Important: xorg-x11-server

Issue Overview: A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems...

Medium: rust

Issue Overview: Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the /.cargo folder on disk, making it available to the Rust projects it builds. To reco rd when an extraction is successful, Cargo writes "ok" to the...

Medium: libtiff

Issue Overview: A flaw was found in libtiff where a NULL source pointer passed as an argument to the memcpy function within the TIFFReadDirectory in tifdirread.c. This flaw allows an attacker to exploit this vulnerability via a crafted TIFF file, causing a crash and leading to a denial of service...

Important: openvpn

Issue Overview: OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. CVE-2020-15078 Affected Packages: openvpn...

Medium: cloud-init

Issue Overview: A vulnerability was discovered in cloud-init which can improperly disclose randomly generated passwords as part of the chpasswd module. The fix prevents the generated password from being written to a world-readable log file on the local disk. CVE-2021-3429 Affected Packages:...

Medium: e2fsprogs

Issue Overview: An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability...

Low: poppler

Issue Overview: A divide-by-zero error was found in the way Poppler handled certain PDF files. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by an application linked to Poppler, would crash the application causing a denial of service...

Medium: freeradius

Issue Overview: It was discovered freeradius does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the...

Medium: chrony

Issue Overview: A flaw was found in chrony when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file name...

Medium: polkit

Issue Overview: A flaw was found in PolicyKit aka polkit 0.115 that allows a user with a uid greater than INTMAX to successfully execute any systemctl command.CVE-2018-19788 Affected Packages: polkit Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section f...

Medium: sssd

Issue Overview: A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.CVE-2018-16838 A vulnerability was found in sss...

Medium: golang

Issue Overview: Go mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service CPU consumption or possibly conduct ECDH private key recovery attacks.CVE-2019-6486 Note: This CVE is also fixed in golang-1.11.3-2.amzn2.0.2 in the golang1.11 extras repository...

Medium: python3

Issue Overview: Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat's internal data...

Medium: wpa_supplicant

Issue Overview: An issue was discovered in rsnsupp/wpa.c in wpasupplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover...

Important: qemu-kvm

Issue Overview: A heap buffer overflow issue was found in the way SLiRP networking back-end in QEMU processes fragmented packets. It could occur while reassembling the fragmented datagrams of an incoming packet. A privileged user/process inside guest could use this flaw to crash the QEMU process...

Important: git

Issue Overview: In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.CVE-2018-11233 In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16...

Medium: postgresql96

Issue Overview: The pgusermappings view discloses passwords to users lacking server privileges: An authorization flaw was found in the way PostgreSQL handled access to the pgusermappings view on foreign servers. A remote authenticated attacker could potentially use this flaw to retrieve passwords...

Medium: postgresql94, postgresql95

Issue Overview: pgusermappings view discloses passwords to users lacking server privileges: An authorization flaw was found in the way PostgreSQL handled access to the pgusermappings view on foreign servers. A remote authenticated attacker could potentially use this flaw to retrieve passwords fro...

Medium: glibc

Issue Overview: Unbounded stack allocation in catopen function A stack based buffer overflow vulnerability was found in the catopen function. An excessively long string passed to the function could cause it to crash or, potentially, execute arbitrary code.CVE-2015-8779 Integer overflow in hcreate...

Medium: util-linux

Issue Overview: Sending SIGKILL to other processes with root privileges via su: A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.CVE-2017-26...

Medium: poppler

Issue Overview: A heap-buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler to crash or, potentially, execute arbitrary code when opened. Affected Packages: poppler Issue Correction: Run yum update poppler o...

Low: xfsprogs

Issue Overview: It was discovered that the xfsmetadump tool of the xfsprogs suite did not fully adhere to the standards of obfuscation described in its man page. In case a user with the necessary privileges used xfsmetadump and relied on the advertised obfuscation, the generated data could contai...

Important: ganglia

Issue Overview: Ganglia-web auth can be bypassed using boolean serialization CVE-2015-6816. Affected Packages: ganglia Issue Correction: Run yum update ganglia or yum update --advisory ALAS-2015-612 to update your system. New Packages: i686: ganglia-gmetad-3.7.2-2.19.amzn1.i686 ...

Low: gnupg2

Issue Overview: It was reported https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html that gnupg2 keyring DB code did not reject packets which don't belong into a keyring, which may lead to invalid read of sizeof int. Affected Packages: gnupg2...

