Docker amazonlinux:1

Vulnerabilities

15 via 15 paths

Dependencies

103

Source

Group 6 Copy Created with Sketch. Docker

Target OS

amzn:2018.03
Test your Docker Hub image against our market leading vulnerability database Sign up for free
Severity
  • 15
Status
  • 15
  • 0
  • 0

medium severity
new

ALAS-2021-1509

  • Vulnerable module: curl
  • Introduced through: curl@7.61.1-12.95.amzn1
  • Fixed in: 7.61.1-12.98.amzn1

Detailed paths

  • Introduced through: amazonlinux:1@* curl@7.61.1-12.95.amzn1

NVD Description

Note: Versions mentioned in the description apply to the upstream curl package. See Remediation section below for Amzn:2018.03 relevant versions.

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2021-22898: A vulnerability was found in curl where a flaw in the option parser for sending NEW_ENV variables libcurl can pass uninitialized data from a stack-based buffer to the server. This issue leads to potentially revealing sensitive internal information to the server using a clear-text network protocol. The highest threat from this vulnerability is to confidentiality. 1964887: CVE-2021-22898 curl: TELNET stack contents disclosure CVE-2021-22876: 1941964: CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer It was discovered that libcurl did not remove authentication credentials from URLs when automatically populating the Referer HTTP request header while handling HTTP redirects. This could lead to exposure of the credentials to the server to which requests were redirected.

Remediation

Upgrade Amzn:2018.03 curl to version 7.61.1-12.98.amzn1 or higher.

References

medium severity
new

ALAS-2021-1511

  • Vulnerable module: glibc
  • Introduced through: glibc@2.17-292.180.amzn1
  • Fixed in: 2.17-322.181.amzn1

Detailed paths

  • Introduced through: amazonlinux:1@* glibc@2.17-292.180.amzn1

NVD Description

Note: Versions mentioned in the description apply to the upstream glibc package. See Remediation section below for Amzn:2018.03 relevant versions.

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2020-29573: A stack buffer overflow flaw was found in glibc in the way the printf family of functions processed an 80-bit long double with a non-canonical bit pattern. This flaw allows an attacker who can control the arguments of these functions with the non-standard long double pattern to trigger an overflow and cause an application crash. The highest threat from this vulnerability is to system availability. 1905213: CVE-2020-29573 glibc: stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern CVE-2020-10029: 1810670: CVE-2020-10029 glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions A flaw was found in glibc in versions prior to 2.32. Pseudo-zero values are not validated causing a stack corruption due to a stack-based overflow. The highest threat from this vulnerability is to system availability. CVE-2019-25013: 1912960: CVE-2019-25013 glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding A flaw was found in glibc. When processing input in the EUC-KR encoding, an invalid input sequence could cause glibc to read beyond the end of a buffer, resulting in a segmentation fault. The highest threat from this vulnerability is to system availability. CVE-2019-19126: A vulnerability was discovered in glibc where the LD_PREFER_MAP_32BIT_EXEC environment variable is not ignored when running binaries with the setuid flag on x86_64 architectures. This allows an attacker to force system to utilize only half of the memory (making the system think the software is 32-bit only), thus lowering the amount of memory being used with address space layout randomization (ASLR). The highest threat is confidentiality although the complexity of attack is high. The affected application must already have other vulnerabilities for this flaw to be usable. 1774681: CVE-2019-19126 glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries

Remediation

Upgrade Amzn:2018.03 glibc to version 2.17-322.181.amzn1 or higher.

References

medium severity
new

ALAS-2021-1511

  • Vulnerable module: glibc-common
  • Introduced through: glibc-common@2.17-292.180.amzn1
  • Fixed in: 2.17-322.181.amzn1

Detailed paths

  • Introduced through: amazonlinux:1@* glibc-common@2.17-292.180.amzn1

NVD Description

Note: Versions mentioned in the description apply to the upstream glibc-common package. See Remediation section below for Amzn:2018.03 relevant versions.

