Amazon Linux 2 : dhcp (ALAS-2018-963)

Omapi code doesn't free socket descriptors when empty message is received allowing denial-of-service It was found that the DHCP daemon did not properly clean up closed OMAPI connections in certain cases. A remote attacker able to connect to the OMAPI port could use this flaw to exhaust file...

Amazon Linux 2 : glibc (ALAS-2018-992)

Integer overflow in malloc functions : The malloc implementation in the GNU C Library aka glibc or libc6, from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZEMAX and could return a pointer to a heap region that i...

Amazon Linux 2 : bind (ALAS-2018-954)

Improper fetch cleanup sequencing in the resolver can cause named to crash A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acti...

Amazon Linux AMI : nvidia (ALAS-2018-991)

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape where a NULL pointer dereference may lead to denial of service or possible escalation of privileges. CVE-2018-6247 NVIDIA Windows GPU Display Driver contains a vulnerability ...

Amazon Linux AMI : python-paramiko (ALAS-2018-989)

Authentication bypass in transport.py transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed...

Amazon Linux AMI : libvorbis (ALAS-2018-981)

Vorbis audio processing out of bounds write : An out of bounds write flaw was found in the processing of vorbis audio data. A maliciously crafted file or audio stream could cause the application to crash or, potentially, execute arbitrary code. CVE-2018-5146 C Tenable Network Security, Inc. The...

Amazon Linux AMI : ruby20 / ruby22,ruby23,ruby24 (ALAS-2018-983)

Path traversal when writing to a symlinked basedir outside of the root RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal...

Amazon Linux AMI : mailman (ALAS-2018-985)

Cross-site scripting XSS vulnerability in web UI A cross-site scripting XSS flaw was found in mailman. An attacker, able to trick the user into visiting a specific URL, can execute arbitrary web scripts on the user's side and force the victim to perform unintended actions. CVE-2018-5950 CSRF...

Amazon Linux AMI : 389-ds-base (ALAS-2018-980)

Authentication bypass due to lack of size check in slapictmemcmp function in chmalloc.c : It was found that 389-ds-base did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypa...

Amazon Linux AMI : postgresql93 / postgresql94,postgresql95,postgresql96 (ALAS-2018-990)

Uncontrolled search path element in pgdump and other client applications A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database...

Amazon Linux AMI : dhcp (ALAS-2018-984)

Buffer overflow in dhclient possibly allowing code execution triggered by malicious server An out-of-bound memory access flaw was found in the way dhclient processed a DHCP response packet. A malicious DHCP server could potentially use this flaw to crash dhclient processes running on DHCP client...

Medium: mailman

Issue Overview: Cross-site scripting XSS vulnerability in web UI A cross-site scripting XSS flaw was found in mailman. An attacker, able to trick the user into visiting a specific URL, can execute arbitrary web scripts on the user's side and force the victim to perform unintended actions...

Low: zsh

Issue Overview: NULL dereference in cd in sh compatibility mode under given circumstances In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set. CVE-2017-18205 Null-pointer...

Important: dhcp

Issue Overview: Buffer overflow in dhclient possibly allowing code execution triggered by malicious server An out-of-bound memory access flaw was found in the way dhclient processed a DHCP response packet. A malicious DHCP server could potentially use this flaw to crash dhclient processes running...

Amazon Linux AMI : php71 (ALAS-2018-982)

Stack-based buffer under-read in ext/standard/httpfopenwrapper.c:phpstreamurlwraphttpex function when parsing HTTP response allows denial of service : In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing ...

Amazon Linux AMI : clamav (ALAS-2018-976)

Heap-based buffer overflow in mspack/lzxd.c mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted CHM file. CVE-2017-6419...

Amazon Linux AMI : tomcat7 / tomcat8 (ALAS-2018-972)

Late application of security constraints can lead to resource exposure for unauthorised users : Security constraints defined by annotations of Servlets in Apache Tomcat were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and...

Amazon Linux AMI : golang (ALAS-2018-975)

Arbitrary code execution during 'go get' via C compiler options : An arbitrary command execution flaw was found in the way Go's 'go get' command handled gcc and clang sensitive options during the build. A remote attacker capable of hosting malicious repositories could potentially use this flaw to...

Amazon Linux AMI : ruby24 / ruby22,ruby23 (ALAS-2018-978)

Unsafe object deserialization through YAML formatted gem specifications : A vulnerability was found where the rubygems module was vulnerable to an unsafe YAML deserialization when inspecting a gem. Applications inspecting gem files without installing them can be tricked to execute arbitrary code ...

Amazon Linux AMI : tomcat80 (ALAS-2018-973)

Incorrect documentation of CGI Servlet search algorithm may lead to misconfiguration : As part of the fix for bug 61201, the documentation for Apache Tomcat included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not...