Important: qemu-kvm

Issue Overview: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly used performance optimization. There are three primary variants of the issue which differ in the way the speculative execution can be...

Low: tomcat7

Issue Overview: Incorrect documentation of CGI Servlet search algorithm may lead to misconfiguration: As part of the fix for bug 61201, the documentation for Apache Tomcat included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The upda...

Important: curl

Issue Overview: HTTP authentication leak in redirects libcurl might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and...

Important: microcode_ctl

Issue Overview: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly used performance optimization. There are three primary variants of the issue which differ in the way the speculative execution can be...

Important: kernel

Issue Overview: Race condition in rawsendmsg function allows denial-of-service or kernel addresses leak A flaw was found in the Linux kernel's implementation of rawsendmsg allowing a local attacker to panic the kernel or possibly leak kernel addresses. A local attacker, with the privilege of...

Medium: python35, python34

Issue Overview: CPython aka Python is vulnerable to an integer overflow in the PyStringDecodeEscape function in stringobject.c, resulting in heap-based buffer overflow and possible arbitrary code execution CVE-2017-1000158 Affected Packages: python35, python34 Issue Correction: Run yum update...

Important: qemu-kvm

Issue Overview: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly used performance optimization. There are three primary variants of the issue which differ in the way the speculative execution can be...

Medium: docker

Issue Overview: Lack of content verification in Docker-CE Also known as Moby versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing...

Critical: kernel

Issue Overview: An updated kernel release for Amazon Linux has been made available which prevents speculative execution of indirect branches within the kernel. This release incorporates latest stable open source Linux security improvements to address CVE-2017-5715 within the kernel and builds upo...

Medium: collectd

Issue Overview: Double free in csnmpreadtable function in snmp.c: The csnmpreadtable function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash or potentially have other impact. CVE-2017-16820 Affected...

Critical: kernel

Issue Overview: An updated kernel release for Amazon Linux has been made available which prevents speculative execution of indirect branches within the kernel. This release incorporates latest stable open source Linux security improvements to address CVE-2017-5715 within the kernel and builds upo...

Medium: curl

Issue Overview: The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service integer overflow and resultant buffer overflow, and application crash or possibly have unspecified other impact via vectors involving long user and...

Important: kernel

Issue Overview: A flaw was found in the patches used to fix the 'dirtycow' vulnerability CVE-2016-5195. An attacker, able to run local code, can exploit a race condition in transparent huge pages to modify usually read-only huge pages. CVE-2017-1000405 Linux kernel Virtualization Module CONFIGKVM...

Medium: sssd

Issue Overview: Unsanitized input when searching in local cache database It was found that sssd's sysdbsearchuserbyupnres function did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for...

Critical: java-1.7.0-openjdk

Issue Overview: It was discovered that the Security component of OpenJDK could fail to properly enforce restrictions defined for processing of X.509 certificate chains. A remote attacker could possibly use this flaw to make Java accept certificate using one of the disabled algorithms...

Important: samba

Issue Overview: Use-after-free in processing SMB1 requests A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially-crafted SMB1 requests to cause the server to crash or execute arbitrary code. CVE-2017-14746 Server...

Medium: qemu-kvm

Issue Overview: Quick Emulator QEMU, compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur due to an integer overflow while loading a kernel image during a guest boot. A user or process could use this flaw to...

Critical: exim

Issue Overview: Use-after-free in receivemsg function via vectors involving BDAT commands The receivemsg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service use-after-free via vectors involving BDAT commands...

Medium: postgresql92, postgresql93, postgresql94

Issue Overview: Privilege escalation flaws were found in the initialization scripts of PostgreSQL. A remote attacker with access to the postgres user account could use these flaws to obtain root access on the server machine. CVE-2017-12172 Invalid jsonpopulaterecordset or jsonbpopulaterecordset...

Medium: apr-util

Issue Overview: Apache Portable Runtime Utility APR-util fails to validate the integrity of SDBM database files used by aprsdbm functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, an...

Medium: postgresql95, postgresql96

Issue Overview: Privilege escalation flaws were found in the initialization scripts of PostgreSQL. A remote attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.CVE-2017-12172 INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL...

Important: apr

Issue Overview: An out-of-bounds array dereference was found in aprtimeexpget. An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak.CVE-2017-12613 Affected Packages: apr Issue Correction: Run yum update apr or yum update...

Medium: mysql55

Issue Overview: Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client programs. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in...

Important: mysql56, mysql57

Issue Overview: Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client programs. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in...

