Medium: openldap

Issue Overview: A flaw was found in the way OpenLDAP parsed OpenSSL-style cipher strings. As a result, OpenLDAP could potentially use ciphers that were not intended to be enabled. Affected Packages: openldap Issue Correction: Run yum update openldap or yum update --advisory ALAS-2017-799 to updat...

Medium: tomcat7, tomcat8

Issue Overview: A bug in the error handling of the send file code for the NIO HTTP connector resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result...

Important: bind

Issue Overview: A denial of service flaw was found in the way BIND handled a query response containing inconsistent DNSSEC information. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. Affected Packages: bind Iss...

Critical: java-1.7.0-openjdk

Issue Overview: It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. Th...

Medium: subversion, mod_dav_svn

Issue Overview: It was discovered that Subversion's moddontdothat module and Subversion clients using https:// are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. An authenticated remote attacker can cause denial-of-service conditions on the server using...

Low: glibc

Issue Overview: A stack overflow vulnerability was found in nssdnsgetnetbynamer. On systems with nsswitch configured to include "networks: dns" with a privileged or network-facing service that would attempt to resolve user-provided network names, an attacker could provide an excessively long...

Low: krb5

Issue Overview: A NULL pointer dereference flaw was found in MIT Kerberos kadmind service. An authenticated attacker with permission to modify a principal entry could use this flaw to cause kadmind to dereference a null pointer and crash by supplying an empty DB argument to the modifyprincipal...

Important: java-1.6.0-openjdk

Issue Overview: It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's memory and completely bypass Java sandbox...

Critical: java-1.8.0-openjdk

Issue Overview: It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application...

Medium: mysql56

Issue Overview: The following security-related issues were fixed: CVE-2016-8318 Server: Security: Encryption unspecified vulnerability CVE-2016-8327 Server: Replication unspecified vulnerability CVE-2017-3238 Server: Optimizer unspecified vulnerability CVE-2017-3244 Server: DML unspecified...

Medium: mysql55

Issue Overview: The following security-related issues were fixed: CVE-2017-3238 Server: Optimizer unspecified vulnerability CVE-2017-3243 Server: Charsets unspecified vulnerability CVE-2017-3244 Server: DML unspecified vulnerability CVE-2017-3258 Server: DDL unspecified vulnerability CVE-2017-331...

Medium: php70

Issue Overview: The SplObjectStorage unserialize implementation in ext/spl/splobserver.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service uninitialized memory access via crafted serialized data...

Medium: php56

Issue Overview: A vulnerability was found in gd. Integer underflow in a calculation in dynamicGetbuf was incorrectly handled, leading in some circumstances to an out of bounds write through a very large argument to memcpy. An attacker could create a crafted image that would lead to a crash or,...

Medium: httpd24

Issue Overview: The following security-related issues were fixed: Padding oracle vulnerability in Apache modsessioncrypto CVE-2016-0736 DoS vulnerability in modauthdigest CVE-2016-2161 Apache HTTP request parsing whitespace defects CVE-2016-8743 Affected Packages: httpd24 Issue Correction: Run yu...

Medium: kernel

Issue Overview: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNELDS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service use-after-free by leveraging access to a...

Medium: ghostscript

Issue Overview: It was found that the ghostscript functions getenv, filenameforall and .libfile did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could read environment variable, list...

Important: docker

Issue Overview: It was discovered that runC allowed additional container processes via runc exec to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file descriptors of these new processes during the initialization,...

Medium: kernel

Issue Overview: A flaw was found in the Linux kernel key management subsystem in which a local attacker could crash the kernel or corrupt the stack and additional memory denial of service by supplying a specially crafted RSA key. This flaw panics the machine during the verification of the RSA key...

Medium: ntp

Issue Overview: The following security-related issues were resolved: CVE-2016-7426: Client rate limiting and server responses CVE-2016-7429: Attack on interface selection CVE-2016-7433: Broken initial sync calculations regression CVE-2016-9310: Mode 6 unauthenticated trap information disclosure a...

Medium: sudo

Issue Overview: It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed system or popen C library functions with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could use this flaw t...

Important: vim

Issue Overview: A vulnerability was found in vim in how certain modeline options were treated. An attacker could craft a file that, when opened in vim with modelines enabled, could execute arbitrary commands with privileges of the user running vim. modelines are disabled by default for root, and...

Medium: nss-util, nss, nss-softokn

Issue Overview: CVE-2016-2834 nss: Multiple security flaws MFSA 2016-61 Multiple buffer handling flaws were found in the way NSS handled cryptographic data from the network. A remote attacker could use these flaws to crash an application using NSS or, possibly, execute arbitrary code with the...

