Amazon Linux AMI : bind (ALAS-2015-573)

As reported upstream, an error in the handling of TKEY queries can be exploited by an attacker for use as a denial-of-service vector, as a constructed packet can use the defect to trigger a REQUIRE assertion failure, causing BIND to exit. C Tenable Network Security, Inc. The descriptive text and...

Amazon Linux AMI : usermode / libuser (ALAS-2015-572)

It was found that libuser, as used in the chfn userhelper functionality, does not properly filter out newline characters, which allows an authenticated local attacker to corrupt the /etc/passwd file and cause denial-of-service against the system. CVE-2015-3245 A flaw was found in the way the...

Amazon Linux AMI : openssh (ALAS-2015-568)

It was reported that when forwarding X11 connections with ForwardX11Trusted=no, connections made after ForwardX11Timeout expired could be permitted and no longer subject to XSECURITY restrictions because of an ineffective timeout check in ssh1 coupled with 'fail open' behavior in the X11 server...

Amazon Linux AMI : kernel (ALAS-2015-565)

It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array...

Amazon Linux AMI : nss / nss-util (ALAS-2015-569) (Logjam)

A flaw was found in the way the TLS protocol composes the Diffie-Hellman DH key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them do decrypt all traffic. CVE-2015-4000 Please note that this update...

Amazon Linux AMI : bind (ALAS-2015-566)

A flaw was found in the way BIND performed DNSSEC validation. An attacker able to make BIND functioning as a DNS resolver with DNSSEC validation enabled resolve a name in an attacker-controlled domain could cause named to exit unexpectedly with an assertion failure. C Tenable Network Security, In...

Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2015-571) (Bar Mitzvah) (Logjam)

Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. CVE-2015-4760 , CVE-2015-2628 , CVE-2015-4731 , CVE-2015-2590 , CVE-2015-4732 , CVE-2015-4733 A flaw wa...

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2015-570) (Bar Mitzvah) (Logjam)

Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. CVE-2015-4760 , CVE-2015-2628 , CVE-2015-4731 , CVE-2015-2590 , CVE-2015-4732 , CVE-2015-4733 A flaw wa...

Amazon Linux AMI : 389-ds-base (ALAS-2015-567)

It was reported that nsSSL3Ciphers preference is not enforced server side, this allows for a potential downgrade attack to take place. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AMI Security Advisory ALAS-2015-567...

Medium: 389-ds-base

Issue Overview: It was reported https://fedorahosted.org/389/ticket/48194 that nsSSL3Ciphers preference is not enforced server side, this allows for a potential downgrade attack to take place. Affected Packages: 389-ds-base Issue Correction: Run yum update 389-ds-base or yum update --advisory...

Amazon Linux AMI : openssl (ALAS-2015-564)

During certificate verfification, OpenSSL starting from version 1.0.1n and 1.0.2b will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted...

Amazon Linux AMI : php55 (ALAS-2015-562)

Upstream reports that several bugs have been fixed as well as several security issues into some bundled libraries CVE-2015-3414 , CVE-2015-3415 , CVE-2015-3416 , CVE-2015-2325 and CVE-2015-2326. All PHP 5.5 users are encouraged to upgrade to this version. Please see the upstream release notes for...

Amazon Linux AMI : php56 (ALAS-2015-563)

Upstream reports that several bugs have been fixed as well as several security issues into some bundled libraries CVE-2015-3414 , CVE-2015-3415 , CVE-2015-3416 , CVE-2015-2325 and CVE-2015-2326. All PHP 5.6 users are encouraged to upgrade to this version. Please see the upstream release notes for...

Critical: openssl

Issue Overview: During certificate verfification, OpenSSL starting from version 1.0.1n and 1.0.2b will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain chec...

Amazon Linux AMI : php54 (ALAS-2015-561)

Upstream reports that six security-related issues in PHP were fixed in this release, as well as several security issues in bundled sqlite library CVE-2015-3414 , CVE-2015-3415 , CVE-2015-3416. All PHP 5.4 users are encouraged to upgrade to this version. Please see the upstream release notes for...

Amazon Linux AMI : postgresql8 (ALAS-2015-556)

A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is triggered. CVE-2015-3165 It was discovered that PostgreSQL did not proper...

Amazon Linux AMI : php-ZendFramework (ALAS-2015-560)

Upstream reported a vulnerability in the Zend\Mail component in Zend Framework 2, specifically in how it handles headers. Headers are not correctly filtered for newlines, allowing the ability to send additional, unrelated headers and to bypass additional headers by emitting the header/body...

Amazon Linux AMI : fuse (ALAS-2015-558)

It was discovered that fusermount failed to properly sanitize its environment before executing mount and umount commands. A local user could possibly use this flaw to escalate their privileges on the system. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

Amazon Linux AMI : tcpdump (ALAS-2015-557)

Integer signedness error in the mobilityoptprint function in the IPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service out-of-bounds read and crash or possibly execute arbitrary code via a negative length value. CVE-2015-0261 The osiprintcksum function...

Amazon Linux AMI : cups (ALAS-2015-559)

A string reference count bug was found in cupsd, causing premature freeing of string objects. An attacker can submit a malicious print job that exploits this flaw to dismantle ACLs protecting privileged operations, allowing a replacement configuration file to be uploaded which in turn allows the...