Medium: kernel

Issue Overview: Incorrect updates of uninstantiated keys crash the kernel A vulnerability was found in the key management subsystem of the Linux kernel. An update on an uninstantiated key could cause a kernel panic, leading to denial of service DoS. CVE-2017-15299 Memory leak when merging buffers...

Medium: cacti

Issue Overview: include/globalsession.php in Cacti 1.1.25 has XSS related to 1 the URI or 2 the refresh page. CVE-2017-15194 Affected Packages: cacti Issue Correction: Run yum update cacti or yum update --advisory ALAS-2017-923 to update your system. New Packages: noarch: ...

Medium: curl

Issue Overview: IMAP FETCH response out of bounds read: A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the...

Important: php56, php70, php71

Issue Overview: pcre: heap buffer overflow in handling of duplicate named groups 8.39/14 The pcrecompile2 function in pcrecompile.c mishandles the /?:F?+?:^?Ra+\"99-?J?'R'?'R'?'RR'?'R'\\97?J?J?'R'?'R'\\99|:?|?'R'\\k'R'|?'R'H'R'RH'R/ pattern and related patterns with named subgroups, which...

Medium: httpd

Issue Overview: Hash character matches all IPs: A regression was found in httpd, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource. CVE-2017-12171 Affected...

Medium: golang

Issue Overview: Arbitrary code execution during go get or go get -d: Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points ...

Medium: curl

Issue Overview: FTP PWD response parser out of bounds read libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in anonymous or not, it asks the server for the current directory with the PWD command. The server then...

Medium: openvpn

Issue Overview: OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. CVE-2017-12166 Affected Packages: openvpn Issue Correction: Run yum update openvpn or yum update --advisory...

Important: kernel

Issue Overview: stack buffer overflow in the native Bluetooth stack A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel...

Important: tomcat8, tomcat80, tomcat7

Issue Overview: A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. CVE-2017-12617 Affected Packages: tomcat8, tomcat80, tomcat7...

Important: wget

Issue Overview: Heap-based buffer overflow in HTTP protocol handling A heap-based buffer overflow, when processing chunked encoded HTTP responses, was found in wget. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit this flaw to potentially...

Medium: ruby24

Issue Overview: Arbitrary heap exposure during a JSON.generate call Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a...

Critical: java-1.8.0-openjdk

Issue Overview: Multiple unbounded memory allocations in deserialization Serialization, 8174109 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE...

Medium: samba

Issue Overview: Server memory information leak over SMB1: An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of serve...

Important: nss

Issue Overview: Potential use-after-free in TLS 1.2 server when verifying client authentication: A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NS...

Important: emacs

Issue Overview: Command injection flaw within "enriched mode" handling: A command injection flaw within the Emacs "enriched mode" handling has been discovered. By tricking an unsuspecting user into opening a specially crafted file using Emacs, a remote attacker could exploit this flaw to execute...

Medium: git

Issue Overview: Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The...

Medium: postgresql96

Issue Overview: The pgusermappings view discloses passwords to users lacking server privileges: An authorization flaw was found in the way PostgreSQL handled access to the pgusermappings view on foreign servers. A remote authenticated attacker could potentially use this flaw to retrieve passwords...

Medium: kernel

Issue Overview: A buffer overflow was discovered in tpacketrcv function in the Linux kernel since v4.6-rc1 through v4.13. A number of socket-related syscalls can be made to set up a configuration when each packet received by a network interface can cause writing up to 10 bytes to a kernel memory...

Important: file

Issue Overview: An issue in file allowed an attacker to overwrite a fixed 20-byte stack buffer with a specially crafted .notes section in an ELF binary. Affected Packages: file Issue Correction: Run yum update file or yum update --advisory ALAS-2017-900 to update your system. New Packages: i686:...

Important: nagios

Issue Overview: Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service crash via a long string in the...

Medium: openssh

Issue Overview: A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses. CVE-2016-6210 It was found that OpenSSH...

Medium: 389-ds-base

Issue Overview: Password brute-force possible for locked account due to different return codes: A flaw was found in the way 389-ds-base handled authentication attempts against locked accounts. A remote attacker could potentially use this flaw to continue password brute-forcing attacks against LDA...

Medium: tomcat7, tomcat8

Issue Overview: 1480618: Vary header not added by CORS filter leading to cache poisoning The CORS Filter in Apache Tomcat did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances...

Medium: cacti

Issue Overview: A cross-site scripting vulnerability exists in Cacti in the method parameter in spikekill.php. CVE-2017-12927 The lib/html.php script in Cacti has a XSS vulnerability via the title field of an external link added by an authenticated user. CVE-2017-12978 Affected Packages: cacti...

Critical: dnsmasq

Issue Overview: Information leak in the DHCPv6 relay code An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data...