Important: tomcat6

Issue Overview: CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests CVE-2016-8735 tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener Affected Packages: tomcat6 Issue Correction: Run yum update tomcat6 or yum update...

Medium: expat

Issue Overview: CVE-2016-0718: Out-of-bounds read flaw An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly,...

Medium: 389-ds-base

Issue Overview: CVE-2016-5405 389-ds-base: Password verification vulnerable to timing attack It was found that 389 Directory Server was vulnerable to a remote password disclosure via timing attack. A remote attacker could possibly use this flaw to retrieve directory server password after many...

Important: tomcat7

Issue Overview: CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests CVE-2016-8735 tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener Affected Packages: tomcat7 Issue Correction: Run yum update tomcat7 or yum update...

Important: tomcat8

Issue Overview: CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests CVE-2016-8735 tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener Affected Packages: tomcat8 Issue Correction: Run yum update tomcat8 or yum update...

Important: kernel

Issue Overview: CVE-2016-8645 kernel: a BUG statement can be hit in net/ipv4/tcpinput.c It was discovered that the Linux kernel since 3.6-rc1 with net.ipv4.tcpfastopen; set to 1 can hit BUG statement in tcpcollapse function after making a number of certain syscalls leading to a possible system...

Medium: poppler

Issue Overview: A heap-buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler to crash or, potentially, execute arbitrary code when opened. Affected Packages: poppler Issue Correction: Run yum update poppler o...

Important: java-1.7.0-openjdk

Issue Overview: It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for JAR integrity verification. This flaw could allow an attacker to modify content of the JAR file that used weak signing key or hash algorithm. CVE-2016-5542 A flaw was found in...

Important: bind

Issue Overview: A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. Affected Packages: bind Issue Correction: Run yum...

Medium: openssh

Issue Overview: It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running the login program. In configurations with UseLogin=yes and the pamenv PAM module configured to read user environment settings, a local user could use this flaw to execute arbitrary code ...

Medium: php-ZendFramework

Issue Overview: The implementation of ORDER BY and GROUP BY in ZendDbSelect was discovered to be vulnerable to SQL injection. Affected Packages: php-ZendFramework Issue Correction: Run yum update php-ZendFramework or yum update --advisory ALAS-2016-767 to update your system. New Packages: noarch:...

Important: cloud-init

Issue Overview: It was discovered that cloud-init in the Amazon Linux AMI wrote IAM role credentials from the instance metadata service to files readable by the root user in /var/lib/cloud. An application with root privileges, a container with access to the relevant files, or a root user of an AM...

Important: memcached

Issue Overview: An integer overflow flaw, leading to a heap-based buffer overflow, was found in the memcached binary protocol. An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code. CVE-2016-8704, CVE-2016-8705 ...

Important: kernel

Issue Overview: The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service stack consumption and panic or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers an...

Medium: curl

Issue Overview: This build resolves the following issues: CVE-2016-8615: Cookie injection for other servers CVE-2016-8616: Case insensitive password comparison CVE-2016-8617: Out-of-bounds write via unchecked multiplication CVE-2016-8618: Double-free in curlmaprintf CVE-2016-8619: Double-free in...

Important: policycoreutils

Issue Overview: It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent bash, escaping the sandbox. Affected...

Important: tomcat6, tomcat7, tomcat8

Issue Overview: It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges...

Important: python-twisted-web

Issue Overview: It was discovered that python-twisted-web used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP...

Critical: java-1.8.0-openjdk

Issue Overview: It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's memory and completely bypass Java sandbox...

Important: bind

Issue Overview: CVE-2016-2848 bind: assertion failure triggered by a packet with malformed options A denial of service flaw was found in the way BIND handled packets with malformed options. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a...

Critical: kernel

Issue Overview: A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write COW breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their...

Medium: php56

Issue Overview: ext/standard/varunserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via an unserialize call that references a partially constructed...

Important: mysql55, mysql56

Issue Overview: It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the...

Medium: php70

Issue Overview: ext/mysqlnd/mysqlndwireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNEDFLAG flag, which allows remote MySQL servers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted...

Medium: openssl

Issue Overview: It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm DSA signatures. A local attacker could possibly use this flaw to obtain a private DSA key belonging to another user or service running on the same system...

Medium: GraphicsMagick

Issue Overview: A possible heap overflow was discovered in the EscapeParenthesis function CVE-2016-7447. Various issues were found in the processing of SVG files in GraphicsMagick CVE-2016-7446. The TIFF reader had a bug pertaining to use of TIFFGetField when a 'count' value is returned. The bug...

Important: bind

Issue Overview: A denial of service flaw was found in the way BIND constructed a response to a query that met certain criteria. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet. Affected Packages: bind Issue...

Important: libarchive

Issue Overview: A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive...