Amazon Linux AMI : openssl (ALAS-2012-38)

It was discovered that the Datagram Transport Layer Security DTLS protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding...

Amazon Linux AMI : nvidia (ALAS-2012-67)

The NVIDIA UNIX driver before 295.40 allows local users to access arbitrary memory locations by leveraging GPU device-node read/write privileges. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AMI Security Advisory...

Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2012-43)

It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine JVM, or bypass Java sandbox restrictions. CVE-2012-0497 It...

Amazon Linux AMI : ca-certificates (ALAS-2011-03)

This update includes the latest updates to the root Certificate Authority list from Mozilla. It was found that a Certificate Authority CA issued fraudulent HTTPS certificates. This update removes that CA's root certificate from the ca-certificates package, rendering any HTTPS certificates signed ...

Amazon Linux AMI : openswan (ALAS-2011-18)

A use-after-free flaw was found in the way Openswan's pluto IKE daemon used cryptographic helpers. A remote, authenticated attacker could send a specially crafted IKE packet that would crash the pluto daemon. This issue only affected SMP symmetric multiprocessing systems that have the cryptograph...

Amazon Linux AMI : dbus (ALAS-2012-128)

It was discovered that the D-Bus library honored environment settings even when running with elevated privileges. A local attacker could possibly use this flaw to escalate their privileges, by setting specific environment variables before running a setuid or setgid application linked against the...

Amazon Linux AMI : puppet (ALAS-2013-213)

Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call. C Tenable Network Security, Inc. The descriptive text and...

Amazon Linux AMI : postgresql (ALAS-2011-12)

A signedness issue was found in the way the crypt function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character one with the high bit set had no effect on the hash result, thus...

Amazon Linux AMI : libxml2 (ALAS-2012-143)

A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the...

Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2012-136) (ROBOT)

Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. CVE-2012-5086 , CVE-2012-5084 , CVE-2012-5089 Multiple improper permission check issues...

Amazon Linux AMI : rpm (ALAS-2012-61)

Multiple flaws were found in the way RPM parsed package file headers. An attacker could create a specially crafted RPM package that, when its package header was accessed, or during package signature verification, could cause an application using the RPM library such as the rpm command line tool, ...

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2013-162)

Multiple improper permission check issues were discovered in the JMX and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. CVE-2013-1486 , CVE-2013-1484 An improper permission check issue was discovered in the...

Amazon Linux AMI : gdb (ALAS-2013-159)

GDB tried to auto-load certain files such as GDB scripts, Python scripts, and a thread debugging library from the current working directory when debugging programs. This could result in the execution of arbitrary code with the user's privileges when GDB was run in a directory that has untrusted...

Amazon Linux AMI : nss (ALAS-2013-149)

It was found that a Certificate Authority CA mis-issued two intermediate certificates to customers. These certificates could be used to launch man-in-the-middle attacks. This update renders those certificates as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and code...

Amazon Linux AMI : bind (ALAS-2012-138)

A flaw was found in the way BIND handled certain combinations of resource records. A remote attacker could use this flaw to cause a recursive resolver, or an authoritative server in certain configurations, to lockup. CVE-2012-5166 C Tenable Network Security, Inc. The descriptive text and package...

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2012-137) (ROBOT)

Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. CVE-2012-5086 , CVE-2012-5084 , CVE-2012-5089 Multiple improper permission check issues...

Amazon Linux AMI : xorg-x11-server (ALAS-2012-104)

A flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack. CVE-2011-4028 A race condition was found in the way the...

Amazon Linux AMI : ruby19 (ALAS-2013-195)

lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service memory consumption and crash via crafted text nodes in an XML document, aka an XML Entity Expansion XEE attack. C Tenable Network Security, Inc. The descriptive text and package...

Amazon Linux AMI : tomcat6 (ALAS-2013-196)

The 1 tomcat5, 2 tomcat6, and 3 tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on a tomcat5-initd.log, b...

Amazon Linux AMI : fetchmail (ALAS-2012-132)

Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to 1 cause a denial of service crash and delayed delivery of inbound mail via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or 2 obtain sensitive informati...