Important: python27

Issue Overview: A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store...

Low: mod_http2

Issue Overview: A vulnerability was found in Apache HTTP Server 2.4. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly. CVE-2019-0196 Affected Packages...

Important: python

Issue Overview: A security regression of CVE-2019-9636 was discovered in python, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of...

Important: java-1.8.0-openjdk

Issue Overview: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: RMI. Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network...

Medium: lighttpd

Issue Overview: An issue was discovered in modaliasphysicalhandler in modalias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific modalias configuration where the matched alias lacks a trailing '/' character, but the ali...

Medium: 389-ds-base

Issue Overview: 1693612: 389-ds-base: DoS via hanging secured connections It was found that encrypted connections did not honor the 'ioblocktimeout' parameter to end blocking requests. As a result, an unauthenticated attacker could repeatedly start a sufficient number of encrypted connections to...

Important: qemu-kvm

Issue Overview: Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA STore Address and STD STore Data sub-operations. These sub-operations allow the processor to hand-off...

Medium: 389-ds-base

Issue Overview: It was found that encrypted connections did not honor the 'ioblocktimeout' parameter to end blocking requests. As a result, an unauthenticated attacker could repeatedly start a sufficient number of encrypted connections to block all workers, resulting in a denial of service...

Important: vim

Issue Overview: It was found that the :source! command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim could result in arbitrary command execution. CVE-2019-12735 Affected Packages: vim Note: This advisory is applicable to...

Medium: kernel

Issue Overview: There is a newly discovered variant side-channel attack of Spectre V1 which leverages SWAPGS instructions to bypass KPTI/KVA mitigations. This could lead to a kernel information disclosure. CVE-2019-1125 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2...

Medium: kernel

Issue Overview: There is a newly discovered variant side-channel attack of Spectre V1 which leverages SWAPGS instructions to bypass KPTI/KVA mitigations. This could lead to a kernel information disclosure Affected Packages: kernel Issue Correction: Run yum update kernel or yum update --advisory...

Important: exim

Issue Overview: Exim allows remote code execution as root in some unusual configurations that use the $sort expansion for items that can be controlled by an attacker e.g., $localpart or $domain. CVE-2019-13917 Affected Packages: exim Issue Correction: Run yum update exim or yum update --advisory...

Important: ruby

Issue Overview: An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur. CVE-2019-8322 An issue was discovered in RubyGems 2.6 and...

Critical: dnsmasq

Issue Overview: A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash. This issue only affected configurations...

Critical: thunderbird

Issue Overview: libical: Heap buffer over read in icalparser.c parsergetnextchar CVE-2019-11703 libical: Type confusion in icaltimezonegetvtimezoneproperties function in icalproperty.c CVE-2019-11706 Mozilla: Sandbox escape using Prompt:Open CVE-2019-11708 libical: Stack buffer overflow in...

Important: python3

Issue Overview: An issue was discovered in urllib2 in Python 2.x and urllib in Python 3.x. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the path component of a URL that lacks a ?...

Medium: java-11-amazon-corretto

Issue Overview: OpenJDK: Insufficient restriction of privileges in AccessController Security, 8216381 CVE-2019-2786 OpenJDK: Unbounded memory allocation during deserialization in Collections Utilities, 8213432 CVE-2019-2769 libpng: pngimagefree in png.c in libpng has a use-after-free because...

Important: qemu

Issue Overview: A heap buffer overflow issue was found in the loaddevicetree function of QEMU, which is invoked to load a device tree blob at boot time. It occurs due to device tree size manipulation before buffer allocation, which could overflow a signed int type. A user/process could use this...

Important: kernel

Issue Overview: An infinite loop issue was found in the vhostnet kernel module while handling incoming packets in handlerx. The infinite loop could occur if one end sends packets faster than the other end can process them. A guest user, maybe a remote one, could use this flaw to stall the vhostne...

Low: curl

Issue Overview: An integer overflow in curl's URL API results in a buffer overflow in libcurl. CVE-2019-5435 A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl. CVE-2019-5436 Affected Packages: curl Note: This advisory is applicable to Amazon...

Important: tomcat8

Issue Overview: The HTTP/2 implementation in Apache Tomcat accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O,...

Low: curl

Issue Overview: A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl. CVE-2019-5436 An integer overflow in curl's URL API results in a buffer overflow in libcurl. CVE-2019-5435 Affected Packages: curl Issue Correction: Run yum update curl or yum...

Medium: python34

Issue Overview: An issue was discovered in urllib2 in Python 2.x and urllib in Python 3.x. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the query string after a ? character followed b...

Medium: libxslt

Issue Overview: libxslt allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. CVE-2019-11068 Affected...

Medium: python35

Issue Overview: An issue was discovered in urllib2 in Python 2.x and urllib in Python 3.x. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the query string after a ? character followed b...

Medium: docker

Issue Overview: A flaw was discovered in the API endpoint behind the 'docker cp' command. The endpoint is vulnerable to a Time Of Check to Time Of Use TOCTOU vulnerability in the way it handles symbolic links inside a container. An attacker who has compromised an existing container can cause...

