Medium: postgresql92, postgresql93, postgresql94

Issue Overview: A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute...

Medium: libgcrypt, gnupg

Issue Overview: A design flaw was found in the libgcrypt PRNG Pseudo-Random Number Generator. An attacker who can obtain the first 580 bytes of the PRNG output can trivially predict the following 20 bytes. Affected Packages: libgcrypt, gnupg Issue Correction: Run yum update libgcrypt or yum updat...

Important: java-1.6.0-openjdk

Issue Overview: An insufficient bytecode verification flaw was discovered in the Hotspot component in OpenJDK. An untrusted Java application or applet could use this flaw to completely bypass Java sandbox restrictions. CVE-2016-3606 Multiple denial of service flaws were found in the JAXP componen...

Medium: python34, python27, python26

Issue Overview: It was discovered that the Python CGIHandler class did not properly protect against the HTTPPROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a...

Medium: kernel

Issue Overview: A use after free vulnerability was found in tcpxmitretransmitqueue and other tcp functions. Affected Packages: kernel Issue Correction: Run yum update kernel or yum update --advisory ALAS-2016-740 to update your system. New Packages: i686: kernel-devel-4.4.19-29.55.amzn1.i686...

Medium: collectd

Issue Overview: A heap-based buffer overflow in the parsepacket function in network.c in collectd allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via a crafted network packet. Affected Packages: collectd Issue Correction: Run yum update collect...

Important: mysql56

Issue Overview: Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows remote administrators to affect availability via vectors related to Server: RBR. CVE-2016-5440 Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows remote administrators to affect availability via...

Important: compat-libtiff3

Issue Overview: Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. CVE-2014-9655,...

Medium: tomcat7, tomcat8

Issue Overview: A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer 4096 bytes used to read the uploaded file if the boundary was the typical tens of bytes long. Affected Packages:...

Important: mysql55

Issue Overview: It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a clien...

Medium: squid

Issue Overview: A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code. CVE-2016-4051 It was found that the fix for...

Medium: golang

Issue Overview: An input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable "HTTPPROXY" using the incoming "Proxy" HTTP-request header. The environment variable "HTTPPROXY" is used by numerous web clients, including Go's...

Medium: samba

Issue Overview: A flaw was found in the way Samba initiated signed DCE/RPC connections. A man-in-the-middle attacker could use this flaw to downgrade the connection to not use signing and therefore impersonate the server. Affected Packages: samba Issue Correction: Run yum update samba or yum upda...

Important: libtiff

Issue Overview: Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. CVE-2014-9655,...

Medium: curl

Issue Overview: curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session. CVE-2016-5419 curl and libcurl before 7.50.1 do not check the client certificate when...

Important: java-1.7.0-openjdk

Issue Overview: Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. CVE-2016-3606, CVE-2016-3598, CVE-2016-3610 Multiple denial of service flaws were found ...

Medium: kernel

Issue Overview: It was found that nfsd is missing permissions check when setting ACL on files, this may allow a local users to gain access to any file by setting a crafted ACL. CVE-2016-1237 A flaw was found in the Linux kernel's keyring handling code, where in keyrejectandlink an uninitialised...

Medium: ntp

Issue Overview: It was discovered that ntpq and ntpdc disclosed the origin timestamp to unauthenticated clients, which could permit such clients to forge the server's replies. CVE-2015-8139 The processpacket function in ntpproto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause...

Medium: php55, php56

Issue Overview: A stack consumption vulnerability in GD in PHP allows remote attackers to cause a denial of service via a crafted imagefilltoborder call. CVE-2015-8874 An integer overflow, leading to a heap-based buffer overflow was found in the imagecreatefromgd2 function of PHP's gd extension. ...

Medium: python26, python27, python34

Issue Overview: It was found that Python's httplib library used urllib, urllib2 and others did not properly check HTTP header input in HTTPConnection.putheader. An attacker could use this flow to inject additional headers in a Python application that allows user provided header name or values...

Critical: java-1.8.0-openjdk

Issue Overview: Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. CVE-2016-3606, CVE-2016-3587, CVE-2016-3598, CVE-2016-3610 Multiple denial of service...

Medium: tomcat6, tomcat7, tomcat8

Issue Overview: Tomcat's CGI support used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attack...

Important: httpd24, httpd

Issue Overview: It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remot...

Important: libxml2

Issue Overview: A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or execute arbitrary code...

Medium: wget

Issue Overview: GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource. CVE-2016-4971 Affected Packages: wget Issue Correction: Run yum update wget or yum update --advisory ALAS-2016-720 to update your system. New...

Important: varnish

Issue Overview: Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \r carriage return character in conjunction with multiple Content-Length...

Medium: kernel

Issue Overview: A flaw was discovered in processing setsockopt for 32 bit processes on 64 bit systems. This flaw will allow attackers to alter arbitary kernel memory when unloading a kernel module. This action is usually restricted to root-priveledged users but can also be leveraged if the kernel...

