Amazon Linux AMI : glibc (ALAS-2012-109)

Multiple errors in glibc's formatted printing functionality could allow an attacker to bypass FORTIFYSOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. C...

Amazon Linux AMI : openssl (ALAS-2012-72)

Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 Abstract Syntax Notation One data from BIO OpenSSL's I/O abstraction inputs. Specially crafted DER Distinguished Encoding Rules encoded data read from a file or other BIO input could cause...

Amazon Linux AMI : mesa (ALAS-2013-198)

An out-of-bounds access flaw was found in Mesa. If an application using Mesa exposed the Mesa API to untrusted inputs Mozilla Firefox does this, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application...

Amazon Linux AMI : mysql55 (ALAS-2013-187)

This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found in the References section. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AMI Security Advisory ALAS-2013-18...

Amazon Linux AMI : glibc (ALAS-2012-120)

Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc's functions for converting a string to a numeric representation strtod, strtof, and strtold. If an application used such a function on attacker controlled input, it could cause the application to crash o...

Amazon Linux AMI : python27 (ALAS-2012-81)

SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service infinite loop and CPU consumption via an XML-RPC POST request that contains a smaller amount of data than specified...

Amazon Linux AMI : nginx (ALAS-2011-30)

Heap-based buffer overflow in compression-pointer processing in core/ngxresolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service daemon crash or possibly have unspecified other impact via a long response. C Tenable Network Security, Inc. The descriptive text and...

Amazon Linux AMI : kernel (ALAS-2012-55)

A buffer overflow flaw was found in the way the Linux kernel's XFS file system implementation handled links with overly long path names. A local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges by mounting a specially crafted disk. CVE-2011-4077 ,...

Amazon Linux AMI : nagios (ALAS-2012-50)

Multiple cross-site scripting XSS vulnerabilities in config.c in config.cgi in 1 Nagios 3.2.3 and 2 Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an a command action or a b hosts action. C Tenable Network Security,...

Amazon Linux AMI : kernel (ALAS-2011-16)

The skbgroheaderslow function in include/linux/netdevice.h in the Linux kernel before 2.6.39.4, when Generic Receive Offload GRO is enabled, resets certain fields in incorrect situations, which allows remote attackers to cause a denial of service system crash via crafted network traffic. Race...

Amazon Linux AMI : libtiff (ALAS-2012-106)

libtiff did not properly convert between signed and unsigned integer values, leading to a buffer overflow. An attacker could use this flaw to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code...

Amazon Linux AMI : kernel / nvidia (ALAS-2013-154)

The xenfailsafecallback function in Xen for the Linux kernel 2.6.23 and other versions, when running a 32-bit PVOPS guest, allows local users to cause a denial of service guest crash by triggering an iret fault, leading to use of an incorrect stack pointer and stack corruption. C Tenable Network...

Amazon Linux AMI : php-ZendFramework (ALAS-2013-153)

The 1 ZendFeedRss and 2 ZendFeedAtom classes in ZendFeed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service CPU and memory consumption via an XML External...

Amazon Linux AMI : python26 (ALAS-2012-80)

SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service infinite loop and CPU consumption via an XML-RPC POST request that contains a smaller amount of data than specified...

Amazon Linux AMI : nss (ALAS-2012-108)

A flaw was found in the way the ASN.1 Abstract Syntax Notation One decoder in NSS handled zero length items. This flaw could cause the decoder to incorrectly skip or replace certain items with a default value, or could cause an application to crash if, for example, it received a specially crafted...

Amazon Linux AMI : freeradius (ALAS-2012-131)

A buffer overflow flaw was discovered in the way radiusd handled the expiration date field in X.509 client certificates. A remote attacker could possibly use this flaw to crash radiusd if it were configured to use the certificate or TLS tunnelled authentication methods such as EAP-TLS, EAP-TTLS,...

Amazon Linux AMI : bind (ALAS-2012-124)

A flaw was found in the way BIND handled resource records with a large RDATA value. A malicious owner of a DNS domain could use this flaw to create specially crafted DNS resource records, that would cause a recursive resolver or secondary server to exit unexpectedly with an assertion failure...

Amazon Linux AMI : openswan (ALAS-2013-192)

A buffer overflow flaw was found in Openswan. If Opportunistic Encryption were enabled 'oe=yes' in '/etc/ipsec.conf' and an RSA key configured, an attacker able to cause a system to perform a DNS lookup for an attacker-controlled domain containing malicious records such as by sending an email tha...

Amazon Linux AMI : mysql51 (ALAS-2012-92)

A flaw was found in the way MySQL processed HANDLER READ NEXT statements after deleting a record. A remote, authenticated attacker could use this flaw to provide such requests, causing mysqld to crash. This issue only caused a temporary denial of service, as mysqld was automatically restarted aft...

Amazon Linux AMI : php (ALAS-2012-41)

It was discovered that the fix for CVE-2011-4885 introduced an uninitialized memory use flaw. A remote attacker could send a specially crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code. C Tenable Network Security, Inc. The descriptive text and package...