Amazon Linux 2 : edk2 (ALAS-2019-1290)

Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. CVE-2018-12182 Stack overflow in XHCI for EDK II may allow an unauthenticated user to...

Amazon Linux 2 : oniguruma (ALAS-2019-1288)

A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte...

Amazon Linux 2 : kernel (ALAS-2019-1280)

A buffer overflow due to a singed-unsigned comparsion was found in hidpprocessreport in the net/bluetooth/hidp/core.c in the Linux kernel. The buffer length is an unsigned int but gets cast to a signed int which in certain conditions can lead to a system panic and a denial-of-service. CVE-2018-93...

Amazon Linux 2 : kernel (ALAS-2019-1279)

An issue was discovered in the fdlockedioctl function in drivers/block/floppy.c in the Linux kernel. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location ...

Amazon Linux 2 : kernel (ALAS-2019-1281)

NOTE: This ALAS is a duplicate of ALAS2-2019-1280. The CVEs listed here are fixed in the referenced ALAS. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux 2 Security Advisory ALAS-2019-1281. include'compat.inc'; if descriptio...

Amazon Linux 2 : python (ALAS-2019-1291)

urllib in Python 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call. CVE-2019-9948 C Tenable Network Security, Inc. The descriptiv...

Amazon Linux 2 : kernel (ALAS-2019-1278)

A flaw was found in the Linux kernel in the hiddebugeventsread function in the drivers/hid/hid-debug.c file. A lack of the certain checks may allow a privileged user 'root' to achieve an out-of-bounds write and thus receiving user space buffer corruption. CVE-2018-9516 C Tenable Network Security,...

Amazon Linux AMI : perl-Archive-Tar (ALAS-2019-1287)

It was found that the Archive::Tar module did not properly sanitize symbolic links when extracting tar archives. An attacker, able to provide a specially crafted archive for processing, could use this flaw to write or overwrite arbitrary files in the context of the Perl interpreter.CVE-2018-12015...

Amazon Linux AMI : php71 / php72,php73 (ALAS-2019-1282)

An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to...

Amazon Linux AMI : kernel (ALAS-2019-1280)

It was found that paravirtpatchcall/jump functions in the arch/x86/kernel/paravirt.c in the Linux kernel mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtualized guests.CVE-2018-15594 A buffer overflow due to a singed-unsigned...

Amazon Linux AMI : php72 (ALAS-2019-1284)

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information...

Amazon Linux AMI : php71 / php73 (ALAS-2019-1283)

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information...

Amazon Linux AMI : kernel (ALAS-2019-1279)

An issue was discovered in the fdlockedioctl function in drivers/block/floppy.c in the Linux kernel. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location ...

Amazon Linux AMI : kernel (ALAS-2019-1281)

A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream 'x86/ptrace: Fix possible spectre-v1 in ptracegetdebugreg' commit reintroduced the...

Amazon Linux AMI : zsh (ALAS-2019-1285)

It was discovered that zsh does not properly validate the shebang of input files and it truncates it to the first 64 bytes. A local attacker may use this flaw to make zsh execute a different binary than what is expected, named with a substring of the shebang one.CVE-2018-13259 C Tenable Network...

Amazon Linux AMI : libjpeg-turbo (ALAS-2019-1286)

The cjpeg utility in libjpeg allows remote attackers to cause a denial of service NULL pointer dereference and application crash or execute arbitrary code via a crafted file.CVE-2016-3616 libjpeg 9c has a large loop because readpixel in rdtarga.c mishandles EOF.CVE-2018-11813 An out-of-bounds rea...

Medium: oniguruma

Issue Overview: A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, wit...

Low: kernel

Issue Overview: A flaw was found in the Linux kernel in the hiddebugeventsread function in the drivers/hid/hid-debug.c file. A lack of the certain checks may allow a privileged user "root" to achieve an out-of-bounds write and thus receiving user space buffer corruption. CVE-2018-9516 Affected...

Medium: kernel

Issue Overview: A buffer overflow due to a singed-unsigned comparsion was found in hidpprocessreport in the net/bluetooth/hidp/core.c in the Linux kernel. The buffer length is an unsigned int but gets cast to a signed int which in certain conditions can lead to a system panic and a...

Medium: kernel

Issue Overview: NOTE: This ALAS is a duplicate of ALAS2-2019-1280. The CVEs listed here are fixed in the referenced ALAS. Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras...