Medium: ruby22, ruby23

Issue Overview: SMTP command injection via CRLF sequences in RCPT TO or MAIL FROM commands in Net::SMTP A SMTP command injection flaw was found in the way Ruby's Net::SMTP module handled CRLF sequences in certain SMTP commands. An attacker could potentially use this flaw to inject SMTP commands i...

Medium: poppler

Issue Overview: Stack-buffer overflow in GfxState.cc: A stack-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler such as Evince to crash, or potentially execute arbitrary code when opened...

Important: httpd24, httpd

Issue Overview: Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. The attacker sends an unauthenticated OPTIONS HTTP request when attempting t...

Medium: kernel

Issue Overview: The xenbiovecphysmergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO...

Important: aws-cfn-bootstrap

Issue Overview: The default umask value is set to 022 to address a privilege escalation security vulnerability. Affected Packages: aws-cfn-bootstrap Issue Correction: Run yum update aws-cfn-bootstrap or yum update --advisory ALAS-2017-895 to update your system. 1. Run yum update aws-cfn-bootstrap...

Low: nginx

Issue Overview: A flaw within the processing of ranged HTTP requests has been discovered in the range filter module of nginx. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially...

Medium: GraphicsMagick

Issue Overview: The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file. CVE-2017-1000061 Affected Packages: GraphicsMagick Issue Correction: Run yum update GraphicsMagick or yum update --advisory...

Important: mercurial

Issue Overview: A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Mercurial. This can be exploited to execute shell commands with the privileges of the user running the Mercurial client, for example, when performing a "checkout" or "update" action on a...

Important: httpd

Issue Overview: A NULL pointer dereference flaw was found in the httpd's modssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. CVE-2017-3169 It was...

Medium: xmlsec1

Issue Overview: It was discovered xmlsec1's use of libxml2 inadvertently enabled external entity expansion XXE along with validation. An attacker could craft an XML file that would cause xmlsec1 to try and read local files or HTTP/FTP URLs, leading to information disclosure or denial of service...

Medium: bash

Issue Overview: popd controlled free: A denial of service flaw was found in the way bash handled popd commands. A poorly written shell script could cause bash to crash resulting in a local denial of service limited to a specific bash session.CVE-2016-9401 Arbitrary code execution via malicious...

Medium: postgresql94, postgresql95

Issue Overview: pgusermappings view discloses passwords to users lacking server privileges: An authorization flaw was found in the way PostgreSQL handled access to the pgusermappings view on foreign servers. A remote authenticated attacker could potentially use this flaw to retrieve passwords fro...

Medium: postgresql93, postgresql92

Issue Overview: pgusermappings view discloses passwords to users lacking server privileges: An authorization flaw was found in the way PostgreSQL handled access to the pgusermappings view on foreign servers. A remote authenticated attacker could potentially use this flaw to retrieve passwords fro...

Medium: tigervnc

Issue Overview: Buffer overflow in ModifiablePixelBuffer::fillRect A buffer overflow flaw, leading to memory corruption, was found in TigerVNC viewer. A remote malicious VNC server could use this flaw to crash the client vncviewer process resulting in denial of service. CVE-2017-5581 VNC server c...

Important: aws-cfn-bootstrap

Issue Overview: New optional parameter "umask" introduced into cfn-hup.conf file in order to configure the cfn-hup daemon's umask. The Amazon Web Services AWS CloudFormation bootstrap tools package aka aws-cfn-bootstrap before 1.4-19.10 allows local users to execute arbitrary code with root...

Medium: mysql56

Issue Overview: Server: Charsets unspecified vulnerability CPU Jul 2017: Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Charsets. Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit...

Medium: mysql55

Issue Overview: Server: Charsets unspecified vulnerability CPU Jul 2017 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Charsets. Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit...

Low: wget

Issue Overview: CRLF injection in the urlparse function in url.c A CRLF injection flaw was found in the way wget handled URLs. A remote attacker could use this flaw to inject arbitrary HTTP headers in requests, via CRLF sequences in the host sub-component of a URL, by tricking a user running wget...

Medium: curl

Issue Overview: FILE buffer read out of bounds CVE-2017-1000099 TFTP sends more than buffer size CVE-2017-1000100 URL globbing out of bounds read CVE-2017-1000101 Affected Packages: curl Issue Correction: Run yum update curl or yum update --advisory ALAS-2017-889 to update your system. New...

Medium: glibc

Issue Overview: Unbounded stack allocation in catopen function A stack based buffer overflow vulnerability was found in the catopen function. An excessively long string passed to the function could cause it to crash or, potentially, execute arbitrary code.CVE-2015-8779 Integer overflow in hcreate...

Important: git

Issue Overview: Command injection via malicious ssh URLs: A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing...

Medium: ruby23

Issue Overview: IV Reuse in GCM Mode: The openssl gem for Ruby uses the same initialization vector IV in GCM Mode aes--gcm when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism. CVE-2016-7798 Affected Packages: ruby2...

Important: subversion, mod_dav_svn

Issue Overview: Command injection through clients via malicious svn+ssh URLs A shell command injection flaw related to the handling of "svn+ssh" URLs has been discovered in Subversion. An attacker could use this flaw to execute shell commands with the privileges of the user running the Subversion...

