Amazon Linux AMI : php56 (ALAS-2015-511)

A use-after-free flaw was found in PHP's OPcache extension. This flaw could possibly lead to a disclosure of portion of server memory. CVE-2015-1351 A NULL pointer dereference flaw was found in PHP's pgsql extension. A specially crafted table name passed to function as pginsert or pgselect could...

Amazon Linux AMI : php55 (ALAS-2015-510)

A use-after-free flaw was found in PHP's OPcache extension. This flaw could possibly lead to a disclosure of portion of server memory. CVE-2015-1351 A NULL pointer dereference flaw was found in PHP's pgsql extension. A specially crafted table name passed to function as pginsert or pgselect could...

Amazon Linux AMI : php54 (ALAS-2015-509)

A buffer overflow vulnerability was found in PHP's phar PHP Archive implementation. See https://bugs.php.net/bug.php?id=69324 for more details. CVE-2015-2783 A use-after-free flaw was found in PHP's phar PHP Archive paths implementation. A malicious script author could possibly use this flaw to...

Amazon Linux AMI : python-botocore (ALAS-2015-512)

A flaw was found in the way python-requests set the domain cookie parameter for certain HTTP responses. A remote attacker could use this flaw to modify a cookie to be sent to an arbitrary URL. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

Amazon Linux AMI : php54 (ALAS-2015-506)

A use-after-free flaw was found in the way PHP's unserialize function processed data. If a remote attacker was able to pass crafted input to PHP's unserialize function, they could cause the PHP interpreter to crash or, possibly, execute arbitrary code. CVE-2015-0231 An integer overflow flaw,...

Amazon Linux AMI : postgresql8 (ALAS-2015-503)

An information leak flaw was found in the way the PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to execute by observing the constraint violation error messages produced when the...

Amazon Linux AMI : flac (ALAS-2015-505)

A buffer overflow flaw was found in the way flac decoded FLAC audio files. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash or execute arbitrary code when the file was read. CVE-2014-9028 A buffer over-read flaw was found...

Amazon Linux AMI : php56 (ALAS-2015-508)

A use-after-free flaw was found in the way PHP's unserialize function processed data. If a remote attacker was able to pass crafted input to PHP's unserialize function, they could cause the PHP interpreter to crash or, possibly, execute arbitrary code. CVE-2015-0231 An integer overflow flaw,...

Amazon Linux AMI : unzip (ALAS-2015-504)

A buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with unzip's '-t' option. CVE-2014-9636 A buffer overflow flaw was found in the way...

Amazon Linux AMI : php55 (ALAS-2015-507)

A use-after-free flaw was found in the way PHP's unserialize function processed data. If a remote attacker was able to pass crafted input to PHP's unserialize function, they could cause the PHP interpreter to crash or, possibly, execute arbitrary code. CVE-2015-0231 An integer overflow flaw,...

Amazon Linux AMI : pigz (ALAS-2015-499)

Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a 1 full pathname or 2 .. dot dot in an archive. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AMI Security...

Amazon Linux AMI : gpgme (ALAS-2015-500)

Multiple heap-based buffer overflows in the statushandler function in 1 engine-gpgsm.c and 2 engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via vectors related to 'different line lengths in a specific order.' C...

Amazon Linux AMI : freetype (ALAS-2015-502)

Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handled Mac fonts. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially,...

Amazon Linux AMI : 389-ds-base (ALAS-2015-501)

An information disclosure flaw was found in the way the 389 Directory Server stored information in the Changelog that is exposed via the 'cn=changelog' LDAP sub-tree. An unauthenticated user could in certain cases use this flaw to read data from the Changelog, which could include sensitive...

Amazon Linux AMI : openssl (ALAS-2015-498)

A use-after-free flaw was found in the way OpenSSL importrf certain Elliptic Curve private keys. An attacker could use this flaw to crash OpenSSL, if a specially crafted certificate was imported. CVE-2015-0209 A denial of service flaw was found in the way OpenSSL handled certain SSLv2 messages. A...

Amazon Linux AMI : php55 (ALAS-2015-494) (GHOST)

A heap-based buffer overflow was found in glibc's nsshostnamedigitsdots function, which is used by the gethostbyname and gethostbyname2 glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the...

Amazon Linux AMI : glibc (ALAS-2015-495)

An out-of-bounds read flaw was found in the way glibc's iconv function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv function with a specially crafted argument could use this flaw to crash that application. CVE-2014-6040 It was found that the file...

Amazon Linux AMI : file (ALAS-2015-497)

The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes. CVE-2014-9620 The ELF parser readelf.c in file before 5.21 allows remote attackers to cause a denial of service CPU consumption or crash via a large number of 1 program or 2...

Amazon Linux AMI : bind (ALAS-2015-490)

A flaw was found in the way BIND handled trust anchor management. A remote attacker could use this flaw to cause the BIND daemon named to crash under certain conditions. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AMI...

Amazon Linux AMI : kernel (ALAS-2015-491)

It was reported that stack address is not properly randomized on some 64 bit architectures due to an integer overflow. The stack entropy of the processes is reduced by four. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AM...