Amazon Linux AMI : freeradius (ALAS-2012-131)

A buffer overflow flaw was discovered in the way radiusd handled the expiration date field in X.509 client certificates. A remote attacker could possibly use this flaw to crash radiusd if it were configured to use the certificate or TLS tunnelled authentication methods such as EAP-TLS, EAP-TTLS,...

Amazon Linux AMI : glibc (ALAS-2012-39)

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code wi...

Amazon Linux AMI : python26 (ALAS-2012-80)

SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service infinite loop and CPU consumption via an XML-RPC POST request that contains a smaller amount of data than specified...

Amazon Linux AMI : bind (ALAS-2012-124)

A flaw was found in the way BIND handled resource records with a large RDATA value. A malicious owner of a DNS domain could use this flaw to create specially crafted DNS resource records, that would cause a recursive resolver or secondary server to exit unexpectedly with an assertion failure...

Amazon Linux AMI : postgresql8 (ALAS-2012-129)

It was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges of the database server when parsing Extensible Stylesheet Language Transformations XSLT. An unprivileged database user could use this flaw to read and...

Amazon Linux AMI : bind (ALAS-2012-146)

A flaw was found in the DNS64 implementation in BIND. If a remote attacker sent a specially crafted query to a named server, named could exit unexpectedly with an assertion failure. Note that DNS64 support is not enabled by default. CVE-2012-5688 C Tenable Network Security, Inc. The descriptive...

Amazon Linux AMI : kernel (ALAS-2012-34)

The Linux kernel before 3.2.2 does not properly restrict SGIO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to 1 a partition block device or 2 an LVM volume. C Tenable Network Security, Inc. The descriptive text a...

Amazon Linux AMI : postgresql (ALAS-2011-12)

A signedness issue was found in the way the crypt function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character one with the high bit set had no effect on the hash result, thus...

Amazon Linux AMI : openssh (ALAS-2012-99)

A denial of service flaw was found in the OpenSSH GSSAPI authentication implementation. A remote, authenticated user could use this flaw to make the OpenSSH server daemon sshd use an excessive amount of memory, leading to a denial of service. GSSAPI authentication is enabled by default...

Amazon Linux AMI : ghostscript (ALAS-2012-127)

An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library icclib. An attacker could create a specially crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execu...

Amazon Linux AMI : puppet (ALAS-2012-53)

Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login. The changeuser method in the SUIDManager...

Amazon Linux AMI : mesa (ALAS-2013-198)

An out-of-bounds access flaw was found in Mesa. If an application using Mesa exposed the Mesa API to untrusted inputs Mozilla Firefox does this, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application...

Amazon Linux AMI : mysql51 (ALAS-2012-141)

This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages, listed below. - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.htmlAppendixMSQL April 2012 -...

Amazon Linux AMI : libexif (ALAS-2012-126)

Multiple flaws were found in the way libexif processed Exif tags. An attacker could create a specially crafted image file that, when opened in an application linked against libexif, could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user runnin...

Amazon Linux AMI : nginx (ALAS-2011-30)

Heap-based buffer overflow in compression-pointer processing in core/ngxresolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service daemon crash or possibly have unspecified other impact via a long response. C Tenable Network Security, Inc. The descriptive text and...

Amazon Linux AMI : kernel (ALAS-2012-122)

The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCMCREDENTIALS data, which might allow local users to spoof Netlink communication via a crafted message, as demonstrated by a message to 1 Avahi or 2 NetworkManager. C Tenable Network Security...

Amazon Linux AMI : socat (ALAS-2012-87)

Heap-based buffer overflow in the xioscanreadline function in xio-readline.c in socat 1.4.0.0 through 1.7.2.0 and 2.0.0-b1 through 2.0.0-b4 allows local users to execute arbitrary code via the READLINE address. C Tenable Network Security, Inc. The descriptive text and package checks in this plugi...

Amazon Linux AMI : curl (ALAS-2013-210)

The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL. C Tenable Network Security, Inc. The descriptive text and package checks ...

Medium: mysql51

Issue Overview: This update fixes several vulnerabilities in the MySQL database server. Affected Packages: mysql51 Issue Correction: Run yum update mysql51 or yum update --advisory ALAS-2013-152 to update your system. New Packages: i686: mysql51-5.1.67-1.60.amzn1.i686 ...

Important: nss

Issue Overview: It was found that a Certificate Authority CA mis-issued two intermediate certificates to customers. These certificates could be used to launch man-in-the-middle attacks. This update renders those certificates as untrusted. This covers all uses of the certificates, including SSL,...