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2020-29573: A stack buffer overflow flaw was found in glibc in the way the printf family of functions processed an 80-bit long double with a non-canonical bit pattern. This flaw allows an attacker who can control the arguments of these functions with the non-standard long double pattern to trigger an overflow and cause an application crash. The highest threat from this vulnerability is to system availability. 1905213: CVE-2020-29573 glibc: stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern CVE-2020-10029: 1810670: CVE-2020-10029 glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions A flaw was found in glibc in versions prior to 2.32. Pseudo-zero values are not validated causing a stack corruption due to a stack-based overflow. The highest threat from this vulnerability is to system availability. CVE-2019-25013: 1912960: CVE-2019-25013 glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding A flaw was found in glibc. When processing input in the EUC-KR encoding, an invalid input sequence could cause glibc to read beyond the end of a buffer, resulting in a segmentation fault. The highest threat from this vulnerability is to system availability. CVE-2019-19126: A vulnerability was discovered in glibc where the LD_PREFER_MAP_32BIT_EXEC environment variable is not ignored when running binaries with the setuid flag on x86_64 architectures. This allows an attacker to force system to utilize only half of the memory (making the system think the software is 32-bit only), thus lowering the amount of memory being used with address space layout randomization (ASLR). The highest threat is confidentiality although the complexity of attack is high. The affected application must already have other vulnerabilities for this flaw to be usable. 1774681: CVE-2019-19126 glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries

Remediation

Upgrade Amzn:2018.03 glibc-common to version 2.17-322.181.amzn1 or higher.

References

medium severity
new

ALAS-2021-1509

  • Vulnerable module: libcurl
  • Introduced through: libcurl@7.61.1-12.95.amzn1
  • Fixed in: 7.61.1-12.98.amzn1

Detailed paths

  • Introduced through: amazonlinux:1@* libcurl@7.61.1-12.95.amzn1

NVD Description

Note: Versions mentioned in the description apply to the upstream libcurl package. See Remediation section below for Amzn:2018.03 relevant versions.

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2021-22898: A vulnerability was found in curl where a flaw in the option parser for sending NEW_ENV variables libcurl can pass uninitialized data from a stack-based buffer to the server. This issue leads to potentially revealing sensitive internal information to the server using a clear-text network protocol. The highest threat from this vulnerability is to confidentiality. 1964887: CVE-2021-22898 curl: TELNET stack contents disclosure CVE-2021-22876: 1941964: CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer It was discovered that libcurl did not remove authentication credentials from URLs when automatically populating the Referer HTTP request header while handling HTTP redirects. This could lead to exposure of the credentials to the server to which requests were redirected.

Remediation

Upgrade Amzn:2018.03 libcurl to version 7.61.1-12.98.amzn1 or higher.

References

medium severity
new

ALAS-2021-1522

  • Vulnerable module: nspr
  • Introduced through: nspr@4.21.0-1.43.amzn1
  • Fixed in: 4.25.0-2.45.amzn1

Detailed paths

  • Introduced through: amazonlinux:1@* nspr@4.21.0-1.43.amzn1

NVD Description

Note: Versions mentioned in the description apply to the upstream nspr package. See Remediation section below for Amzn:2018.03 relevant versions.

