Amazon Linux 2 : libcgroup (ALAS-2019-1336)

libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information.CVE-2018-14348 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux 2 Security...

Amazon Linux 2 : elfutils (ALAS-2019-1337)

An out-of-bounds read was discovered in elfutils in the way it reads DWARF address ranges information. Function dwarfgetaranges in dwarfgetaranges.c does not properly check whether it reads beyond the limits of the ELF section. An attacker could use this flaw to cause a denial of service via a...

Amazon Linux 2 : libarchive (ALAS-2019-1325)

libarchive 3.3.2 suffers from an out-of-bounds read within lhareaddatanone in archivereadsupportformatlha.c when extracting a specially crafted lha archive, related to lhacrc16.CVE-2017-14503 libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards release v3.1.0 onwards contain...

Amazon Linux 2 : keycloak-httpd-client-install (ALAS-2019-1324)

It was discovered that keycloak-httpd-client-install uses a predictable log file name in /tmp. A local attacker could create a symbolic link to a sensitive location, possibly causing data corruption or denial of service.CVE-2017-15111 In keycloak-http-client-install prior to version 0.8, the admi...

Amazon Linux 2 : poppler (ALAS-2019-1332)

In Poppler 0.68.0, the Parser::getObj function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.CVE-2018-16646 An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as...

Amazon Linux 2 : perl-Archive-Tar (ALAS-2019-1330)

It was found that the Archive::Tar module did not properly sanitize symbolic links when extracting tar archives. An attacker, able to provide a specially crafted archive for processing, could use this flaw to write or overwrite arbitrary files in the context of the Perl interpreter.CVE-2018-12015...

Amazon Linux 2 : blktrace (ALAS-2019-1320)

blktrace aka Block IO Tracing 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the devmapread function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted file.CVE-2018-10689 C...

Amazon Linux 2 : curl (ALAS-2019-1340)

Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.CVE-2019-5481 Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.CVE-2019-5482 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Lin...

Amazon Linux 2 : java-11-openjdk (ALAS-2019-1338) (Spectre)

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions a commonly used performance optimization. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the...

Amazon Linux 2 : polkit (ALAS-2019-1331)

A flaw was found in PolicyKit aka polkit 0.115 that allows a user with a uid greater than INTMAX to successfully execute any systemctl command.CVE-2018-19788 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux 2 Security Advisor...

Amazon Linux 2 : advancecomp (ALAS-2019-1319)

An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer dereference exists in the function beuint32read located in endianrw.h. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service Segmentation fault or possibly have unspecified...

Amazon Linux 2 : exempi (ALAS-2019-1321)

An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers to cause a denial of service infinite loop via crafted XMP data in a .avi file.CVE-2017-18233 An issue was discovered in Exempi before 2.4.3. It...

Amazon Linux 2 : patch (ALAS-2019-1317)

doedscript in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638 , but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.CVE-2018-20969 GNU patch through 2.7.6 is vulnerable to OS shell...

Medium: golang

Issue Overview: It was discovered that net/http through net/textproto in golang does not correctly interpret HTTP requests where an HTTP header contains spaces before the colon. This could be abused by an attacker to smuggle HTTP requests when a proxy or a firewall is placed behind a server...

Medium: curl

Issue Overview: Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.CVE-2019-5481 Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.CVE-2019-5482 Affected Packages: curl Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit...

Medium: http-parser

Issue Overview: Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers almost 80 KB per connection, and carefully timed completion of the headers, it is possible to...

Important: SDL2

Issue Overview: An issue was discovered in libSDL2.a in Simple DirectMedia Layer SDL 2.0.9. There is an out-of-bounds read in the function SDLInvalidateMap at video/SDLpixels.c.CVE-2019-12222 A heap-based buffer overflow was discovered in SDL in the SDLBlitCopy function, that was called while...

Medium: keepalived

Issue Overview: keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protectedsymlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data...

Low: keycloak-httpd-client-install

Issue Overview: It was discovered that keycloak-httpd-client-install uses a predictable log file name in /tmp. A local attacker could create a symbolic link to a sensitive location, possibly causing data corruption or denial of service.CVE-2017-15111 In keycloak-http-client-install prior to versi...

Medium: libarchive

Issue Overview: libarchive 3.3.2 suffers from an out-of-bounds read within lhareaddatanone in archivereadsupportformatlha.c when extracting a specially crafted lha archive, related to lhacrc16.CVE-2017-14503 libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards release v3.1.0...