Medium: php54-pecl-imagick, php55-pecl-imagick, php56-pecl-imagick, php70-pecl-imagick, php71-pecl-imagick, php72-pecl-imagick

Issue Overview: In PHP imagick extension, writing to an array of values in ImagickKernel::fromMatrix function did not check that the address will be within the allocated array. This could lead to out of bounds write to memory if the function is called with the data controlled by untrusted party...

Important: bind

Issue Overview: A flaw was found in the way bind implemented tunable which limited simultaneous TCP client connections. A remote attacker could use this flaw to exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as l...

Important: kernel

Issue Overview: An infinite loop issue was found in the vhostnet kernel module while handling incoming packets in handlerx. The infinite loop could occur if one end sends packets faster than the other end can process them. A guest user, maybe a remote one, could use this flaw to stall the vhostne...

Medium: dbus

Issue Overview: dbus as used in DBusServer, allows cookie spoofing because of symlink mishandling in the reference implementation of DBUSCOOKIESHA1 in the libdbus library. This only affects the DBUSCOOKIESHA1 authentication mechanism. A malicious client with write access to its own home directory...

Medium: php71, php72, php73

Issue Overview: Function iconvmimedecodeheaders in PHP may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash.CVE-2019-11039 When using gdImageCreateFromXbm function of PHP gd extension, it is possible to supply data that...

Low: tomcat7

Issue Overview: The SSI printenv command in Apache Tomcat echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website. CVE-2019-0221 Affected...

Medium: golang

Issue Overview: An issue was discovered in net/http in Go. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command. CVE-2019-9741 Affected Packages: golang Issue...

Important: vim

Issue Overview: It was found that the :source! command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim could result in arbitrary command execution. CVE-2019-12735 Affected Packages: vim Issue Correction: Run yum update vim o...

Medium: python-urllib3

Issue Overview: In the urllib3 library for Python, CRLF injection is possible if the attacker controls the request parameter. CVE-2019-11236 Affected Packages: python-urllib3 Issue Correction: Run yum update python-urllib3 or yum update --advisory ALAS-2019-1236 to update your system. New Package...

Important: python

Issue Overview: A null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate...

Important: bind

Issue Overview: A flaw was found in the way bind implemented tunable which limited simultaneous TCP client connections. A remote attacker could use this flaw to exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as l...

Medium: python27

Issue Overview: Python 2.7.x through 2.7.16 is affected by: Improper Handling of Unicode Encoding with an incorrect netloc during NFKC normalization. The impact is: Information disclosure credentials, cookies, etc. that are cached against a given hostname. The components are: urllib.parse.urlspli...

Critical: kernel

Issue Overview: CVE-2019-11477, CVE-2019-11478 and CVE-2019-11479 describe vulnerabilities in the Linux kernel that can be remotely exploited using a specially crafted TCP connection, crashing the targeted system. The latest Amazon Linux AMIs as available in AWS EC2 already contain these kernels...

Critical: kernel

Issue Overview: CVE-2019-11477, CVE-2019-11478 and CVE-2019-11479 describe vulnerabilities in the Linux kernel that can be remotely exploited using a specially crafted TCP connection, crashing the targeted system. The latest Amazon Linux 2 AMIs as available in AWS EC2 already contain these kernel...

Medium: libX11

Issue Overview: An off-by-one error has been discovered in libX11 in functions XGetFontPath, XListExtensions, and XListFonts. An attacker who can either configure a malicious X server or modify the data coming from one could use this flaw to make the program crash or have other unspecified effect...

Low: python-urllib3

Issue Overview: urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect i.e., a redirect that differs in host, port, or scheme. This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in...

Important: wget

Issue Overview: Buffer overflow in GNU Wget allows remote attackers to cause a denial-of-service DoS or may execute an arbitrary code via unspecified vectors. CVE-2019-5953 Affected Packages: wget Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for...

Low: php71, php72, php73

Issue Overview: When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exifiifaddvalue function. This may lead to information disclosure or crash. CVE-2019-11035 When processing...

Critical: thunderbird

Issue Overview: Mozilla: Buffer overflow in WebGL bufferdata on Linux CVE-2019-11693 Mozilla: Use-after-free in XMLHttpRequest CVE-2019-11691 Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then...

Important: python-jinja2

Issue Overview: In Pallets Jinja, str.format allows a sandbox escape. CVE-2016-10745 Affected Packages: python-jinja2 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Ru...

Important: python-jinja2

Issue Overview: In Pallets Jinja, str.format allows a sandbox escape. CVE-2016-10745 Affected Packages: python-jinja2 Issue Correction: Run yum update python-jinja2 or yum update --advisory ALAS-2019-1223 to update your system. New Packages: noarch: python26-jinja2-2.7.2-3.16.amzn1.noarch ...

Important: java-11-amazon-corretto

Issue Overview: Vulnerability in the Java SE component of Oracle Java SE subcomponent: 2D. Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE...

Critical: exim

Issue Overview: A flaw was found in Exim versions 4.87 to 4.91 before release 1.20 inclusive. Improper validation of recipient address in delivermessage function in /src/deliver.c may lead to remote command execution. CVE-2019-10149 Affected Packages: exim Issue Correction: Run yum update exim or...

Important: flatpak

Issue Overview: Flatpak allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by using a seccomp filter to prevent sandboxed apps from using the TIOCSTI ioctl, which could otherwise be used to inject commands into the controlling terminal so that they would be executed outsi...