Amazon Linux AMI : python27 (ALAS-2014-293)

Buffer overflow in the socket.recvfrominto function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. C Tenable Network Security, Inc. The descriptive text and package checks in...

Amazon Linux AMI : ruby19 (ALAS-2014-290)

Algorithmic complexity vulnerability in Gem::Version::ANCHOREDVERSIONPATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service CP...

Amazon Linux AMI : python26 (ALAS-2014-292)

Buffer overflow in the socket.recvfrominto function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. C Tenable Network Security, Inc. The descriptive text and package checks in...

Amazon Linux AMI : openldap (ALAS-2014-294)

The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service slapd crash by unbinding immediately after a search request, which triggers rwmconndestroy to free the session context while it is being used by...

Amazon Linux AMI : libyaml (ALAS-2014-291)

The yamlparserscantaguri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow. C...

Amazon Linux AMI : augeas (ALAS-2014-286)

A flaw was found in the way Augeas handled certain umask settings when creating new configuration files. This flaw could result in configuration files being created as world-writable, allowing unprivileged local users to modify their content. CVE-2013-6412 C Tenable Network Security, Inc. The...

Amazon Linux AMI : openssl (ALAS-2014-273)

A flaw was found in the way OpenSSL determined which hashing algorithm to use when TLS protocol version 1.2 was enabled. This could possibly cause OpenSSL to use an incorrect hashing algorithm, leading to a crash of an application using the library. CVE-2013-6449 It was discovered that the Datagr...

Amazon Linux AMI : pixman (ALAS-2014-272)

An integer overflow, which led to a heap-based buffer overflow, was found in the way pixman handled trapezoids. If a remote attacker could trick an application using pixman into rendering a trapezoid shape with specially crafted coordinates, it could cause the application to crash or, possibly,...

Amazon Linux AMI : varnish (ALAS-2014-276)

Varnish before 3.0.5 allows remote attackers to cause a denial of service child-process crash and temporary caching outage via a GET request with trailing whitespace characters and no URI. varnish 3.0.3 uses world-readable permissions for the /var/log/varnish/ directory and the log files in the...

Amazon Linux AMI : graphviz (ALAS-2014-284)

Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AM...

Amazon Linux AMI : graphviz-php (ALAS-2014-285)

Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AM...

Amazon Linux AMI : puppet (ALAS-2014-288)

Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise PE before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fro...

Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2014-283)

An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger a Java Virtual Machine memory corruption when processed. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions...

Amazon Linux AMI : nss (ALAS-2014-274)

It was found that a subordinate Certificate Authority CA mis-issued an intermediate certificate, which could be used to conduct man-in-the-middle attacks. This update renders that particular intermediate certificate as untrusted. C Tenable Network Security, Inc. The descriptive text and package...

Amazon Linux AMI : openjpeg (ALAS-2014-271)

Multiple heap-based buffer overflow flaws were found in OpenJPEG. An attacker could create a specially crafted OpenJPEG image that, when opened, could cause an application using openjpeg to crash or, possibly, execute arbitrary code with the privileges of the user running the application...

Amazon Linux AMI : munin (ALAS-2014-275)

The getgrouptree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service infinite loop and memory consumption in the munin-html process via crafted multigraph data. Munin::Master::Node in Munin before 2.0.18 allows remote attackers to cau...

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2014-280)

An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger Java Virtual Machine memory corruption when processed. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions...

Amazon Linux AMI : libXfont (ALAS-2014-282)

A stack-based buffer overflow flaw was found in the way the libXfont library parsed Glyph Bitmap Distribution Format BDF fonts. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. CVE-2013-6462 C Tenable Network Security,...

Amazon Linux AMI : quagga (ALAS-2014-279)

The bgpattrunknown function in bgpattr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service bgpd crash via a crafted BGP update. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

Amazon Linux AMI : gnupg (ALAS-2014-278)

GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not...