Important: spice

Issue Overview: Spice, versions 0.5.2 through 0.14.0, are vulnerable to an out-of-bounds read due to an off-by-one error in memslotgetvirt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.CVE-2019-3813 Affected Packages: spice Note: This...

Medium: binutils

Issue Overview: The bfdcacheclose function in bfd/cache.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use after free and possibly achieve code execution via a crafted nested archive file. This issue...

Medium: mysql56

Issue Overview: Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Parser. Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via...

Medium: mysql57

Issue Overview: Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Privileges. Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

Important: kernel

Issue Overview: A kernel memory leak was found in the kernelreadfile function in the fs/exec.c file in the Linux kernel. An attacker could use this flaw to cause a memory leak and thus a denial of service DoS. CVE-2019-8980 A flaw was found in mmap in the Linux kernel allowing the process to map ...

Important: perl

Issue Overview: Perl has a buffer overflow via a crafted regular expression that triggers invalid write operations. CVE-2018-18311 Affected Packages: perl Issue Correction: Run yum update perl or yum update --advisory ALAS-2019-1180 to update your system. New Packages: i686: ...

Medium: squid

Issue Overview: A memory leak was discovered in the way Squid handles SNMP denied queries. A remote attacker may use this flaw to exhaust the resources on the server machine. CVE-2018-19132 Affected Packages: squid Issue Correction: Run yum update squid or yum update --advisory ALAS-2019-1176 to...

Medium: java-1.7.0-openjdk

Issue Overview: Vulnerability in the Java SE component of Oracle Java SE subcomponent: Libraries. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other...

Important: filesystem

Issue Overview: Images built for the Amazon Linux 2.0.20190218 release included system files with incorrect permissions applied. Incorrect permissions were applied to files including: /etc/fstab /etc/localtime /etc/image-id /etc/sysconfig/i18n /etc/sysconfig/clock /etc/sysconfig/keyboard...

Important: kernel

Issue Overview: In the Linux kernel afalgrelease in crypto/afalg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free UAF in sockfssetattr. A local attacker can use this flaw to escalate privileges and take control of the system.CVE-2019-8912 Affected...

Critical: thunderbird

Issue Overview: A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.4,...

Medium: python3

Issue Overview: A null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate...

Important: kernel

Issue Overview: In the Linux kernel afalgrelease in crypto/afalg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free UAF in sockfssetattr. A local attacker can use this flaw to escalate privileges and take control of the system. CVE-2019-8912 Affected...

Medium: golang

Issue Overview: Go mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service CPU consumption or possibly conduct ECDH private key recovery attacks. CVE-2019-6486 Affected Packages: golang Issue Correction: Run yum update golang or yum update --advisory...

Medium: bind

Issue Overview: Crash from assertion error when debug log level is 10 and log entries meet buffer boundary. This flaw appears to be exploitable only when debug logging is enabled and set to at least a level of 10. As this configuration should be rare in production instances of bind, it is unlikel...

Medium: golang

Issue Overview: Go mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service CPU consumption or possibly conduct ECDH private key recovery attacks.CVE-2019-6486 Note: This CVE is also fixed in golang-1.11.3-2.amzn2.0.2 in the golang1.11 extras repository...

Low: libwmf

Issue Overview: The GD Graphics Library aka LibGD 2.2.5 has a double free in the gdImagePtr functions in gdgifout.c, gdjpeg.c, and gdwbmp.c. NOTE: PHP is unaffected.CVE-2019-6978 Affected Packages: libwmf Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ...

Important: kernel

Issue Overview: A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor implements its device control API. While creating a device via kvmioctlcreatedevice, the device holds a reference to a VM object, later this reference is transferred to the caller's file descript...

Important: polkit

Issue Overview: A vulnerability was found in polkit. When authentication is performed by a non-root user to perform an administrative task, the authentication is temporarily cached in such a way that a local attacker could impersonate the authorized process, thus gaining access to elevated...

Important: perl

Issue Overview: Perl has a buffer overflow via a crafted regular expression that triggers invalid write operations.CVE-2018-18311 Affected Packages: perl Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2...

Low: libXcursor

Issue Overview: XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow.CVE-2015-9262 Affected Packages: libXcursor Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

Important: httpd24

Issue Overview: In Apache HTTP server by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections. CVE-2018-17189 A bug exists in the way modss...

Important: kernel

Issue Overview: A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor emulates a preemption timer for L2 guests when nested =1 virtualization is enabled. This high resolution timerhrtimer runs when a L2 guest is active. After VM exit, the syncvmcs12 timer object is...

Important: systemd

Issue Overview: It was found that busprocessobject in bus-objects.c allocates a buffer on the stack large enough to temporarily store the object path specified in the incoming message. A malicious unprivileged local user to send a message which results in the stack pointer moving outside of the...

