Important: spice

Issue Overview: Spice, versions 0.5.2 through 0.14.0, are vulnerable to an out-of-bounds read due to an off-by-one error in memslotgetvirt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.CVE-2019-3813 Affected Packages: spice Note: This...

Low: zziplib

Issue Overview: An improper input validation was found in function zzipfetchdisktrailer of ZZIPlib, up to 0.13.68, that could lead to a crash in zzipparserootdirectory function of zzip/ip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip...

Important: plexus-archiver

Issue Overview: A path traversal vulnerability has been discovered in plexus-archiver when extracting a carefully crafted zip file which holds path traversal file names. A remote attacker could use this vulnerability to write files outside the target directory and overwrite existing files with...

Low: xdg-user-dirs

Issue Overview: It was found that the system umask policy is not being honored when creating XDG user directories /Desktop etc on first login. This could lead to user's files being inadvertently exposed to other local users.CVE-2017-15131 Affected Packages: xdg-user-dirs Note: This advisory is...

Medium: qt5-qt3d

Issue Overview: An issue in assimp v.5.4.3 allows a local attacker to execute arbitrary code via the CallbackToLogRedirector function within the Assimp library. CVE-2024-48423 A heap-buffer-overflow vulnerability has been identified in the OpenDDLParser::parseStructure function within the Assimp...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: block, bfq: don't move oombfqq CVE-2022-49179 In the Linux kernel, the following vulnerability has been resolved: macsec: fix UAF bug for realdev CVE-2022-49390 In the Linux kernel, the following vulnerability has...

Important: ghostscript

Issue Overview: Potential integer and buffer overflow with DollarBlend during serializing a multiple master font for passing to Freetype. Fixed by changing a variable type from short to unsigned short and checking if a length variable exceeds permitted limit. Fixed in ghostpdl-10.05.0...

Medium: python-pillow

Issue Overview: PIL/IcnsImagePlugin.py in Python Imaging Library PIL and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size. CVE-2014-3589 Affected Packages: python-pillow Note: This advisory is applicable to Amazon Linux 2 AL2...

Important: glib2

Issue Overview: GLib's GVariant deserialization prior to GLib 2.74.4 failed to validate the input conforms to the expected format, leading to denial of service. CVE-2023-29499 GLib's GVariant deserialization prior to GLib 2.74.4 is vulnerable to a slowdown issue where a crafted GVariant can cause...

Important: rust

Issue Overview: libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to gitindexadd can cause heap corruption that could be leveraged for arbitrary code...

Important: java-1.8.0-openjdk

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.1...

Medium: libdwarf

Issue Overview: A flaw was found in libdwarf. A possible memory leak allows an attacker to input a specially crafted file, leading to a crash. The highest threat from this vulnerability is to system availability. CVE-2020-27545 Affected Packages: libdwarf Note: This advisory is applicable to Amaz...

Important: microcode_ctl

Issue Overview: Incorrect default permissions in some IntelR XeonR processor memory controller configurations when using IntelR SGX may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2024-21820 Improper conditions check in some IntelR XeonR processor...

Medium: kernel

Issue Overview: A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcpgetsockopt/tcpsetsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier...

Medium: python-lxml

Issue Overview: An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this...

Medium: vte291

Issue Overview: GNOME VTE before 0.76.3 allows an attacker to cause a denial of service memory consumption via a window resize escape sequence, a related issue to CVE-2000-0476. CVE-2024-37535 Affected Packages: vte291 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Disable kvmclock on all CPUs on shutdown CVE-2021-47110 In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Teardown PV features on boot CPU as well CVE-2021-47112 Affected...

Medium: edk2

Issue Overview: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability. CVE-2024-1298 Affected Packages: edk2 Note: This adviso...

Low: bcc

Issue Overview: If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default...

Important: tigervnc

Issue Overview: The ProcRenderAddGlyphs function calls the AllocateGlyph function to store new glyphs sent by the client to the X server. AllocateGlyph would return a new glyph with refcount=0 and a re-used glyph would end up not changing the refcount at all. The resulting glyphnew array would th...

Medium: pcs

Issue Overview: A Denial of Service DoS vulnerability was found in rubygem-rack in how it parses Content-Type. Carefully crafted content type headers can cause Rack's media type parser to take much longer than expected, leading to a possible denial of service vulnerability. CVE-2024-25126 A Denia...

Important: sudo

Issue Overview: In sudo-1.8.23-10.amzn2.3.6 Amazon Linux 2 and sudo-1.8.23-10.58.amzn1 Amazon Linux 1, a user with an entry in the sudoers file, enabling them to run commands as another unprivileged user, can leverage it to run commands as root. No prior versions are affected. This issue has been...

Important: sudo

Issue Overview: In sudo-1.8.23-10.amzn2.3.6 Amazon Linux 2 and sudo-1.8.23-10.58.amzn1 Amazon Linux 1, a user with an entry in the sudoers file, enabling them to run commands as another unprivileged user, can leverage it to run commands as root. No prior versions are affected. This issue has been...

Low: shadow-utils

Issue Overview: A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve t...

Medium: nautilus

Issue Overview: GNOME Nautilus 42.2 allows a NULL pointer dereference and getbasename application crash via a pasted ZIP archive. CVE-2022-37290 Affected Packages: nautilus Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between A...

Medium: pki-core

Issue Overview: A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but...

Important: dotnet6.0

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-44487 Affected Packages: dotnet6.0 Issue Correction: Run dnf update dotnet6.0...

Important: clamav

Issue Overview: A vulnerability in the filesystem image parser for Hierarchical File System Plus HFS+ of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an incorrect check for completion when a...

Medium: libgovirt

Issue Overview: Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code. CVE-2018-10893 Affected Packages: libgovirt Note: This advisory is...

Low: libvncserver

Issue Overview: libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup. CVE-2020-29260 Affected Packages: libvncserver Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL...

Important: gstreamer1-plugins-base

Issue Overview: Integer overflow leading to heap overwrite in FLAC image tag handling CVE-2023-37327 Affected Packages: gstreamer1-plugins-base Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras...

Important: perl-Pod-Perldoc

Issue Overview: HTTP::Tiny 0.082, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. CVE-2023-31486 Affected Packages: perl-Pod-Perldoc Note: This advisory is applicable to Amazon Linux 2 AL2...

Important: libksba

Issue Overview: Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. CVE-2022-47629 Affected Packages: libksba Issue Correction: Run yum update libksba or yum update --advisory ALAS-2023-1752 to update your system. New Packages: i686: ...

Important: kernel

Issue Overview: An out-of-bounds memory access flaw was found in the Linux kernel's XFS file system in how a user restores an XFS image after failure with a dirty log journal. This flaw allows a local user to crash or potentially escalate their privileges on the system. CVE-2023-2124 In the Linux...

Critical: php71-pecl-memcached

Issue Overview: PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection. CVE-2022-26635 Affected Packages: php71-pecl-memcached Issue Correction: Run yum update php71-pecl-memcached or yum update --advisory ALAS-2023-1674 to update you...

Critical: php70-pecl-memcached

Issue Overview: PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection. CVE-2022-26635 Affected Packages: php70-pecl-memcached Issue Correction: Run yum update php70-pecl-memcached or yum update --advisory ALAS-2023-1673 to update you...

Important: gupnp

Issue Overview: A flaw was found in gupnp. DNS rebinding can occur when a victim's browser is used by a remote web server to trigger actions against local UPnP services including data exfiltration, data tempering, and other exploits. The highest threat from this vulnerability is to data...

Low: libsndfile

Issue Overview: An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alawarray in alaw.c that will lead to a denial of service. CVE-2018-19662 Affected Packages: libsndfile Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this F...

Low: policycoreutils

Issue Overview: Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when takin...

Medium: transmission

Issue Overview: Transmission relies on X-Transmission-Session-Id which is not a forbidden header for Fetch for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a D...

Important: apache-commons-collections

Issue Overview: As reported upstream https://commons.apache.org/proper/commons-collections/security-reports.html, various classes in the functor collection are serialization and use reflection, which could result in arbitrary code execution if objects from untrusted sources are de-serialized...

Low: pigz

Issue Overview: Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a 1 full pathname or 2 .. dot dot in an archive. Affected Packages: pigz Issue Correction: Run yum update pigz or yum update --advisory ALAS-2015-499 to update your...

Important: glib2

Issue Overview: A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the gescapeuristring function. If the string to escape contains a very large number of unacceptable characters which would need escaping, the calculation of the length of the...

Important: kernel

Issue Overview: A flaw was found in the Linux kernel Traffic Control TC subsystem. Using a specific networking configuration redirecting egress packets to ingress using TC action "mirred" a local unprivileged user could trigger a CPU soft lockup ABBA deadlock when the transport protocol in use TC...

Medium: python

Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...

Medium: gcc10-binutils

Issue Overview: A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemblebytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. It is possible to initiate the attack...

Medium: openssl11

Issue Overview: Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: tipc: Return non-zero value from tipcudpaddr2str on error CVE-2024-42284 In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix a use-after-free related to destroying CM IDs...

Important: emacs

Issue Overview: In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point for code completion on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. This unsafe expansion also occurs ...

Medium: ghostscript

Issue Overview: PS interpreter - check Indexed colour space index NOTE: https://bugs.ghostscript.com/showbug.cgi?id=707990 NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=85bd9d2f4b792fe67aef22f1a4117457461b8ba6 NOTE:...