Medium: libnl3

Issue Overview: Integer overflow in nlmsgreserve: An integer overflow leading to a heap-buffer overflow was found in the libnl library. An attacker could use this flaw to cause an application compiled with libnl to crash or possibly execute arbitrary code in the context of the user running such a...

Medium: authconfig

Issue Overview: Information leak when SSSD is used for authentication against remote server: A flaw was found where authconfig could configure sssd in a way that treats existing and non-existing logins differently, leaking information on existence of a user. An attacker with physical or network...

Medium: php56

Issue Overview: Out-of-bounds heap write in bitsetsetrange An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitsetsetrange during regular expression compilation due to an uninitialize...

Important: kernel

Issue Overview: Buffer overflow in mpoverridelegacyirq: Buffer overflow in the mpoverridelegacyirq function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 4.12.2 allows local users to gain privileges via a crafted ACPI table. CVE-2017-11473 A race between inotifyhandleevent and...

Important: graphite2

Issue Overview: Vulnerabilities in the Graphite 2 library MFSA 2017-16 A heap-based buffer overflow flaw related to "lz4::decompress" has been reported in graphite2. An attacker could exploit this issue to cause a crash or, possibly, execute arbitrary code. CVE-2017-7778 Heap-buffer-overflow writ...

Important: cacti

Issue Overview: spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter. CVE-2017-12065 Cross-site scripting XSS vulnerability in aggregategraphs.php in Cacti before 1.1.16 allows remote authenticated user...

Important: tomcat7

Issue Overview: Security constrained bypass in error page mechanism: While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object...

Critical: java-1.7.0-openjdk

Issue Overview: It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle references. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. CVE-2017-10102 Multiple flaw...

Critical: kernel

Issue Overview: Exploitable memory corruption due to UFO to non-UFO path switch CVE-2017-1000112 heap out-of-bounds in AFPACKET sockets CVE-2017-1000111 The mqnotify function in the Linux kernel does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a...

Important: freeradius

Issue Overview: Out-of-bounds read in frdhcpdecodeoptions: An out-of-bounds read flaw was found in the way FreeRADIUS server handles decoding of DHCP packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted DHCP request. CVE-2017-10982...

Medium: php70

Issue Overview: Out-of-bounds heap write in bitsetsetrange: An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitsetsetrange during regular expression compilation due to an uninitializ...

Medium: httpd24

Issue Overview: apfindtoken buffer overread: A buffer over-read flaw was found in the httpd's apfindtoken function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request. CVE-2017-7668 Apache HTTP Request Parsing Whitespace Defects: It wa...

Important: aws-cfn-bootstrap

Issue Overview: A vulnerability was reported in the CloudFormation bootstrap tools, different from the one in CVE-2017-9450, where default behavior in the handling of cfn-init metadata can provide escalated privileges to an attacker with local access to the system Affected Packages:...

Important: tomcat8

Issue Overview: Security constrained bypass in error page mechanism: A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error...

Medium: libtommath, libtomcrypt

Issue Overview: possible OP-TEE Bleichenbacher attack: The rsaverifyhashex function in rsaverifyhash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA...

Important: aws-cfn-bootstrap

Issue Overview: A vulnerability was reported in the CloudFormation bootstrap tools that allows an attacker to execute arbitrary code as root if they have local access to the system and are able to create files in a specific directory CVE-2017-9450 Affected Packages: aws-cfn-bootstrap Issue...

Critical: java-1.8.0-openjdk

Issue Overview: No CVE associated with this advisory Affected Packages: java-1.8.0-openjdk Issue Correction: Run yum update java-1.8.0-openjdk or yum update --advisory ALAS-2017-860 to update your system. New Packages: i686: java-1.8.0-openjdk-debuginfo-1.8.0.141-1.b16.32.amzn1.i686 ...

Medium: c-ares

Issue Overview: The c-ares function aresparsenaptrreply, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. CVE-2017-1000381 Affected Packages: c-ares Issue Correction...

Important: bind

Issue Overview: Security Fixes: A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG0 signature for a dynam...

Medium: golang

Issue Overview: Golang: Elliptic curves carry propagation issue in x86-64 P-256. A carry propagation flaw was found in the implementation of the P-256 elliptic curve in golang. An attacker could use this flaw to extract private keys when static ECDH is used. CVE-2017-8932 Affected Packages: golan...

Important: tomcat8

Issue Overview: Security constrained bypass in error page mechanism: A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error...

Important: mercurial

Issue Overview: Python debugger accessible to authorized users: A flaw was found in the way "hg serve --stdio" command in Mercurial handled command-line options. A remote, authenticated attacker could use this flaw to execute arbitrary code on the Mercurial server by using specially crafted...

Important: tomcat7

Issue Overview: Security constrained bypass in error page mechanism: A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error...

Medium: sudo

Issue Overview: It was found that the original fix for CVE-2017-1000367 was incomplete. A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their...

Important: openvpn

Issue Overview: OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet. CVE-2017-7508 OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a...

Medium: httpd

Issue Overview: Apache HTTP Request Parsing Whitespace Defects It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or...

Medium: lynis

Issue Overview: Unspecified tests in Lynis before 2.5.0 allow local users to write to arbitrary files or possibly gain privileges via a symlink attack on a temporary file. CVE-2017-8108 Affected Packages: lynis Issue Correction: Run yum update lynis or yum update --advisory ALAS-2017-847 to updat...