Critical: kernel

Issue Overview: An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be jmp'ed over, this affects Linux Kernel versions 4.11.5 and earlier the stackguard page was introduced in 2010. CVE-2017-1000364 The...

Important: rpcbind

Issue Overview: It was found that due to the way rpcbind uses libtirpc libntirpc, a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by...

Medium: java-1.7.0-openjdk

Issue Overview: An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges. CVE-2017-3511 It was found that the JAXP...

Important: libtirpc

Issue Overview: Memory leak when failing to parse XDR strings or bytearrays It was found that due to the way rpcbind uses libtirpc libntirpc, a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to...

Important: sudo

Issue Overview: A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root. CVE-2017-1000367 Affected Packages: sudo Issue Correctio...

Important: ghostscript

Issue Overview: It was found that ghostscript did not properly validate the parameters passed to the .rsdparams and .eqproc functions. During its execution, a specially crafted PostScript document could execute code in the context of the ghostscript process, bypassing the -dSAFER protection...

Medium: postgresql92

Issue Overview: Selectivity estimators bypass SELECT privilege checks It was found that some selectivity estimation functions did not check user privileges before providing information from pgstatistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some...

Medium: postgresql93, postgresql94, postgresql95

Issue Overview: Selectivity estimators bypass SELECT privilege checks It was found that some selectivity estimation functions did not check user privileges before providing information from pgstatistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some...

Medium: git

Issue Overview: Escape out of git-shell A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of t...

Important: jasper

Issue Overview: Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. CVE-2016-8654, CVE-2016-9560, CVE-2016-10249, CVE-2015-5203, CVE-2015-5221, CVE-2016-1577,...

Important: samba

Issue Overview: A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root. CVE-2017-7494 It was found that Samba always requested forwardable tickets when using Kerberos...

Important: bind

Issue Overview: A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. CVE-2017-3139 Affected Packages: bind Issue Correction: Run yum updat...

Important: kernel

Issue Overview: Unsafe second checksum calculation in udp.c: The Linux kernel allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSGPEEK flag. This may create a kernel panic or memor...

Medium: mysql55

Issue Overview: Server: Security: Privileges unspecified vulnerability CPU Apr 2017: Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Privileges. Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easi...

Important: mysql56

Issue Overview: Server: Security: Privileges unspecified vulnerability CPU Apr 2017: Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Privileges. Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easi...

Medium: collectd

Issue Overview: Infinite loop due to incorrect interaction of parsepacket and parsepartsignsha256 functions: Collectd contains an infinite loop due to how the parsepacket and parsepartsignsha256 functions interact. If an instance of collectd is configured with "SecurityLevel None" and with empty...

Important: kernel

Issue Overview: Infinite recursion in ahash.c by triggering EBUSY on a full queue: A vulnerability was found in crypto/ahash.c in the Linux kernel which allows attackers to cause a denial of service API operation calling its own callback, and infinite recursion by triggering EBUSY on a full...

Medium: java-1.8.0-openjdk

Issue Overview: Improper re-use of NTLM authenticated connections Networking, 8163520: It was discovered that the HTTP client implementation in the Networking component of OpenJDK could cache and re-use an NTLM authenticated connection in a different security context. A remote attacker could...

Important: 389-ds-base

Issue Overview: Remote crash via crafted LDAP messages: An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind requests. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of...

Critical: nss, nss-util

Issue Overview: An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the...

Important: bind

Issue Overview: A denial of service flaw was found in the way BIND handled a query response containing CNAME or DNAME resource records in an unusual order. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response...

Medium: util-linux

Issue Overview: Sending SIGKILL to other processes with root privileges via su: A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.CVE-2017-26...

Important: tomcat6

Issue Overview: Incorrect handling of pipelined requests when send file was used: A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined...

Medium: munin

Issue Overview: Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upperlimit GET parameters allows overwriting any file accessible to the www-data user. CVE-2017-6188 Affected Packages: munin Issue Correction: Run yum update munin or yum updat...

Medium: ntp

Issue Overview: Denial of Service via Malformed Config: A vulnerability was discovered in the NTP server's parsing of configuration directives. A remote, authenticated attacker could cause ntpd to crash by sending a crafted message.CVE-2017-6464 Potential Overflows in ctlput functions: A...