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2020-6829: A flaw was found in nss. Using the EM side-channel, it is possible to extract the position of zero and non-zero wNAF digits while nss-certutil tool performs scalar multiplication during the ECDSA signature generation, leaking partial information about the ECDSA nonce. Given a small number of ECDSA signatures, this information can be used to steal the private key. The highest threat from this vulnerability is to data confidentiality. 1826187: CVE-2020-6829 nss: Side channel attack on ECDSA signature generation CVE-2020-12403: A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability. 1868931: CVE-2020-12403 nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read CVE-2020-12402: A flaw was found in NSS, where it is vulnerable to RSA key generation cache timing side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. The highest threat to this flaw is to confidentiality. 1826231: CVE-2020-12402 nss: Side channel vulnerabilities during RSA key generation CVE-2020-12401: A flaw was found in nss. Using the EM side-channel, it is possible to extract the position of zero and non-zero wNAF digits while nss-certutil tool performs scalar multiplication during the ECDSA signature generation, leaking partial information about the ECDSA nonce. Given a small number of ECDSA signatures, this information can be used to steal the private key. The highest threat from this vulnerability is to data confidentiality. 1851294: CVE-2020-12401 nss: ECDSA timing attack mitigation bypass CVE-2020-12400: A side-channel flaw was found in NSS, in the way P-384 and P-521 curves are used in the generation of EDSA signatures, leaking partial information about the ECDSA nonce. Given a small number of ECDSA signatures, this information can be used to steal the private key. The highest threat from this vulnerability is to data confidentiality. 1853983: CVE-2020-12400 nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function CVE-2019-17023: 1791225: CVE-2019-17023 nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state A protocol downgrade flaw was found in Network Security Services (NSS). After a HelloRetryRequest has been sent, the client may negotiate a lower protocol than TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. CVE-2019-17006: 1775916: CVE-2019-17006 nss: Check length of inputs for cryptographic primitives A vulnerability was discovered in nss where input text length was not checked when using certain cryptographic primitives. This could lead to a heap-buffer overflow resulting in a crash and data leak. The highest threat is to confidentiality and integrity of data as well as system availability. CVE-2019-11756: 1774835: CVE-2019-11756 nss: Use-after-free in sftk_FreeSession due to improper refcounting A use-after-free flaw was found in Mozilla Network Security Services (NSS) related to PK11 session handling. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled with NSS. CVE-2019-11727: 1730988: CVE-2019-11727 nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox < 68. CVE-2019-11719: 1728436: CVE-2019-11719 nss: Out-of-bounds read when importing curve25519 private key When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

Remediation

Upgrade Amzn:2018.03 nspr to version 4.25.0-2.45.amzn1 or higher.

References

medium severity
new

ALAS-2021-1518

  • Vulnerable module: nss
  • Introduced through: nss@3.44.0-7.84.amzn1
  • Fixed in: 3.53.1-7.85.amzn1

Detailed paths

  • Introduced through: amazonlinux:1@* nss@3.44.0-7.84.amzn1

NVD Description

Note: Versions mentioned in the description apply to the upstream nss package. See Remediation section below for Amzn:2018.03 relevant versions.

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2020-25648: A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. 1887319: CVE-2020-25648 nss: TLS 1.3 CCS flood remote DoS Attack

Remediation

Upgrade Amzn:2018.03 nss to version 3.53.1-7.85.amzn1 or higher.

References

medium severity
new

ALAS-2021-1522

  • Vulnerable module: nss-softokn
  • Introduced through: nss-softokn@3.44.0-8.44.amzn1
  • Fixed in: 3.53.1-6.46.amzn1

Detailed paths

  • Introduced through: amazonlinux:1@* nss-softokn@3.44.0-8.44.amzn1

NVD Description

Note: Versions mentioned in the description apply to the upstream nss-softokn package. See Remediation section below for Amzn:2018.03 relevant versions.

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2020-6829: A flaw was found in nss. Using the EM side-channel, it is possible to extract the position of zero and non-zero wNAF digits while nss-certutil tool performs scalar multiplication during the ECDSA signature generation, leaking partial information about the ECDSA nonce. Given a small number of ECDSA signatures, this information can be used to steal the private key. The highest threat from this vulnerability is to data confidentiality. 1826187: CVE-2020-6829 nss: Side channel attack on ECDSA signature generation CVE-2020-12403: A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability. 1868931: CVE-2020-12403 nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read CVE-2020-12402: A flaw was found in NSS, where it is vulnerable to RSA key generation cache timing side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. The highest threat to this flaw is to confidentiality. 1826231: CVE-2020-12402 nss: Side channel vulnerabilities during RSA key generation CVE-2020-12401: A flaw was found in nss. Using the EM side-channel, it is possible to extract the position of zero and non-zero wNAF digits while nss-certutil tool performs scalar multiplication during the ECDSA signature generation, leaking partial information about the ECDSA nonce. Given a small number of ECDSA signatures, this information can be used to steal the private key. The highest threat from this vulnerability is to data confidentiality. 1851294: CVE-2020-12401 nss: ECDSA timing attack mitigation bypass CVE-2020-12400: A side-channel flaw was found in NSS, in the way P-384 and P-521 curves are used in the generation of EDSA signatures, leaking partial information about the ECDSA nonce. Given a small number of ECDSA signatures, this information can be used to steal the private key. The highest threat from this vulnerability is to data confidentiality. 1853983: CVE-2020-12400 nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function CVE-2019-17023: 1791225: CVE-2019-17023 nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state A protocol downgrade flaw was found in Network Security Services (NSS). After a HelloRetryRequest has been sent, the client may negotiate a lower protocol than TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. CVE-2019-17006: 1775916: CVE-2019-17006 nss: Check length of inputs for cryptographic primitives A vulnerability was discovered in nss where input text length was not checked when using certain cryptographic primitives. This could lead to a heap-buffer overflow resulting in a crash and data leak. The highest threat is to confidentiality and integrity of data as well as system availability. CVE-2019-11756: 1774835: CVE-2019-11756 nss: Use-after-free in sftk_FreeSession due to improper refcounting A use-after-free flaw was found in Mozilla Network Security Services (NSS) related to PK11 session handling. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled with NSS. CVE-2019-11727: 1730988: CVE-2019-11727 nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox < 68. CVE-2019-11719: 1728436: CVE-2019-11719 nss: Out-of-bounds read when importing curve25519 private key When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

