Amazon Linux AMI : httpd (ALAS-2012-46)

It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request, or by using a specially crafted URI...

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2013-168)

An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. CVE-2013-0809 It was...

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2013-183)

Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. CVE-2013-1569 , CVE-2013-2383 , CVE-2013-2384 Multiple improper permission check issues were...

Amazon Linux AMI : rsyslog (ALAS-2012-105)

A numeric truncation error, leading to a heap-based buffer overflow, was found in the way the rsyslog imfile module processed text files containing long lines. An attacker could use this flaw to crash the rsyslogd daemon or, possibly, execute arbitrary code with the privileges of rsyslogd, if the...

Amazon Linux AMI : gnutls (ALAS-2013-197)

It was discovered that the fix for the CVE-2013-1619 issue introduced a regression in the way GnuTLS decrypted TLS/SSL encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to crash a server or client application that uses GnuTLS. CVE-2013-2116 C...

Amazon Linux AMI : krb5 (ALAS-2012-114)

An uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled initial authentication requests AS-REQ. A remote, unauthenticated attacker could use this flaw to crash the KDC via a specially crafted AS-REQ request. CVE-2012-1015 A NULL pointer dereference flaw was found in th...

Amazon Linux AMI : kernel (ALAS-2012-133)

An integer overflow flaw was found in the i915gemdoexecbuffer function in the Intel i915 driver in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service. This issue only affected 32-bit systems. CVE-2012-2384 , Moderate A memory leak flaw was found in the w...

Amazon Linux AMI : munin (ALAS-2012-130)

Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart plugin. C Tenable Network Security, Inc. The descriptive text and...

Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2012-88)

Multiple flaws were discovered in the CORBA Common Object Request Broker Architecture implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandbox restrictions or modify immutable object data. CVE-2012-1711 , CVE-2012-1719 It was discovered that the...

Amazon Linux AMI : nginx (ALAS-2012-63)

Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request. C Tenable Network Security, Inc. The descriptive text and package checks...

Amazon Linux AMI : cups (ALAS-2013-170)

It was discovered that CUPS administrative users members of the SystemGroups groups who are permitted to perform CUPS configuration changes via the CUPS web interface could manipulate the CUPS configuration to gain unintended privileges. Such users could read or write arbitrary files with the...

Amazon Linux AMI : ghostscript (ALAS-2012-127)

An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library icclib. An attacker could create a specially crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execu...

Amazon Linux AMI : libxml2 (ALAS-2012-36)

A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrar...

Amazon Linux AMI : openldap (ALAS-2012-101)

A denial of service flaw was found in the way the OpenLDAP server daemon slapd processed certain search queries requesting only attributes and no values. In certain configurations, a remote attacker could issue a specially crafted LDAP search query that, when processed by slapd, would cause slapd...

Amazon Linux AMI : mysql51 (ALAS-2013-186)

This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found in the References section. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AMI Security Advisory ALAS-2013-18...

Amazon Linux AMI : nginx (ALAS-2013-189)

http/modules/ngxhttpproxymodule.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxypass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service crash and obtain sensitive information from worker process memory via a crafted proxy response, a simila...

Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2012-119)

It was discovered that the Beans component in OpenJDK did not perform permission checks properly. An untrusted Java application or applet could use this flaw to use classes from restricted packages, allowing it to bypass Java sandbox restrictions. CVE-2012-1682 A hardening fix was applied to the...

Amazon Linux AMI : glibc (ALAS-2012-39)

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code wi...

Amazon Linux AMI : php54 (ALAS-2013-206)

Heap-based buffer overflow in the phpquotprintencode function in ext/standard/quotprint.c in PHP before 5.3.26 and 5.4.x before 5.4.16 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted argument to the quotedprintableenco...

Amazon Linux AMI : httpd (ALAS-2013-193)

Cross-site scripting XSS flaws were found in the modproxybalancer module's manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially crafted URL, it would lead to arbitrary web script execution in the context of the...