Amazon Linux 2 : php-pear (ALAS-2019-1159)

PEAR ArchiveTar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the ArchiveTar class. There are several file operations with $vheader'filename' as parameter such as fileexists, isfile, isdir, etc. When extract is called without a specific prefix path, we can trigger...

Amazon Linux 2 : libvncserver (ALAS-2019-1161)

LibVNC contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution CVE-2018-15127 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux 2 Security Advisory...

Amazon Linux 2 : thunderbird (ALAS-2019-1157)

Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 CVE-2018-12390 Crash with nested event loops CVE-2018-12392 Memory safety bugs fixed in Firefox ESR 60.3 CVE-2018-12389 Integer overflow during Unicode conversion while loading JavaScript CVE-2018-12393 C Tenable Network Security, Inc. T...

Amazon Linux 2 : systemd (ALAS-2019-1160)

An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate...

Low: setup

Issue Overview: Setup in Amazon Linux 2 added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pamshells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstances, users which had their shell...

Critical: thunderbird

Issue Overview: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 CVE-2018-12390 Crash with nested event loops CVE-2018-12392 Memory safety bugs fixed in Firefox ESR 60.3 CVE-2018-12389 Integer overflow during Unicode conversion while loading JavaScript CVE-2018-12393 Affected Packages:...

Important: libvncserver

Issue Overview: LibVNC contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution CVE-2018-15127 Affected Packages: libvncserver Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for...

Important: systemd

Issue Overview: It was discovered that systemd-network does not correctly keep track of a buffer size when constructing DHCPv6 packets. This flaw may lead to an integer underflow that can be used to produce an heap-based buffer overflow. A malicious host on the same network segment as the victim'...

Amazon Linux AMI : docker (ALAS-2019-1156)

A vulnerability was discovered in runc, which is used by Docker to run containers. runc did not prevent container processes from modifying the runc binary via /proc/self/exe. A malicious container could replace the runc binary, resulting in container escape and privilege escalation. This was fixe...

Amazon Linux AMI : libXcursor (ALAS-2019-1150)

XcursorThemeInherits in library.c in libXcursor allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow. CVE-2015-9262 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AMI...

Amazon Linux AMI : curl (ALAS-2019-1151)

setfilemetadata in xattr.c in GNU Wget stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information e.g., credentials contained in the URL by reading this attribute, as...

Amazon Linux AMI : krb5 (ALAS-2018-1129)

MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a 'linkdn' and 'containerdn' database argument, or by supplying a DN string which is a left extension of a container DN stri...

Amazon Linux 2 : kernel (ALAS-2019-1149)

A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bcsvcprocess use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and ...

Amazon Linux AMI : samba (ALAS-2018-1126)

A NULL pointer dereference flaw was found in Samba RPC external printer service. An attacker could use this flaw to cause the printer spooler service to crash. CVE-2018-1050 A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious...

Amazon Linux 2 : openssl (ALAS-2019-1153)

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. CVE-2018-0734 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

Amazon Linux 2 : libcdio (ALAS-2019-1151)

A heap corruption bug was found in the way libcdio handled processing of ISO files. An attacker could potentially use this flaw to crash applications using libcdio by tricking them into processing crafted ISO files, thus resulting in local DoS.CVE-2017-18198 A double-free flaw was found in the wa...

Amazon Linux AMI : curl (ALAS-2019-1148)

A heap use-after-free flaw was found in curl related to closing an easy handle. When closing and cleaning up an 'easy' handle in the Curlclose function, the library code first frees a struct without nulling the pointer and might then subsequently erroneously write to a struct field within that...

Amazon Linux AMI : kernel (ALAS-2019-1149)

A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bcsvcprocess use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and ...

Amazon Linux AMI : sssd (ALAS-2018-1127)

The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD utilizes too broad of a set of permissions. Any user who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. CVE-2018-10852 C Tenable Network...

Amazon Linux 2 : jasper (ALAS-2019-1150)

The JPCNOMINALGAIN function in jpc/jpct1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service JPCCOXRFT assertion failure via unspecified vectors.CVE-2016-9396 JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2encode which failed to check to...