Amazon Linux AMI : emacs (ALAS-2017-912)

Command injection flaw within 'enriched mode' handling : A command injection flaw within the Emacs 'enriched mode' handling has been discovered. By tricking an unsuspecting user into opening a specially crafted file using Emacs, a remote attacker could exploit this flaw to execute arbitrary...

Amazon Linux AMI : nss (ALAS-2017-911)

Potential use-after-free in TLS 1.2 server when verifying client authentication : A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or,...

Amazon Linux AMI : git (ALAS-2017-910)

The 'git' subcommand 'cvsserver' is a Perl script which makes excessive use of the backtick operator to invoke 'git'. Unfortunately user input is used within some of those invocations. It should be noted, that 'git-cvsserver' will be invoked by 'git-shell' by default without further configuration...

Amazon Linux AMI : samba (ALAS-2017-909)

Server memory information leak over SMB1 : An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot...

Amazon Linux AMI : postgresql96 (ALAS-2017-908)

The pgusermappings view discloses passwords to users lacking server privileges : An authorization flaw was found in the way PostgreSQL handled access to the pgusermappings view on foreign servers. A remote authenticated attacker could potentially use this flaw to retrieve passwords from the user...

Amazon Linux AMI : openssh (ALAS-2017-898)

A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses. CVE-2016-6210 It was found that OpenSSH did not limit...

Amazon Linux AMI : kernel (ALAS-2017-901)

A buffer overflow was discovered in tpacketrcv function in the Linux kernel since v4.6-rc1 through v4.13. A number of socket-related syscalls can be made to set up a configuration when each packet received by a network interface can cause writing up to 10 bytes to a kernel memory outside of a...

Amazon Linux AMI : nagios (ALAS-2017-899)

Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service crash via a long string in the last key value in...

Amazon Linux AMI : file (ALAS-2017-900)

An issue in file allowed an attacker to overwrite a fixed 20-byte stack buffer with a specially crafted .notes section in an ELF binary. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AMI Security Advisory ALAS-2017-900...

Amazon Linux AMI : dnsmasq (ALAS-2017-907)

Information leak in the DHCPv6 relay code An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data. CVE-2017-14494 Memor...

Amazon Linux AMI : 389-ds-base (ALAS-2017-905)

Password brute-force possible for locked account due to different return codes : A flaw was found in the way 389-ds-base handled authentication attempts against locked accounts. A remote attacker could potentially use this flaw to continue password brute-forcing attacks against LDAP accounts,...

Amazon Linux AMI : tomcat7 / tomcat8 (ALAS-2017-903)

1480618 : Vary header not added by CORS filter leading to cache poisoning The CORS Filter in Apache Tomcat did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances. CVE-2017-7674 C Tenable...

Amazon Linux AMI : ruby22 / ruby23 (ALAS-2017-906)

SMTP command injection via CRLF sequences in RCPT TO or MAIL FROM commands in Net::SMTP A SMTP command injection flaw was found in the way Ruby's Net::SMTP module handled CRLF sequences in certain SMTP commands. An attacker could potentially use this flaw to inject SMTP commands in a SMTP session...

Amazon Linux AMI : cacti (ALAS-2017-904)

A cross-site scripting vulnerability exists in Cacti in the method parameter in spikekill.php. CVE-2017-12927 The lib/html.php script in Cacti has a XSS vulnerability via the title field of an external link added by an authenticated user. CVE-2017-12978 C Tenable Network Security, Inc. The...

Amazon Linux AMI : poppler (ALAS-2017-902)

Stack-buffer overflow in GfxState.cc : A stack-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler such as Evince to crash, or potentially execute arbitrary code when opened. CVE-2017-9775 Integer...

Amazon Linux AMI : httpd24 / httpd (ALAS-2017-896) (Optionsbleed)

Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret...

Amazon Linux AMI : xmlsec1 (ALAS-2017-890)

It was discovered xmlsec1's use of libxml2 inadvertently enabled external entity expansion XXE along with validation. An attacker could craft an XML file that would cause xmlsec1 to try and read local files or HTTP/FTP URLs, leading to information disclosure or denial of service. CVE-2017-1000061...

Amazon Linux AMI : nginx (ALAS-2017-894)

A flaw within the processing of ranged HTTP requests has been discovered in the range filter module of nginx. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially sensitive memory b...

Amazon Linux AMI : aws-cfn-bootstrap (ALAS-2017-895)

The default umask value is set to 022 to address a privilege escalation security vulnerability. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AMI Security Advisory ALAS-2017-895. include"compat.inc"; if description...

Amazon Linux AMI : GraphicsMagick (ALAS-2017-891)

The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file. CVE-2017-1000061 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AMI...