Amazon Linux AMI : R (ALAS-2017-819)

An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker can send a malicious R script to trigger this vulnerability...

Amazon Linux AMI : GraphicsMagick (ALAS-2017-820)

The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service out-of-bounds read and application crash via a small samples per pixel value in a CMYKA TIFF file.CVE-2017-6335 The WPG format reader in GraphicsMagick 1.3.2...

Amazon Linux AMI : munin (ALAS-2017-818)

Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upperlimit GET parameters allows overwriting any file accessible to the www-data user. CVE-2017-6188 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

Amazon Linux AMI : ntp (ALAS-2017-816)

Denial of Service via Malformed Config : A vulnerability was discovered in the NTP server's parsing of configuration directives. A remote, authenticated attacker could cause ntpd to crash by sending a crafted message.CVE-2017-6464 Potential Overflows in ctlput functions : A vulnerability was foun...

Amazon Linux AMI : cacti (ALAS-2017-817)

PHP Object Injection Vulnerabilities CVE-2014-4000 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AMI Security Advisory ALAS-2017-817. include'compat.inc'; if description scriptid99530; scriptversion"3.5";...

Amazon Linux AMI : tomcat7 / tomcat8 (ALAS-2017-822)

Incorrect handling of pipelined requests when send file was used A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost...

Amazon Linux AMI : kernel (ALAS-2017-814)

Possible double free in stcpsendmsg incorrect fix for CVE-2017-5986 : It was found that the code in net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service...

Amazon Linux AMI : gnutls (ALAS-2017-815)

A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients. CVE-2016-8610...

Amazon Linux AMI : wireshark (ALAS-2017-813)

Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux...

Amazon Linux AMI : tomcat6 (ALAS-2017-810)

It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP...

Amazon Linux AMI : php70 (ALAS-2017-812)

Integer overflow in gdio.c in the GD Graphics Library aka libgd before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image. CVE-2016-10168 In all versions of PHP 7, during the unserialization process, resizing the...

Amazon Linux AMI : vim (ALAS-2017-809)

An integer overflow flaw was found in the way vim handled tree length values when reading an undo file. This bug could result in vim crashing when trying to process corrupted undo files. CVE-2017-6350 An integer overflow flaw was found in the way vim handled undo files. This bug could result in v...

Amazon Linux AMI : kernel (ALAS-2017-811)

The skbs processed by ipcmsgrecv are not guaranteed to be linear e.g. when sending UDP packets over loopback with MSGMORE. Using csumpartial on potentially the whole skb len is dangerous; instead be on the safe side and use skbchecksum. This may lead to an infoleak as the kernel memory may be...

Amazon Linux AMI : php56 (ALAS-2017-808)

Integer overflow in gdio.c in the GD Graphics Library aka libgd before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.CVE-2016-10168 The objectcommon1 function in ext/standard/varunserializer.c in PHP before...

Amazon Linux AMI : openjpeg (ALAS-2017-807)

Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. CVE-2016-5139 , CVE-2016-5158 , CVE-2016-5159 , CVE-2016-7163 A...

Amazon Linux AMI : curl (ALAS-2017-806)

libcurl's implementation of the printf functions triggers a buffer overflow when doing a large floating point output. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks. This flaw does not exist in the comman...

Amazon Linux AMI : python-crypto (ALAS-2017-801)

A heap-buffer overflow vulnerability was discovered in cryptopp. This vulnerability can be used to remotely gain access to shell. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AMI Security Advisory ALAS-2017-801...

Amazon Linux AMI : libtiff / compat-libtiff3 (ALAS-2017-802)

Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. CVE-2016-9533 , CVE-2016-9534 ,...

Amazon Linux AMI : exim (ALAS-2017-804)

It was found that Exim leaked DKIM signing private keys to the 'mainlog' log file. As a result, an attacker with access to system log files could potentially access these leaked DKIM private keys. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extract...

Amazon Linux AMI : openssl (ALAS-2017-803)

An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite. CVE-2017-3731 A denial of service flaw was found in the way the TLS/SSL...