Remediation

Upgrade Amzn:2018.03 nss-softokn to version 3.53.1-6.46.amzn1 or higher.

References

medium severity
new

ALAS-2021-1522

  • Vulnerable module: nss-softokn-freebl
  • Introduced through: nss-softokn-freebl@3.44.0-8.44.amzn1
  • Fixed in: 3.53.1-6.46.amzn1

Detailed paths

  • Introduced through: amazonlinux:1@* nss-softokn-freebl@3.44.0-8.44.amzn1

NVD Description

Note: Versions mentioned in the description apply to the upstream nss-softokn-freebl package. See Remediation section below for Amzn:2018.03 relevant versions.

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2020-6829: A flaw was found in nss. Using the EM side-channel, it is possible to extract the position of zero and non-zero wNAF digits while nss-certutil tool performs scalar multiplication during the ECDSA signature generation, leaking partial information about the ECDSA nonce. Given a small number of ECDSA signatures, this information can be used to steal the private key. The highest threat from this vulnerability is to data confidentiality. 1826187: CVE-2020-6829 nss: Side channel attack on ECDSA signature generation CVE-2020-12403: A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability. 1868931: CVE-2020-12403 nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read CVE-2020-12402: A flaw was found in NSS, where it is vulnerable to RSA key generation cache timing side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. The highest threat to this flaw is to confidentiality. 1826231: CVE-2020-12402 nss: Side channel vulnerabilities during RSA key generation CVE-2020-12401: A flaw was found in nss. Using the EM side-channel, it is possible to extract the position of zero and non-zero wNAF digits while nss-certutil tool performs scalar multiplication during the ECDSA signature generation, leaking partial information about the ECDSA nonce. Given a small number of ECDSA signatures, this information can be used to steal the private key. The highest threat from this vulnerability is to data confidentiality. 1851294: CVE-2020-12401 nss: ECDSA timing attack mitigation bypass CVE-2020-12400: A side-channel flaw was found in NSS, in the way P-384 and P-521 curves are used in the generation of EDSA signatures, leaking partial information about the ECDSA nonce. Given a small number of ECDSA signatures, this information can be used to steal the private key. The highest threat from this vulnerability is to data confidentiality. 1853983: CVE-2020-12400 nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function CVE-2019-17023: 1791225: CVE-2019-17023 nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state A protocol downgrade flaw was found in Network Security Services (NSS). After a HelloRetryRequest has been sent, the client may negotiate a lower protocol than TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. CVE-2019-17006: 1775916: CVE-2019-17006 nss: Check length of inputs for cryptographic primitives A vulnerability was discovered in nss where input text length was not checked when using certain cryptographic primitives. This could lead to a heap-buffer overflow resulting in a crash and data leak. The highest threat is to confidentiality and integrity of data as well as system availability. CVE-2019-11756: 1774835: CVE-2019-11756 nss: Use-after-free in sftk_FreeSession due to improper refcounting A use-after-free flaw was found in Mozilla Network Security Services (NSS) related to PK11 session handling. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled with NSS. CVE-2019-11727: 1730988: CVE-2019-11727 nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox < 68. CVE-2019-11719: 1728436: CVE-2019-11719 nss: Out-of-bounds read when importing curve25519 private key When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

Remediation

Upgrade Amzn:2018.03 nss-softokn-freebl to version 3.53.1-6.46.amzn1 or higher.

