Important: libtiff

Issue Overview: A flaw was found in libtiffs tiffcrop utility that has a uint32t underflow that can lead to an out-of-bounds read and write. This flaw allows an attacker who supplies a crafted file to tiffcrop to cause a crash or, in some cases, further exploitation. CVE-2022-2867 libtiff's...

Low: vim

Issue Overview: A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msgouttransspecial function. This flaw allows a specially crafted file to crash software or execute code when opened in vim. CVE-2022-2257 A heap buffer overflow vulnerability was found in Vim's inc...

Medium: krb5

Issue Overview: A flaw was found in krb5. MIT Kerberos 5 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1encode.c support for BER indefinite lengths lacks a recursion limit. CVE-2020-28196 Affected Packages: krb5 Note: This advisory is applicable to...

Important: varnish

Issue Overview: A flaw was found in Varnish. This flaw allows an attacker to carry out a request smuggling attack on HTTP/1 connections on Varnish cache servers. This smuggled request goes through the usual Varnish Configuration Language VCL processing since the Varnish server treats it as an...

Low: grub2

Issue Overview: A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted...

Important: gegl

Issue Overview: Due to the use of the system command in the Magick-Load op used by gegl an attacker is able to craft a command line path that is able to lead to the execution of arbitrary shell commands that impacts availability, confidentiality and integrity. CVE-2021-45463 Affected Packages: ge...

Important: docker

Issue Overview: A flaw was discovered in the API endpoint behind the 'docker cp' command. The endpoint is vulnerable to a Time Of Check to Time Of Use TOCTOU vulnerability in the way it handles symbolic links inside a container. An attacker who has compromised an existing container can cause...

Important: glib2

Issue Overview: An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function gbytesnew has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption. CVE-2021-27219 Affected...

Important: thunderbird

Issue Overview: The Mozilla Foundation Security Advisory describes this issue as: A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash...

Important: libldb

Issue Overview: A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability...

Medium: git

Issue Overview: Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a...

Important: wpa_supplicant

Issue Overview: A flaw was found in the wpasupplicant, in the way it processes P2P Wi-Fi Direct provision discovery requests. This flaw allows an attacker who is within radio range of the device running P2P discovery to cause termination of the wpasupplicant process or potentially cause code...

Important: flatpak

Issue Overview: A flaw was found in Flatpak. The Flatpak portal D-Bus service passes caller-specified environment variables to non-sandboxed processes on the host system, and in particular to the flatpak run command that is used to launch the new sandbox instance. A malicious or compromised Flatp...

Medium: pacemaker

Issue Overview: An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the...

Medium: chrony

Issue Overview: A flaw was found in chrony when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file name...

Medium: libsrtp

Issue Overview: Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service crash via vectors related to a length inconsistency in the cryptopolicysetfromprofileforrtp and srtpprotect functions. CVE-2013-2139 The encryption-processing featur...

Medium: curl

Issue Overview: command line arguments lead to local file overwrite CVE-2020-8177 Affected Packages: curl Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update...

Medium: libarchive

Issue Overview: libarchive 3.3.2 suffers from an out-of-bounds read within lhareaddatanone in archivereadsupportformatlha.c when extracting a specially crafted lha archive, related to lhacrc16.CVE-2017-14503 libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards release v3.1.0...

Medium: libmspack

Issue Overview: In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.CVE-2018-18584 chmdreadheaders in mspack/chmd.c in libmspack before 0.8alpha accepts a filename...

Medium: 389-ds-base

Issue Overview: It was found that encrypted connections did not honor the 'ioblocktimeout' parameter to end blocking requests. As a result, an unauthenticated attacker could repeatedly start a sufficient number of encrypted connections to block all workers, resulting in a denial of service...

Medium: php-pear

Issue Overview: PEAR ArchiveTar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the ArchiveTar class. There are several file operations with $vheader'filename' as parameter such as fileexists, isfile, isdir, etc. When extract is called without a specific prefix path, we can...

Critical: thunderbird

Issue Overview: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 CVE-2018-12390 Crash with nested event loops CVE-2018-12392 Memory safety bugs fixed in Firefox ESR 60.3 CVE-2018-12389 Integer overflow during Unicode conversion while loading JavaScript CVE-2018-12393 Affected Packages:...

Low: libmspack

Issue Overview: An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER macro for CHM decompression.CVE-2018-14682 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.CVE-2018-1468...

