Docker amazonlinux:2018.03.0.20180827

Vulnerabilities

77 via 77 paths

Dependencies

103

Source

Group 6 Copy Created with Sketch. Docker

Target OS

amzn:2018.03
Test your Docker Hub image against our market leading vulnerability database Sign up for free
Severity
  • 17
  • 49
  • 11
Status
  • 77
  • 0
  • 0

high severity

ALAS-2019-1298

  • Vulnerable module: libnghttp2
  • Introduced through: libnghttp2@1.21.1-1.4.amzn1
  • Fixed in: 1.31.1-2.5.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* libnghttp2@1.21.1-1.4.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2019-9513: Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. 1735741: CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption CVE-2019-9511: Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. 1741860: CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service

References

high severity

ALAS-2020-1404

  • Vulnerable module: libnghttp2
  • Introduced through: libnghttp2@1.21.1-1.4.amzn1
  • Fixed in: 1.33.0-1.1.6.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* libnghttp2@1.21.1-1.4.amzn1

Overview

Affected versions of this package are vulnerable to ALAS-2020-1404. Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2020-11080: In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection. 1844929: CVE-2020-11080 nghttp2: overly large SETTINGS frames can lead to DoS

Remediation

Upgrade libnghttp2 to version or higher.

References

high severity

ALAS-2019-1254

  • Vulnerable module: libssh2
  • Introduced through: libssh2@1.4.2-2.13.amzn1
  • Fixed in: 1.4.2-3.12.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* libssh2@1.4.2-2.13.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2019-3863: A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error. 1687313: CVE-2019-3863 libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes CVE-2019-3857: An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. 1687305: CVE-2019-3857 libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write CVE-2019-3856: An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. 1687304: CVE-2019-3856 libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write CVE-2019-3855: 1687303: CVE-2019-3855 libssh2: Integer overflow in transport read resulting in out of bounds write An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

References

high severity

ALAS-2020-1415

  • Vulnerable module: libxml2
  • Introduced through: libxml2@2.9.1-6.3.49.amzn1
  • Fixed in: 2.9.1-6.4.40.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* libxml2@2.9.1-6.3.49.amzn1

Overview

Affected versions of this package are vulnerable to ALAS-2020-1415. Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2018-14567: libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251. 1619875: CVE-2018-14567 libxml2: Infinite loop caused by incorrect error detection during LZMA decompression CVE-2018-14404: 1595985: CVE-2018-14404 libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application. CVE-2017-18258: The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file. 1566749: CVE-2017-18258 libxml2: Unrestricted memory usage in xz_head() function in xzlib.c CVE-2017-15412: Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 1523128: CVE-2017-15412 libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c CVE-2016-5131: Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. 1358641: CVE-2016-5131 libxml2: Use after free triggered by XPointer paths beginning with range-to CVE-2015-8035: 1277146: CVE-2015-8035 libxml2: DoS caused by incorrect error detection during XZ decompression The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.

Remediation

Upgrade libxml2 to version or higher.

References

high severity

ALAS-2020-1415

  • Vulnerable module: libxml2-python27
  • Introduced through: libxml2-python27@2.9.1-6.3.49.amzn1
  • Fixed in: 2.9.1-6.4.40.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* libxml2-python27@2.9.1-6.3.49.amzn1

Overview

Affected versions of this package are vulnerable to ALAS-2020-1415. Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2018-14567: libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251. 1619875: CVE-2018-14567 libxml2: Infinite loop caused by incorrect error detection during LZMA decompression CVE-2018-14404: 1595985: CVE-2018-14404 libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application. CVE-2017-18258: The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file. 1566749: CVE-2017-18258 libxml2: Unrestricted memory usage in xz_head() function in xzlib.c CVE-2017-15412: Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 1523128: CVE-2017-15412 libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c CVE-2016-5131: Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. 1358641: CVE-2016-5131 libxml2: Use after free triggered by XPointer paths beginning with range-to CVE-2015-8035: 1277146: CVE-2015-8035 libxml2: DoS caused by incorrect error detection during XZ decompression The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.

Remediation

Upgrade libxml2-python27 to version or higher.