Critical: bind

Issue Overview: As reported upstream https://kb.isc.org/article/AA-01272/0, an error in the handling of TKEY queries can be exploited by an attacker for use as a denial-of-service vector, as a constructed packet can use the defect to trigger a REQUIRE assertion failure, causing BIND to exit...

Medium: 389-ds-base

Issue Overview: It was reported https://fedorahosted.org/389/ticket/48194 that nsSSL3Ciphers preference is not enforced server side, this allows for a potential downgrade attack to take place. Affected Packages: 389-ds-base Issue Correction: Run yum update 389-ds-base or yum update --advisory...

Important: flac

Issue Overview: A buffer overflow flaw was found in the way flac decoded FLAC audio files. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash or execute arbitrary code when the file was read. CVE-2014-9028 A buffer over-rea...

Medium: graphviz-php

Issue Overview: Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string. Affected Packages: graphviz-php Issue...

Medium: libX11, libXcursor, libXfixes, libXi, libXrandr, libXrender, libXres, libXt, libXv, libXvMC, libXxf86dga, libXxf86vm, libdmx, xorg-x11-proto-devel

Issue Overview: Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way various X11 client libraries handled certain protocol data. An attacker able to submit invalid protocol data to an X11 server via a malicious X11 client could use either of these flaws t...

Medium: libXtst

Issue Overview: Integer overflow in X.org libXtst 1.2.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XRecordGetContext function. Affected Packages: libXtst Issue Correction: Run yum update libXtst or yum update --adviso...

Important: axis

Issue Overview: It was discovered that Axis incorrectly extracted the host name from an X.509 certificate subject's Common Name CN field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. CVE-2014-3596 Affected Packages: axis Issu...

Low: exim

Issue Overview: expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value. Affected Packages: exim Issue Correction: Run yum update exim or yum update --advisory ALAS-2014-395 to updat...

Important: libmicrohttpd

Issue Overview: Stack-based buffer overflow in the MHDdigestauthcheck function in libmicrohttpd before 0.9.32, when MHDOPTIONCONNECTIONMEMORYLIMIT is set to a large value, allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a long URI in an...

Medium: cyrus-sasl

Issue Overview: Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service thread crash and consumption via 1 an invalid salt o...

Medium: graphviz-php

Issue Overview: Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a "badly formed number" and a "long digit list." Stack-based buffer overflow in the yyerror function in...

Important: openssl

Issue Overview: Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 Abstract Syntax Notation One data from BIO OpenSSL's I/O abstraction inputs. Specially-crafted DER Distinguished Encoding Rules encoded data read from a file or other BIO...

Medium: wireshark

Issue Overview: Several flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. Several denial of service flaws were found in Wireshark. Wireshark could...

Medium: libpng

Issue Overview: A heap-based buffer overflow flaw was found in the way libpng processed compressed chunks in PNG image files. An attacker could create a specially-crafted PNG image file that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with t...

Medium: cvs

Issue Overview: A heap-based buffer overflow flaw was found in the way the CVS client handled responses from HTTP proxies. A malicious HTTP proxy could use this flaw to cause the CVS client to crash or, possibly, execute arbitrary code with the privileges of the user running the CVS client...

Medium: perl

Issue Overview: A heap-based buffer overflow flaw was found in the way Perl decoded Unicode strings. An attacker could create a malicious Unicode string that, when decoded by a Perl program, would cause the program to crash or, potentially, execute arbitrary code with the permissions of the user...

Medium: openjpeg2

Issue Overview: openjpeg: heap buffer overflow in bin/common/color.c CVE-2024-56826 openjpeg: heap buffer overflow in lib/openjp2/j2k.c CVE-2024-56827 Affected Packages: openjpeg2 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference...

Medium: curl

Issue Overview: When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform...

Important: java-11-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.1...

Medium: golist

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

Medium: golang

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

Medium: kernel

Issue Overview: A Speculative Race Condition SRC vulnerability that impacts modern CPU architectures supporting speculative execution related to Spectre V1 has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions ...

Low: grub2

Issue Overview: A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporar...

Medium: ncurses

Issue Overview: ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/libtermcap.c. CVE-2023-45918 Affected Packages: ncurses Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras...

Medium: jsoup

Issue Overview: jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting XSS safety. jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default...

Medium: nss-softokn

Issue Overview: Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox 121. CVE-2023-6135 Affected Packages: nss-softokn Note: This advisory is applicable...