Medium: samba

Issue Overview: A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file or printer instead of client-supplied data. The client cannot control th...

Medium: java-17-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6,...

Medium: ImageMagick

Issue Overview: stack overflow when parsing malicious tiff image CVE-2023-3195 The upstream bug report describes this issue as follows: "A vulnerability was found in ImageMagick =7.1.1, where heap-based buffer overflow was found in coders/tiff.c." CVE-2023-3428 Affected Packages: ImageMagick Issu...

Important: python-pillow

Issue Overview: The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service ReDoS via the getrgb function. CVE-2021-23437 Affected Packages: python-pillow Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the...

Medium: squashfs-tools

Issue Overview: Integer overflow in the readfragmenttable4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service application crash via a crafted input, which triggers a stack-based buffer overflow. CVE-2015-4645 1 unsquash-1.c, 2 unsquash-2.c, 3...

Medium: libfastjson

Issue Overview: A flaw was found in json-c. In printbufmemappend, certain crafted values can overflow the memory allowing an attacker to write past the memory boundary. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVE-2020-127...

Important: thunderbird

Issue Overview: If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacker could send a crafted messa...

Important: samba

Issue Overview: It was found that the Kerberos Key Distribution Center KDC delegation feature, Service for User S4U, did not sufficiently protect the tickets it's providing from tempering. A malicious, authenticated service principal allowed to delegate could use this flaw to impersonate a...

Important: git

Issue Overview: Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone where the source and targ...

Medium: glibc

Issue Overview: In the GNU C Library aka glibc or libc6 before 2.28, parseregexp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service assertion failure and application exit or trigger an incorrect result by attempting a regular-expression match...

Low: vim

Issue Overview: A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msgouttransspecial function. This flaw allows a specially crafted file to crash software or execute code when opened in vim. CVE-2022-2257 A heap buffer overflow vulnerability was found in Vim's inc...

Medium: java-17-amazon-corretto

Issue Overview: Title: Wider MultiByte conversions Buffer overflow is possible due to incorrect byte count should be character count. CVE-2022-21618 Title: Improve NTLM support writeSecurityBuffer writes a serialized security buffer to be used for NTLM auth. One of the fields that are serialized ...

Important: postgresql

Issue Overview: A flaw was found in postgresql. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as...

Important: java-1.7.0-openjdk

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to...

Important: java-1.8.0-openjdk

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to...

Important: rsyslog

Issue Overview: A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon or, potentially in rsyslog 7.x, execute arbitrary...

Medium: openldap

Issue Overview: A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP's slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability. CVE-2020-25709 A flaw was found in OpenLDAP...

Important: postgresql-jdbc

Issue Overview: A flaw was found in PostgreSQL JDBC in versions prior to 42.2.13. An XML External Entity XXE weakness was found in PostgreSQL JDBC. The highest threat from this vulnerability is to data confidentiality and system availability. CVE-2020-13692 Affected Packages: postgresql-jdbc Issu...

Important: nettle

Issue Overview: A flaw was found in Nettle, where several Nettle signature verification functions GOST DSA, EDDSA & ECDSA result in the Elliptic Curve Cryptography point ECC multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an...

Medium: vim

Issue Overview: A flaw was found in vim in the restricted mode, where all commands that make use of external shells are disabled. However, it was found that users could still execute some arbitrary OS commands in the restricted mode. This flaw was fixed by filtering the functions that can call OS...

Medium: golang

Issue Overview: Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. CVE-2020-28362 Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection. CVE-2020-28366 Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection. CVE-2020-28367 Affected Packages: golang Issue...

Medium: tomcat8

Issue Overview: While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent...

Medium: golang

Issue Overview: Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. CVE-2020-24553 Affected Packages: golang Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for...

Medium: bluez

Issue Overview: Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access CVE-2020-0556 Affected Packages: bluez Note: This advisory is applicable to Amazon Linux 2 A...

Medium: qt5-qtbase

Issue Overview: 2023-08-03: CVE-2020-24742 was added to this advisory. Files placed by attacker can influence the working directory and lead to malicious code execution CVE-2020-0569 Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to...

Medium: golang

Issue Overview: Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time. CVE-2020-15586 Affected Packages: golang Note: This advisory is...

Medium: lftp

Issue Overview: It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled...