References

high severity

ALAS-2020-1355

  • Vulnerable module: nspr
  • Introduced through: nspr@4.13.1-1.0.39.amzn1
  • Fixed in: 4.21.0-1.43.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* nspr@4.13.1-1.0.39.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2019-11745: 99999: CVE-2019-11745 nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate A heap-based buffer overflow was found in the NSC_EncryptUpdate() function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application (compiled with nss). While the attack complexity is high, the impact to confidentiality, integrity, and availability are high as well. 1774831: CVE-2019-11745 nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. CVE-2019-11729: 99999: CVE-2019-11729 nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. 1728437: CVE-2019-11729 nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. CVE-2018-12404: 1657913: CVE-2018-12404 nss: Cache side-channel variant of the Bleichenbacher attack A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41. 1657913: CVE-2018-12404 nss: Cache side-channel variant of the Bleichenbacher attack CVE-2018-0495: 1591163: CVE-2018-0495 ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. 1591163: CVE-2018-0495 openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries 1591163: CVE-2018-0495 ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries

References

high severity

ALAS-2020-1355

  • Vulnerable module: nss
  • Introduced through: nss@3.28.4-12.80.amzn1
  • Fixed in: 3.44.0-7.84.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* nss@3.28.4-12.80.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2019-11745: 99999: CVE-2019-11745 nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate A heap-based buffer overflow was found in the NSC_EncryptUpdate() function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application (compiled with nss). While the attack complexity is high, the impact to confidentiality, integrity, and availability are high as well. 1774831: CVE-2019-11745 nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. CVE-2019-11729: 99999: CVE-2019-11729 nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. 1728437: CVE-2019-11729 nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. CVE-2018-12404: 1657913: CVE-2018-12404 nss: Cache side-channel variant of the Bleichenbacher attack A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41. 1657913: CVE-2018-12404 nss: Cache side-channel variant of the Bleichenbacher attack CVE-2018-0495: 1591163: CVE-2018-0495 ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. 1591163: CVE-2018-0495 openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries 1591163: CVE-2018-0495 ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries

References

high severity

ALAS-2020-1355

  • Vulnerable module: nss-softokn
  • Introduced through: nss-softokn@3.28.3-8.41.amzn1
  • Fixed in: 3.44.0-8.44.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* nss-softokn@3.28.3-8.41.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2019-11745: 99999: CVE-2019-11745 nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate A heap-based buffer overflow was found in the NSC_EncryptUpdate() function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application (compiled with nss). While the attack complexity is high, the impact to confidentiality, integrity, and availability are high as well. 1774831: CVE-2019-11745 nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. CVE-2019-11729: 99999: CVE-2019-11729 nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. 1728437: CVE-2019-11729 nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. CVE-2018-12404: 1657913: CVE-2018-12404 nss: Cache side-channel variant of the Bleichenbacher attack A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41. 1657913: CVE-2018-12404 nss: Cache side-channel variant of the Bleichenbacher attack CVE-2018-0495: 1591163: CVE-2018-0495 ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. 1591163: CVE-2018-0495 openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries 1591163: CVE-2018-0495 ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries

References

high severity

ALAS-2020-1355

  • Vulnerable module: nss-softokn-freebl
  • Introduced through: nss-softokn-freebl@3.28.3-8.41.amzn1
  • Fixed in: 3.44.0-8.44.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* nss-softokn-freebl@3.28.3-8.41.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2019-11745: 99999: CVE-2019-11745 nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate A heap-based buffer overflow was found in the NSC_EncryptUpdate() function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application (compiled with nss). While the attack complexity is high, the impact to confidentiality, integrity, and availability are high as well. 1774831: CVE-2019-11745 nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. CVE-2019-11729: 99999: CVE-2019-11729 nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. 1728437: CVE-2019-11729 nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. CVE-2018-12404: 1657913: CVE-2018-12404 nss: Cache side-channel variant of the Bleichenbacher attack A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41. 1657913: CVE-2018-12404 nss: Cache side-channel variant of the Bleichenbacher attack CVE-2018-0495: 1591163: CVE-2018-0495 ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. 1591163: CVE-2018-0495 openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries 1591163: CVE-2018-0495 ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries

References

high severity

ALAS-2020-1355

  • Vulnerable module: nss-sysinit
  • Introduced through: nss-sysinit@3.28.4-12.80.amzn1
  • Fixed in: 3.44.0-7.84.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* nss-sysinit@3.28.4-12.80.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2019-11745: 99999: CVE-2019-11745 nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate A heap-based buffer overflow was found in the NSC_EncryptUpdate() function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application (compiled with nss). While the attack complexity is high, the impact to confidentiality, integrity, and availability are high as well. 1774831: CVE-2019-11745 nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. CVE-2019-11729: 99999: CVE-2019-11729 nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. 1728437: CVE-2019-11729 nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. CVE-2018-12404: 1657913: CVE-2018-12404 nss: Cache side-channel variant of the Bleichenbacher attack A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41. 1657913: CVE-2018-12404 nss: Cache side-channel variant of the Bleichenbacher attack CVE-2018-0495: 1591163: CVE-2018-0495 ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. 1591163: CVE-2018-0495 openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries 1591163: CVE-2018-0495 ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries

References

high severity

ALAS-2020-1355

  • Vulnerable module: nss-tools
  • Introduced through: nss-tools@3.28.4-12.80.amzn1
  • Fixed in: 3.44.0-7.84.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* nss-tools@3.28.4-12.80.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2019-11745: 99999: CVE-2019-11745 nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate A heap-based buffer overflow was found in the NSC_EncryptUpdate() function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application (compiled with nss). While the attack complexity is high, the impact to confidentiality, integrity, and availability are high as well. 1774831: CVE-2019-11745 nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. CVE-2019-11729: 99999: CVE-2019-11729 nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. 1728437: CVE-2019-11729 nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. CVE-2018-12404: 1657913: CVE-2018-12404 nss: Cache side-channel variant of the Bleichenbacher attack A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41. 1657913: CVE-2018-12404 nss: Cache side-channel variant of the Bleichenbacher attack CVE-2018-0495: 1591163: CVE-2018-0495 ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. 1591163: CVE-2018-0495 openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries 1591163: CVE-2018-0495 ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries

References

high severity

ALAS-2020-1355

  • Vulnerable module: nss-util
  • Introduced through: nss-util@3.28.4-3.53.amzn1
  • Fixed in: 3.44.0-4.56.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* nss-util@3.28.4-3.53.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2019-11745: 99999: CVE-2019-11745 nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate A heap-based buffer overflow was found in the NSC_EncryptUpdate() function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application (compiled with nss). While the attack complexity is high, the impact to confidentiality, integrity, and availability are high as well. 1774831: CVE-2019-11745 nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. CVE-2019-11729: 99999: CVE-2019-11729 nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. 1728437: CVE-2019-11729 nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. CVE-2018-12404: 1657913: CVE-2018-12404 nss: Cache side-channel variant of the Bleichenbacher attack A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41. 1657913: CVE-2018-12404 nss: Cache side-channel variant of the Bleichenbacher attack CVE-2018-0495: 1591163: CVE-2018-0495 ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. 1591163: CVE-2018-0495 openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries 1591163: CVE-2018-0495 ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries

References

high severity

ALAS-2020-1345

  • Vulnerable module: openssl
  • Introduced through: openssl@1:1.0.2k-12.110.amzn1
  • Fixed in: 1:1.0.2k-16.151.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* openssl@1:1.0.2k-12.110.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2020-2659: 99999: 1791284: CVE-2020-2659 OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2020-2654: 1791217: CVE-2020-2654 OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). 99999: CVE-2020-2604: 1790944: CVE-2020-2604 OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). 99999: CVE-2020-2601: 1790570: CVE-2020-2601 OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N). 99999: CVE-2020-2593: 1790884: CVE-2020-2593 OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). 99999: CVE-2020-2590: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). 1790556: CVE-2020-2590 OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) 99999: CVE-2020-2583: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). 1790444: CVE-2020-2583 OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) 99999:

References

high severity

ALAS-2020-1456

  • Vulnerable module: openssl
  • Introduced through: openssl@1:1.0.2k-12.110.amzn1
  • Fixed in: 1:1.0.2k-16.152.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* openssl@1:1.0.2k-12.110.amzn1

Overview

Affected versions of this package are vulnerable to ALAS-2020-1456. Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2020-1971: 1903409: CVE-2020-1971 openssl: EDIPARTYNAME NULL pointer de-reference A null pointer dereference flaw was found in openssl. A remote attacker, able to control the arguments of the GENERAL_NAME_cmp function, could cause the application, compiled with openssl to crash resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Remediation

Upgrade openssl to version or higher.