References

medium severity
new

ALAS-2021-1518

  • Vulnerable module: nss-sysinit
  • Introduced through: nss-sysinit@3.44.0-7.84.amzn1
  • Fixed in: 3.53.1-7.85.amzn1

Detailed paths

  • Introduced through: amazonlinux:1@* nss-sysinit@3.44.0-7.84.amzn1

NVD Description

Note: Versions mentioned in the description apply to the upstream nss-sysinit package. See Remediation section below for Amzn:2018.03 relevant versions.

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2020-25648: A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. 1887319: CVE-2020-25648 nss: TLS 1.3 CCS flood remote DoS Attack

Remediation

Upgrade Amzn:2018.03 nss-sysinit to version 3.53.1-7.85.amzn1 or higher.

References

medium severity
new

ALAS-2021-1518

  • Vulnerable module: nss-tools
  • Introduced through: nss-tools@3.44.0-7.84.amzn1
  • Fixed in: 3.53.1-7.85.amzn1

Detailed paths

  • Introduced through: amazonlinux:1@* nss-tools@3.44.0-7.84.amzn1

NVD Description

Note: Versions mentioned in the description apply to the upstream nss-tools package. See Remediation section below for Amzn:2018.03 relevant versions.

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2020-25648: A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. 1887319: CVE-2020-25648 nss: TLS 1.3 CCS flood remote DoS Attack

Remediation

Upgrade Amzn:2018.03 nss-tools to version 3.53.1-7.85.amzn1 or higher.

References

medium severity
new

ALAS-2021-1522

  • Vulnerable module: nss-util
  • Introduced through: nss-util@3.44.0-4.56.amzn1
  • Fixed in: 3.53.1-1.58.amzn1

Detailed paths

  • Introduced through: amazonlinux:1@* nss-util@3.44.0-4.56.amzn1

NVD Description

Note: Versions mentioned in the description apply to the upstream nss-util package. See Remediation section below for Amzn:2018.03 relevant versions.

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2020-6829: A flaw was found in nss. Using the EM side-channel, it is possible to extract the position of zero and non-zero wNAF digits while nss-certutil tool performs scalar multiplication during the ECDSA signature generation, leaking partial information about the ECDSA nonce. Given a small number of ECDSA signatures, this information can be used to steal the private key. The highest threat from this vulnerability is to data confidentiality. 1826187: CVE-2020-6829 nss: Side channel attack on ECDSA signature generation CVE-2020-12403: A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability. 1868931: CVE-2020-12403 nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read CVE-2020-12402: A flaw was found in NSS, where it is vulnerable to RSA key generation cache timing side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. The highest threat to this flaw is to confidentiality. 1826231: CVE-2020-12402 nss: Side channel vulnerabilities during RSA key generation CVE-2020-12401: A flaw was found in nss. Using the EM side-channel, it is possible to extract the position of zero and non-zero wNAF digits while nss-certutil tool performs scalar multiplication during the ECDSA signature generation, leaking partial information about the ECDSA nonce. Given a small number of ECDSA signatures, this information can be used to steal the private key. The highest threat from this vulnerability is to data confidentiality. 1851294: CVE-2020-12401 nss: ECDSA timing attack mitigation bypass CVE-2020-12400: A side-channel flaw was found in NSS, in the way P-384 and P-521 curves are used in the generation of EDSA signatures, leaking partial information about the ECDSA nonce. Given a small number of ECDSA signatures, this information can be used to steal the private key. The highest threat from this vulnerability is to data confidentiality. 1853983: CVE-2020-12400 nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function CVE-2019-17023: 1791225: CVE-2019-17023 nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state A protocol downgrade flaw was found in Network Security Services (NSS). After a HelloRetryRequest has been sent, the client may negotiate a lower protocol than TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. CVE-2019-17006: 1775916: CVE-2019-17006 nss: Check length of inputs for cryptographic primitives A vulnerability was discovered in nss where input text length was not checked when using certain cryptographic primitives. This could lead to a heap-buffer overflow resulting in a crash and data leak. The highest threat is to confidentiality and integrity of data as well as system availability. CVE-2019-11756: 1774835: CVE-2019-11756 nss: Use-after-free in sftk_FreeSession due to improper refcounting A use-after-free flaw was found in Mozilla Network Security Services (NSS) related to PK11 session handling. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled with NSS. CVE-2019-11727: 1730988: CVE-2019-11727 nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox < 68. CVE-2019-11719: 1728436: CVE-2019-11719 nss: Out-of-bounds read when importing curve25519 private key When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