Important: git

Issue Overview: Git before 2.19.2 on Linux and UNIX executes commands from the current working directory as if '.' were at the end of $PATH in certain cases involving the runcommand API and run-command.c, because there was a dangerous change from execvp to execv during 2017.CVE-2018-19486 Affecte...

Low: krb5

Issue Overview: MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a...

Medium: wget

Issue Overview: A cookie injection flaw was found in wget. An attacker can create a malicious website which, when accessed, overrides cookies belonging to arbitrary domains.CVE-2018-0494 Affected Packages: wget Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FA...

Important: bind

Issue Overview: A denial of service flaw was discovered in bind versions that include the "deny-answer-aliases" feature. This flaw may allow a remote attacker to trigger an INSIST assert in named leading to termination of the process and a denial of service condition.CVE-2018-5740 Affected...

Important: curl

Issue Overview: Curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command...

Medium: libvncserver

Issue Overview: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or...

Medium: golang

Issue Overview: Arbitrary code execution during go get or go get -d Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points t...

Important: patch

Issue Overview: Malicious patch files cause ed to execute arbitrary commands GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a...

Medium: glibc

Issue Overview: Integer overflow in malloc functions: The malloc implementation in the GNU C Library aka glibc or libc6, from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZEMAX and could return a pointer to a hea...

Important: dhcp

Issue Overview: Buffer overflow in dhclient possibly allowing code execution triggered by malicious server An out-of-bound memory access flaw was found in the way dhclient processed a DHCP response packet. A malicious DHCP server could potentially use this flaw to crash dhclient processes running...

Medium: openvpn

Issue Overview: OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. CVE-2017-12166 Affected Packages: openvpn Issue Correction: Run yum update openvpn or yum update --advisory...

Important: bind

Issue Overview: Security Fixes: A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG0 signature for a dynam...

Medium: openldap

Issue Overview: A flaw was found in the way OpenLDAP parsed OpenSSL-style cipher strings. As a result, OpenLDAP could potentially use ciphers that were not intended to be enabled. Affected Packages: openldap Issue Correction: Run yum update openldap or yum update --advisory ALAS-2017-799 to updat...

Important: cloud-init

Issue Overview: It was discovered that cloud-init in the Amazon Linux AMI wrote IAM role credentials from the instance metadata service to files readable by the root user in /var/lib/cloud. An application with root privileges, a container with access to the relevant files, or a root user of an AM...

Medium: postgresql8

Issue Overview: A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is triggered. CVE-2015-3165 It was discovered that PostgreSQ...

Medium: bind

Issue Overview: A flaw was found in the way BIND handled trust anchor management. A remote attacker could use this flaw to cause the BIND daemon named to crash under certain conditions. Affected Packages: bind Issue Correction: Run yum update bind or yum update --advisory ALAS-2015-490 to update...

Medium: elfutils

Issue Overview: Integer overflow in the checksection function in dwarfbeginelf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a malformed compressed debug...

Important: libXfont

Issue Overview: A stack-based buffer overflow flaw was found in the way the libXfont library parsed Glyph Bitmap Distribution Format BDF fonts. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. CVE-2013-6462 Affected...

Low: python-crypto

Issue Overview: The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator PRNG before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race...

Important: 389-ds-base

Issue Overview: ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service server crash via a crafted Distinguished Name DN in a MOD operation request. 389 Directory Server does not properly restrict access to entity attributes, which allows remote...

Medium: puppet

Issue Overview: Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resourcetype service. NOTE: this vulnerability can on...

Important: ruby

Issue Overview: Ruby aka CRuby before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an application that maintains a hash table...

Medium: perl-libwww-perl

Issue Overview: The Net::HTTPS module in libwww-perl LWP before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of STR method CVE-2024-49860 In the Linux kernel, the following vulnerability has been resolved: driver core: bus: Fix double free in driver API busregister CVE-2024-50055 Affecte...

Important: unbound

Issue Overview: An issue was discovered in some DNS recursive resolvers that allows remote attackers to cause a denial of service using a maliciously designed authority and response amplification. CVE-2024-33655 Affected Packages: unbound Issue Correction: Run yum update unbound or yum update...

Important: rust

Issue Overview: libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to gitrevparsesingle can cause the function to enter an infinite loop, potentially...

Important: xorg-x11-server

Issue Overview: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer NOTE: https://lists.x.org/archives/xorg/2024-January/061525.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/9e2ecb2af8302dedc49cb6a63ebe063c58a9e7e3 CVE-2023-6816 Reattaching to different master device...