Important: GraphicsMagick

Issue Overview: It was discovered that GraphicsMagick did not properly sanitize certain input before using it to invoke processes. A remote attacker could create a specially crafted image that, when processed by an application using GraphicsMagick or an unsuspecting user using the GraphicsMagick...

Important: ImageMagick

Issue Overview: It was discovered that ImageMagick did not properly sanitize certain input before using it to invoke processes. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities...

Low: mod24_nss

Issue Overview: It was reported that +CIPHER operator in OpenSSL changes the order of a cipher. Instead of returning an error as NSS does not support cipher ordering, it returned the result of processing up to that point, which could result in requested ciphers not being enabled. Affected Package...

Medium: squid

Issue Overview: A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code. CVE-2016-4051 Buffer overflow and input validation...

Medium: nginx

Issue Overview: A problem was identified in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while writing client request body to a temporary file. Affected Packages: nginx...

Medium: mod_dav_svn

Issue Overview: The canonicalizeusername function in svnserve/cyrusauth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an...

Medium: cacti

Issue Overview: SQL injection vulnerability in graphview.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the hostgroupdata parameter. CVE-2016-3659 Affected Packages: cacti Issue Correction: Run yum update cacti or yum update --advisory ALAS-2016-711 t...

Medium: jq

Issue Overview: A heap-based buffer overflow flaw was found in the tokenadd function. By tricking a victim into processing a specially crafted JSON file, an attacker could use this flaw to crash jq or, potentially, execute arbitrary code on the victim's system. CVE-2015-8863 Affected Packages: jq...

Medium: libksba

Issue Overview: The following security-related issues were resolved: Incomplete fix for CVE-2016-4356 CVE-2016-4574 Out-of-bounds read in ksbaberparsetl CVE-2016-4579 Affected Packages: libksba Issue Correction: Run yum update libksba or yum update --advisory ALAS-2016-712 to update your system...

Medium: ntp

Issue Overview: It was found that an ntpd client could be forced to change from basic client/server mode to the interleaved symmetric mode. A remote attacker could use a spoofed packet that, when processed by an ntpd client, would cause that client to reject all future legitimate server responses...

Medium: subversion

Issue Overview: The canonicalizeusername function in svnserve/cyrusauth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an...

Low: kernel

Issue Overview: The getrockridgefilename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM aka alternate name entries containing \\0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a...

Medium: php56

Issue Overview: The following security-related issues were resolved: Out-of-bounds read in imagescale CVE-2013-7456 Integer underflow causing arbitrary null write in fread/gzread CVE-2016-5096 Integer overflow in phphtmlentities CVE-2016-5094 Integer overflow in phpfilterfullspecialchars...

Medium: php55

Issue Overview: The following security-related issues were resolved: Out-of-bounds read in imagescale CVE-2013-7456 Integer underflow causing arbitrary null write in fread/gzread CVE-2016-5096 The pharmakedirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3...

Medium: nspr, nss-util, nss, nss-softokn

Issue Overview: A use-after-free flaw was found in the way NSS handled DHE DiffieHellman key exchange and ECDHE Elliptic Curve Diffie-Hellman key exchange handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS,...

Critical: mysql56

Issue Overview: A double-free flaw was found in the way OpenSSL parsed certain malformed DSA Digital Signature Algorithm private keys. An attacker could create specially crafted DSA private keys that, when processed by an application compiled against OpenSSL, could cause the application to crash...

Medium: kernel

Issue Overview: The Linux kernel did not properly suppress hugetlbfs support in x86 PV guests, which could allow local PV guest users to cause a denial of service guest OS crash by attempting to access a hugetlbfs mapped area. CVE-2016-3961 / XSA-174 A flaw was found in the way the Linux kernel's...

Critical: java-1.6.0-openjdk

Issue Overview: Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. CVE-2016-0686, CVE-2016-0687 It was discovered that the RMI server implementation in...

Important: ImageMagick

Issue Overview: It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagi...

Important: php56, php55

Issue Overview: The following security-related issues were resolved: Buffer over-write in finfoopen with malformed magic file CVE-2015-8865 Signedness vulnerability causing heap overflow in libgd CVE-2016-3074 Integer overflow in phprawurlencode CVE-2016-4070 Format string vulnerability in...

Important: openssl

Issue Overview: A vulnerability was discovered that allows a man-in-the-middle attacker to use a padding oracle attack to decrypt traffic on a connection using an AES CBC cipher with a server supporting AES-NI. CVE-2016-2107, Important It was discovered that the ASN.1 parser can misinterpret a...

Important: graphite2

Issue Overview: Several vulnerabilities were discovered in Graphite2. An attacker able to trick an unsuspecting user into opening specially crafted font files in an application using Graphite2 could exploit these flaws to cause the application to crash or, potentially, execute arbitrary code with...

Important: mercurial

Issue Overview: It was discovered that Mercurial failed to properly check Git sub-repository URLs. A Mercurial repository that includes a Git sub-repository with a specially crafted URL could cause Mercurial to execute arbitrary code. CVE-2016-3068 The binary delta decoder in Mercurial before 3.7...