Medium: gnupg2

Issue Overview: A vulnerability was found in GnuPG. This issue occurs due to an escape detection loop at the writestatustextandbuffer function in g10/cpr.c. This flaw allows a malicious actor to bypass access control. CVE-2022-34903 Affected Packages: gnupg2 Issue Correction: Run yum update gnupg...

Important: clamav

Issue Overview: On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus ClamAV versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions...

Low: 389-ds-base

Issue Overview: A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successf ully match during authentication. This flaw allows an attacker to successfully authenticate as a user whos...

Medium: rust

Issue Overview: A race condition flaw was found in Rust's std::fs::removedirall function. Rust applications that use this function may be vulnerable to a race condition where an unprivileged attacker can trick the application into deleting files and directories, causing an impact on system data...

Medium: libtiff

Issue Overview: A flaw was found in libtiff where a NULL source pointer passed as an argument to the memcpy function within the TIFFReadDirectory in tifdirread.c. This flaw allows an attacker to exploit this vulnerability via a crafted TIFF file, causing a crash and leading to a denial of service...

Medium: docker

Issue Overview: A flaw was found in the userns-remap feature of Docker. The root user in the remapped namespace can modify files under /var/lib/docker/, leading to possible privilege escalation to the root user in the host. The highest threat from this vulnerability is to data integrity...

Medium: docker

Issue Overview: Docker Engine before 18.09 allows attackers to cause a denial of service dockerd memory consumption via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemonunix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go. CVE-2018-20699 A command injectio...

Important: thunderbird

Issue Overview: Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects...

Important: ca-certificates

Issue Overview: Update of ca-certificates to version 2021.2.50-72.amzn2.0.1 addresses the expiring IdentTrust DST Root CA X3, which affected some Let's Encrypt TLS certificates. The effect of the expiring certificate would be an inability of OpenSSL to validate impacted certificates issued by Let...

Medium: php-pear

Issue Overview: In ArchiveTar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193. CVE-2021-32610 Affected Packages: php-pear Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section fo...

Medium: wpa_supplicant

Issue Overview: In p2pcopyclientinfo of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not needed f...

Low: screen

Issue Overview: A flaw was found in screen. A specially crafted sequence of combining characters could cause an out of bounds write leading to arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVE-2021-269...

Important: xorg-x11-server

Issue Overview: A flaw was found in the way the Xserver memory was not properly initialized. This issue leak parts of server memory to the X client. In cases where the Xorg server runs with elevated privileges, this flaw results in a possible ASLR bypass. CVE-2020-14347 A flaw was found in the...

Medium: cloud-init

Issue Overview: The default cloud-init configuration included "sshdeletekeys: 0", disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances created by cloning a golden master or template system, sharing ssh host keys, and being able to impersonate one...

Medium: gd

Issue Overview: An integer overflow, leading to a heap-based buffer overflow was found in the imagecreatefromgd2 function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application,...

Low: exiv2

Issue Overview: An out of bounds read vulnerability was discovered in the way exiv2 parses Canon raw format CRW images. An application that uses exiv2 library to parse untrusted images may be vulnerable to this flaw, which could be used by an attacker to extract data from the application's memory...

Medium: libcroco

Issue Overview: A stack overflow flaw was found in libcroco. A service using libcroco's CSS parser could be crashed by a local, authenticated attacker, or an attacker utilizing social engineering, using a crafted input. The highest threat from this vulnerability is to system availability...

Important: spice-gtk

Issue Overview: Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system. Both the SPICE client spice-gtk and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that...

Medium: zziplib

Issue Overview: It was discovered that zziplib is vulnerable to a directory traversal flaw in most of its unzip binaries, including unzip-mem, unzzipcat-mem, unzzipcat-big, unzzipcat-mix, and unzzipcat-zip. An attacker may use this flaw to write files outside the intended target directory,...

Medium: bash

Issue Overview: rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASHCMDS, thus allowing the user to execute any command with the permissions of the shell. CVE-2019-9924 Affected Packages: bash Issue Correction: Run yum update bash or yum update --advisory ALAS-2020-13...

Important: libvncserver

Issue Overview: Integer Overflow or Wraparound leads to Heap-based Buffer Overflow CVE-2019-15690 Affected Packages: libvncserver Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue...

Medium: transfig

Issue Overview: readcolordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. CVE-2019-19797 makearrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type. CVE-2019-19746 Affected Packages: transfi...

Important: libarchive

Issue Overview: archivereadformatrarreaddata in archivereadsupportformatrar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVEFAILED situation, related to Ppmd7DecodeSymbol. CVE-2019-18408 Affected Packages: libarchive Note: This advisory is applicable to Amazon Linux 2 AL2 Co...

Medium: fence-agents

Issue Overview: A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fencerhevm to exit with an exception. In cluster environments, this could lead to preventing automated recovery or otherwise denying...

Critical: thunderbird

Issue Overview: When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject script into arbitrary pages on the other subdomain, even...

Critical: dnsmasq

Issue Overview: A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash. This issue only affected configurations...