Medium: curl

Issue Overview: libcurl is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages lib/vauth/ntlm.c:ntlmdecodetype2target does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or...

Important: libvncserver

Issue Overview: LibVNC contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution CVE-2018-15127 Affected Packages: libvncserver Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for...

Low: setup

Issue Overview: Setup in Amazon Linux 2 added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pamshells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstances, users which had their shell...

Critical: thunderbird

Issue Overview: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 CVE-2018-12390 Crash with nested event loops CVE-2018-12392 Memory safety bugs fixed in Firefox ESR 60.3 CVE-2018-12389 Integer overflow during Unicode conversion while loading JavaScript CVE-2018-12393 Affected Packages:...

Important: systemd

Issue Overview: It was discovered that systemd-network does not correctly keep track of a buffer size when constructing DHCPv6 packets. This flaw may lead to an integer underflow that can be used to produce an heap-based buffer overflow. A malicious host on the same network segment as the victim'...

Medium: php-pear

Issue Overview: PEAR ArchiveTar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the ArchiveTar class. There are several file operations with $vheader'filename' as parameter such as fileexists, isfile, isdir, etc. When extract is called without a specific prefix path, we can...

Important: docker

Issue Overview: A vulnerability was discovered in runc, which is used by Docker to run containers. runc did not prevent container processes from modifying the runc binary via /proc/self/exe. A malicious container could replace the runc binary, resulting in container escape and privilege escalatio...

Medium: curl

Issue Overview: setfilemetadata in xattr.c in GNU Wget stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information e.g., credentials contained in the URL by reading this...

Low: libXcursor

Issue Overview: XcursorThemeInherits in library.c in libXcursor allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow. CVE-2015-9262 Affected Packages: libXcursor Issue Correction: Run yum update libXcursor or yum update --advisory...

Important: kernel

Issue Overview: A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bcsvcprocess use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory...

Low: libmspack

Issue Overview: An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER macro for CHM decompression.CVE-2018-14682 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.CVE-2018-1468...

Low: jasper

Issue Overview: The JPCNOMINALGAIN function in jpc/jpct1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service JPCCOXRFT assertion failure via unspecified vectors.CVE-2016-9396 JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2encode which...

Important: kernel

Issue Overview: A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bcsvcprocess use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory...

Important: keepalived

Issue Overview: Heap-based buffer overflow vulnerability in extractstatuscode function in lib/html.c that parses HTTP status code returned from web server allows malicious web server or man-in-the-middle attacker pretending to be a web server to cause either a denial of service or potentially...

Medium: httpd

Issue Overview: In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2...

Low: openssl

Issue Overview: The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. CVE-2018-0734 Affected Packages: openssl Note: This advisory is applicable to Amazon Linux 2 A...

Low: libcdio

Issue Overview: A heap corruption bug was found in the way libcdio handled processing of ISO files. An attacker could potentially use this flaw to crash applications using libcdio by tricking them into processing crafted ISO files, thus resulting in local DoS.CVE-2017-18198 A double-free flaw was...

Low: krb5

Issue Overview: MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a...

Low: sssd

Issue Overview: The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD utilizes too broad of a set of permissions. Any user who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. CVE-2018-10852...

Medium: samba

Issue Overview: A null pointer dereference flaw was found in Samba RPC external printer service. An attacker could use this flaw to cause the printer spooler service to crash. CVE-2018-1050 A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory...

Low: curl

Issue Overview: A heap use-after-free flaw was found in curl related to closing an easy handle. When closing and cleaning up an 'easy' handle in the Curlclose function, the library code first frees a struct without nulling the pointer and might then subsequently erroneously write to a struct fiel...

Medium: php56, php70, php71, php72

Issue Overview: ext/imap/phpimap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an empty string in the message argument to the imapmail function.CVE-2018-19935 University of Washington IMAP Toolkit 2007f on...

Low: clamav

Issue Overview: An issue was discovered in kwajdreadheaders in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.CVE-2018-14681 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in...

Medium: kernel

Issue Overview: The USB subsystem mishandles size checks during the reading of an extra descriptor, related to usbgetextradescriptor in drivers/usb/core/usb.c.CVE-2018-20169 A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race...

Important: ruby

Issue Overview: An issue was discovered in the OpenSSL library in Ruby. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a...

Medium: nss-pem

Issue Overview: The nss-pem package provides the PEM file reader for Network Security Services NSS implemented as a PKCS11 module. This update contains fixes related to CURL security updates, specifically updating an object ID when reusing a certificate Affected Packages: nss-pem Note: This...