Remediation

Upgrade Amzn:2018.03 nss-util to version 3.53.1-1.58.amzn1 or higher.

References

medium severity
new

ALAS-2021-1521

  • Vulnerable module: rpm
  • Introduced through: rpm@4.11.3-40.78.amzn1
  • Fixed in: 4.11.3-40.79.amzn1

Detailed paths

  • Introduced through: amazonlinux:1@* rpm@4.11.3-40.78.amzn1

NVD Description

Note: Versions mentioned in the description apply to the upstream rpm package. See Remediation section below for Amzn:2018.03 relevant versions.

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2021-3421: A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. 1927747: CVE-2021-3421 rpm: unsigned signature header leads to string injection into an rpm database CVE-2021-20271: 1934125: CVE-2021-20271 rpm: Signature checks bypass via corrupted rpm package A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.

Remediation

Upgrade Amzn:2018.03 rpm to version 4.11.3-40.79.amzn1 or higher.

References

medium severity
new

ALAS-2021-1521

  • Vulnerable module: rpm-build-libs
  • Introduced through: rpm-build-libs@4.11.3-40.78.amzn1
  • Fixed in: 4.11.3-40.79.amzn1

Detailed paths

  • Introduced through: amazonlinux:1@* rpm-build-libs@4.11.3-40.78.amzn1

NVD Description

Note: Versions mentioned in the description apply to the upstream rpm-build-libs package. See Remediation section below for Amzn:2018.03 relevant versions.

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2021-3421: A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. 1927747: CVE-2021-3421 rpm: unsigned signature header leads to string injection into an rpm database CVE-2021-20271: 1934125: CVE-2021-20271 rpm: Signature checks bypass via corrupted rpm package A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.

Remediation

Upgrade Amzn:2018.03 rpm-build-libs to version 4.11.3-40.79.amzn1 or higher.

References

medium severity
new

ALAS-2021-1521

  • Vulnerable module: rpm-libs
  • Introduced through: rpm-libs@4.11.3-40.78.amzn1
  • Fixed in: 4.11.3-40.79.amzn1

Detailed paths

  • Introduced through: amazonlinux:1@* rpm-libs@4.11.3-40.78.amzn1

NVD Description

Note: Versions mentioned in the description apply to the upstream rpm-libs package. See Remediation section below for Amzn:2018.03 relevant versions.

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2021-3421: A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. 1927747: CVE-2021-3421 rpm: unsigned signature header leads to string injection into an rpm database CVE-2021-20271: 1934125: CVE-2021-20271 rpm: Signature checks bypass via corrupted rpm package A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.

Remediation

Upgrade Amzn:2018.03 rpm-libs to version 4.11.3-40.79.amzn1 or higher.

References

medium severity
new

ALAS-2021-1521

  • Vulnerable module: rpm-python27
  • Introduced through: rpm-python27@4.11.3-40.78.amzn1
  • Fixed in: 4.11.3-40.79.amzn1

Detailed paths

  • Introduced through: amazonlinux:1@* rpm-python27@4.11.3-40.78.amzn1

NVD Description

Note: Versions mentioned in the description apply to the upstream rpm-python27 package. See Remediation section below for Amzn:2018.03 relevant versions.

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2021-3421: A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. 1927747: CVE-2021-3421 rpm: unsigned signature header leads to string injection into an rpm database CVE-2021-20271: 1934125: CVE-2021-20271 rpm: Signature checks bypass via corrupted rpm package A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.

Remediation

Upgrade Amzn:2018.03 rpm-python27 to version 4.11.3-40.79.amzn1 or higher.

References