Important: tomcat7, tomcat8

Issue Overview: Incorrect handling of pipelined requests when send file was used A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined...

Medium: R

Issue Overview: An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker can send a malicious R script to trigger this...

Medium: GraphicsMagick

Issue Overview: The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service out-of-bounds read and application crash via a small samples per pixel value in a CMYKA TIFF file.CVE-2017-6335 The WPG format reader in...

Medium: cacti

Issue Overview: PHP Object Injection Vulnerabilities CVE-2014-4000 Affected Packages: cacti Issue Correction: Run yum update cacti or yum update --advisory ALAS-2017-817 to update your system. New Packages: noarch: cacti-1.0.4-1.14.amzn1.noarch src: cacti-1.0.4-1.14.amzn1.src Additional...

Medium: gnutls

Issue Overview: A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients...

Medium: kernel

Issue Overview: Possible double free in stcpsendmsg incorrect fix for CVE-2017-5986: It was found that the code in net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial...

Medium: wireshark

Issue Overview: Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. Affected Packages: wireshark Issue Correction: Run yum update wireshark or yum update --advisory...

Medium: tomcat6

Issue Overview: It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulati...

Low: vim

Issue Overview: An integer overflow flaw was found in the way vim handled tree length values when reading an undo file. This bug could result in vim crashing when trying to process corrupted undo files. CVE-2017-6350 An integer overflow flaw was found in the way vim handled undo files. This bug...

Important: kernel

Issue Overview: The skbs processed by ipcmsgrecv are not guaranteed to be linear e.g. when sending UDP packets over loopback with MSGMORE. Using csumpartial on potentially the whole skb len is dangerous; instead be on the safe side and use skbchecksum. This may lead to an infoleak as the kernel...

Medium: php70

Issue Overview: Integer overflow in gdio.c in the GD Graphics Library aka libgd before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image. CVE-2016-10168 In all versions of PHP 7, during the unserialization...

Medium: php56

Issue Overview: Integer overflow in gdio.c in the GD Graphics Library aka libgd before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.CVE-2016-10168 The objectcommon1 function in ext/standard/varunserializer....

Medium: openjpeg

Issue Overview: Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-716...

Low: curl

Issue Overview: libcurl's implementation of the printf functions triggers a buffer overflow when doing a large floating point output. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks. This flaw does not exi...

Important: python-crypto

Issue Overview: A heap-buffer overflow vulnerability was discovered in cryptopp. This vulnerability can be used to remotely gain access to shell. Affected Packages: python-crypto Issue Correction: Run yum update python-crypto or yum update --advisory ALAS-2017-801 to update your system.Run yum...

Medium: openssl

Issue Overview: An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite. CVE-2017-3731 A denial of service flaw was found in the way...

Medium: libtiff, compat-libtiff3

Issue Overview: Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. CVE-2016-9533,...

Medium: exim

Issue Overview: It was found that Exim leaked DKIM signing private keys to the "mainlog" log file. As a result, an attacker with access to system log files could potentially access these leaked DKIM private keys. Affected Packages: exim Issue Correction: Run yum update exim or yum update --adviso...

Important: kernel

Issue Overview: A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol DCCP implementation freed SKB socket buffer resources for a DCCPPKTREQUEST packet when the IPV6RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw...

Important: mysql51

Issue Overview: It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the...

Medium: openldap

Issue Overview: A flaw was found in the way OpenLDAP parsed OpenSSL-style cipher strings. As a result, OpenLDAP could potentially use ciphers that were not intended to be enabled. Affected Packages: openldap Issue Correction: Run yum update openldap or yum update --advisory ALAS-2017-799 to updat...

Medium: tomcat7, tomcat8

Issue Overview: A bug in the error handling of the send file code for the NIO HTTP connector resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result...

Critical: java-1.7.0-openjdk

Issue Overview: It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. Th...

Important: bind

Issue Overview: A denial of service flaw was found in the way BIND handled a query response containing inconsistent DNSSEC information. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. Affected Packages: bind Iss...

Medium: subversion, mod_dav_svn

Issue Overview: It was discovered that Subversion's moddontdothat module and Subversion clients using https:// are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. An authenticated remote attacker can cause denial-of-service conditions on the server using...