Medium: 389-ds-base

Issue Overview: It was found that a specially crafted search query could lead to excessive CPU consumption in the dosearch function. An unauthenticated attacker could use this flaw to provoke a denial of service.CVE-2018-14648 Affected Packages: 389-ds-base Note: This advisory is applicable to...

Medium: kernel

Issue Overview: A NULL pointer dereference issue was found in the Linux kernel. If the close and fchownat system calls share a socket file descriptor as an argument, then the two calls can race and trigger a NULL pointer dereference leading to a system crash and a denial of service.CVE-2018-12232...

Low: libvpx

Issue Overview: Denial of service DoS in vpx/src/vpximage.c file A vulnerability in the Android media framework libvpx related to odd frame width.CVE-2017-13194 Affected Packages: libvpx Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the...

Medium: krb5

Issue Overview: Authentication bypass by improper validation of certificate EKU and SAN An authentication bypass flaw was found in the way krb5's certauth interface handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to...

Medium: python35, python34

Issue Overview: CPython aka Python is vulnerable to an integer overflow in the PyStringDecodeEscape function in stringobject.c, resulting in heap-based buffer overflow and possible arbitrary code execution CVE-2017-1000158 Affected Packages: python35, python34 Issue Correction: Run yum update...

Important: apr

Issue Overview: An out-of-bounds array dereference was found in aprtimeexpget. An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak.CVE-2017-12613 Affected Packages: apr Issue Correction: Run yum update apr or yum update...

Important: wget

Issue Overview: Heap-based buffer overflow in HTTP protocol handling A heap-based buffer overflow, when processing chunked encoded HTTP responses, was found in wget. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit this flaw to potentially...

Medium: git

Issue Overview: Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The...

Important: nss

Issue Overview: Potential use-after-free in TLS 1.2 server when verifying client authentication: A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NS...

Medium: poppler

Issue Overview: Stack-buffer overflow in GfxState.cc: A stack-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler such as Evince to crash, or potentially execute arbitrary code when opened...

Medium: libtommath, libtomcrypt

Issue Overview: possible OP-TEE Bleichenbacher attack: The rsaverifyhashex function in rsaverifyhash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA...

Medium: golang

Issue Overview: Golang: Elliptic curves carry propagation issue in x86-64 P-256. A carry propagation flaw was found in the implementation of the P-256 elliptic curve in golang. An attacker could use this flaw to extract private keys when static ECDH is used. CVE-2017-8932 Affected Packages: golan...

Important: libtirpc

Issue Overview: Memory leak when failing to parse XDR strings or bytearrays It was found that due to the way rpcbind uses libtirpc libntirpc, a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to...

Medium: exim

Issue Overview: It was found that Exim leaked DKIM signing private keys to the "mainlog" log file. As a result, an attacker with access to system log files could potentially access these leaked DKIM private keys. Affected Packages: exim Issue Correction: Run yum update exim or yum update --adviso...

Low: perl-IPTables-Parse

Issue Overview: A vulnerability in perl-IPTables-Parse was found, when using predictable file names for its temporary files. This vulnerability allows attacker on a multi-user system to set up symlinks to overwrite any file the current user has write access to. Affected Packages:...

Medium: fuse

Issue Overview: It was discovered that fusermount failed to properly sanitize its environment before executing mount and umount commands. A local user could possibly use this flaw to escalate their privileges on the system. Affected Packages: fuse Issue Correction: Run yum update fuse or yum upda...

Medium: perl-YAML-LibYAML

Issue Overview: An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. Affected Packages: perl-YAML-LibYAML Issue Correction: Run yum update...

Critical: docker

Issue Overview: Path traversal attacks are possible in the processing of absolute symlinks. In checking symlinks for traversals, only relative links were considered. This allowed path traversals to exist where they should have otherwise been prevented. This was exploitable via both archive...

Low: automake19

Issue Overview: It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they could execute arbitrary code with the privileges of the user running "make distcheck"...

Medium: rsyslog

Issue Overview: A numeric truncation error, leading to a heap-based buffer overflow, was found in the way the rsyslog imfile module processed text files containing long lines. An attacker could use this flaw to crash the rsyslogd daemon or, possibly, execute arbitrary code with the privileges of...

Medium: openssh

Issue Overview: A denial of service flaw was found in the OpenSSH GSSAPI authentication implementation. A remote, authenticated user could use this flaw to make the OpenSSH server daemon sshd use an excessive amount of memory, leading to a denial of service. GSSAPI authentication is enabled by...

Medium: nvidia

Issue Overview: The NVIDIA UNIX driver before 295.40 allows local users to access arbitrary memory locations by leveraging GPU device-node read/write privileges. Affected Packages: nvidia Issue Correction: Run yum update nvidia or yum update --advisory ALAS-2012-67 to update your system. New...

Important: gnutls

Issue Overview: A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially-crafted TLS record from a remote TLS/SSL connection peer. CVE-2012-1573 A boundary error was found in the gnutlssessiongetdata...

Medium: cyrus-imapd

Issue Overview: An authentication bypass flaw was found in the cyrus-imapd NNTP server, nntpd. A remote user able to use the nntpd service could use this flaw to read or post newsgroup messages on an NNTP server configured to require user authentication, without providing valid authentication...