Medium: libexif

Issue Overview: An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093. CVE-2020-13112 Affected Packages: libexif Note: This advisory is applicable to Amazon Linu...

Medium: binutils

Issue Overview: An issue was discovered in armpt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demanglearmhptemplate, demangleclassname, demanglefundtype,...

Medium: dhcp

Issue Overview: There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing an...

Low: unzip

Issue Overview: Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12.CVE-2018-18384 Affected Packages: unzip Note: This advisory is...

Medium: golang

Issue Overview: It was discovered that net/http through net/textproto in golang does not correctly interpret HTTP requests where an HTTP header contains spaces before the colon. This could be abused by an attacker to smuggle HTTP requests when a proxy or a firewall is placed behind a server...

Medium: libtiff

Issue Overview: Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service application crash via a crafted GIF file.CVE-2016-3186 An integer overflow has been discovered in libtiff in TIFFSetupStrips:tifwrite.c, which could le...

Medium: kernel

Issue Overview: There is a newly discovered variant side-channel attack of Spectre V1 which leverages SWAPGS instructions to bypass KPTI/KVA mitigations. This could lead to a kernel information disclosure. CVE-2019-1125 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2...

Important: bind

Issue Overview: A flaw was found in the way bind implemented tunable which limited simultaneous TCP client connections. A remote attacker could use this flaw to exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as l...

Low: poppler

Issue Overview: There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h. A crafted input will lead to a remote denial of service attack. Poppler versions later than 0.41.0 are not affected.CVE-2018-10768 The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in...

Important: systemd

Issue Overview: Large syslogd messages sent to journald can cause stack corruption, causing journald to crash. The version of systemd on Amazon Linux 2 is not vulnerable to privilege escalation in this case. CVE-2018-16864 Large native messages to journald can cause stack corruption, leading to...

Critical: java-1.8.0-openjdk

Issue Overview: Unbounded memory allocation during deserialization in Container AWT, 8189989 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: AWT. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161...

Important: 389-ds-base

Issue Overview: Authentication bypass due to lack of size check in slapictmemcmp function in chmalloc.c: It was found that 389-ds-base did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use th...

Important: mysql55, mysql56, mysql57

Issue Overview: Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via...

Medium: dhcp

Issue Overview: Omapi code doesn't free socket descriptors when empty message is received allowing denial-of-service It was found that the DHCP daemon did not properly clean up closed OMAPI connections in certain cases. A remote attacker able to connect to the OMAPI port could use this flaw to...

Medium: collectd

Issue Overview: Double free in csnmpreadtable function in snmp.c: The csnmpreadtable function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash or potentially have other impact. CVE-2017-16820 Affected...

Medium: postgresql92, postgresql93, postgresql94

Issue Overview: Privilege escalation flaws were found in the initialization scripts of PostgreSQL. A remote attacker with access to the postgres user account could use these flaws to obtain root access on the server machine. CVE-2017-12172 Invalid jsonpopulaterecordset or jsonbpopulaterecordset...

Important: mercurial

Issue Overview: A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Mercurial. This can be exploited to execute shell commands with the privileges of the user running the Mercurial client, for example, when performing a "checkout" or "update" action on a...

Important: rpcbind

Issue Overview: It was found that due to the way rpcbind uses libtirpc libntirpc, a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by...

Important: jasper

Issue Overview: Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. CVE-2016-8654, CVE-2016-9560, CVE-2016-10249, CVE-2015-5203, CVE-2015-5221, CVE-2016-1577,...

Medium: collectd

Issue Overview: Infinite loop due to incorrect interaction of parsepacket and parsepartsignsha256 functions: Collectd contains an infinite loop due to how the parsepacket and parsepartsignsha256 functions interact. If an instance of collectd is configured with "SecurityLevel None" and with empty...

Medium: wireshark

Issue Overview: Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. Affected Packages: wireshark Issue Correction: Run yum update wireshark or yum update --advisory...

Medium: ghostscript

Issue Overview: It was found that the ghostscript functions getenv, filenameforall and .libfile did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could read environment variable, list...

Medium: collectd

Issue Overview: A heap-based buffer overflow in the parsepacket function in network.c in collectd allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via a crafted network packet. Affected Packages: collectd Issue Correction: Run yum update collect...