3.11-19.15. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1348 advisory. FreeType before 2.6.1 has a heap-based buffer over-read in T1GetPrivateDict in type1/t1parse.c. CVE-2015-9381 FreeTyp...

Amazon Linux AMI : php73 (ALAS-2020-1351)

The version of php73 installed on the remote host is prior to 7.3.15-1.24. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1351 advisory. In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension,...

Amazon Linux AMI : php72 (ALAS-2020-1350)

The version of php72 installed on the remote host is prior to 7.2.28-1.21. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1350 advisory. In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension,...

Amazon Linux AMI : kernel (ALAS-2020-1349)

The version of kernel installed on the remote host is prior to 4.14.171-105.231. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1349 advisory. In the Linux kernel before 5.1, there is a memory leak in featregistersp in net/dccp/feat.c, which may cause denial...

Amazon Linux 2 : kernel (ALAS-2020-1399)

The version of kernel installed on the remote host is prior to 4.14.171-136.231. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1399 advisory. In the Linux kernel before 5.1, there is a memory leak in featregistersp in net/dccp/feat.c, which may cause denia...

Amazon Linux 2 : qemu (ALAS-2020-1401)

The version of qemu installed on the remote host is prior to 3.1.0-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1401 advisory. ipreass in ipinput.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the...

Amazon Linux 2 : ppp (ALAS-2020-1400)

The version of ppp installed on the remote host is prior to 2.4.5-33. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1400 advisory. eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eaprequest and eapresponse functions. CVE-2020-8597...

Medium: kernel-livepatch-4.14.165-131.185

Issue Overview: In the Linux kernel before 5.1, there is a memory leak in featregistersp in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b.CVE-2019-20096 Affected Packages: kernel-livepatch-4.14.165-131.185 Issue Correction: Please ensure you have live patching enabled...

Important: kernel-livepatch-4.14.165-131.185

Issue Overview: An issue was discovered in the Linux kernel before 5.0.10. SMB2negotiate in fs/cifs/smb2pdu.c has an out-of-bounds read because data structures are incompletely updated after a change from smb30 to smb21.CVE-2019-1591 Affected Packages: kernel-livepatch-4.14.165-131.185 Issue...

Important: qemu

Issue Overview: ipreass in ipinput.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment. CVE-2019-14378 Affected Packages: qemu Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ...

Important: ppp

Issue Overview: eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eaprequest and eapresponse functions. CVE-2020-8597 Affected Packages: ppp Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL...

Important: kernel

Issue Overview: In the Linux kernel before 5.1, there is a memory leak in featregistersp in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b. CVE-2019-20096 An issue was discovered in the Linux kernel before 5.0.10. SMB2negotiate in fs/cifs/smb2pdu.c has an out-of-bounds...

Amazon Linux 2 : transfig (ALAS-2020-1398)

The version of transfig installed on the remote host is prior to 3.2.7b-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1398 advisory. readcolordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. CVE-2019-19797 makearrow in arrow.c in Xfig...

Amazon Linux AMI : php72 (ALAS-2020-1346)

The version of php72 installed on the remote host is prior to 7.2.27-1.20. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1346 advisory. When using fgetss function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and...