References

high severity

ALAS-2018-1076

  • Vulnerable module: pcre
  • Introduced through: pcre@8.21-7.7.amzn1
  • Fixed in: 8.21-7.8.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* pcre@8.21-7.7.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2016-3191: The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. 1311503: CVE-2016-3191 pcre: workspace overflow for (*ACCEPT) with deeply nested parentheses (8.39/13, 10.22/12)

References

high severity

ALAS-2019-1258

  • Vulnerable module: python27
  • Introduced through: python27@2.7.14-1.123.amzn1
  • Fixed in: 2.7.16-1.129.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* python27@2.7.14-1.123.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2019-9948: 1695570: CVE-2019-9948 python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call. CVE-2019-10160: A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application. 1718388: CVE-2019-10160 python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc

References

high severity

ALAS-2019-1258

  • Vulnerable module: python27-libs
  • Introduced through: python27-libs@2.7.14-1.123.amzn1
  • Fixed in: 2.7.16-1.129.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* python27-libs@2.7.14-1.123.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2019-9948: 1695570: CVE-2019-9948 python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call. CVE-2019-10160: A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application. 1718388: CVE-2019-10160 python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc

References

medium severity

ALAS-2020-1379

  • Vulnerable module: bash
  • Introduced through: bash@4.2.46-28.37.amzn1
  • Fixed in: 4.2.46-34.43.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* bash@4.2.46-28.37.amzn1

Overview

Affected versions of this package are vulnerable to ALAS-2020-1379. Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2019-9924: 1691774: CVE-2019-9924 bash: BASH_CMD is writable in restricted bash shells rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.

Remediation

Upgrade bash to version or higher.

References

medium severity

ALAS-2019-1151

  • Vulnerable module: curl
  • Introduced through: curl@7.53.1-16.84.amzn1
  • Fixed in: 7.61.1-7.91.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* curl@7.53.1-16.84.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2018-20483: 1662705: CVE-2018-20483 wget: Information exposure in set_file_metadata function in xattr.c set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl. CVE-2018-0500: 1597101: CVE-2018-0500 curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP A heap-based buffer overflow has been found in the Curl_smtp_escape_eob() function of curl. An attacker could exploit this by convincing a user to use curl to upload data over SMTP with a reduced buffer to cause a crash or corrupt memory.

References

medium severity

ALAS-2019-1294

  • Vulnerable module: curl
  • Introduced through: curl@7.53.1-16.84.amzn1
  • Fixed in: 7.61.1-12.93.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* curl@7.53.1-16.84.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2019-5482: Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. 1749652: CVE-2019-5482 curl: heap buffer overflow in function tftp_receive_packet() CVE-2019-5481: Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. 1749402: CVE-2019-5481 curl: double free due to subsequent call of realloc()

References

medium severity

ALAS-2020-1411

  • Vulnerable module: curl
  • Introduced through: curl@7.53.1-16.84.amzn1
  • Fixed in: 7.61.1-12.94.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* curl@7.53.1-16.84.amzn1

Overview

Affected versions of this package are vulnerable to ALAS-2020-1411. Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2020-8177: No description is available for this CVE. 1847915: CVE-2020-8177 curl: command line arguments lead to local file overwrite

Remediation

Upgrade curl to version or higher.

References

medium severity

ALAS-2020-1364

  • Vulnerable module: expat
  • Introduced through: expat@2.1.0-10.21.amzn1
  • Fixed in: 2.1.0-11.22.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* expat@2.1.0-10.21.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2015-2716: Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283. 99999: CVE-2015-2716 expat: Integer overflow leading to buffer overflow in XML_GetBuffer()

References

medium severity

new

ALAS-2021-1459

  • Vulnerable module: expat
  • Introduced through: expat@2.1.0-10.21.amzn1
  • Fixed in: 2.1.0-12.24.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* expat@2.1.0-10.21.amzn1

Overview

Affected versions of this package are vulnerable to ALAS-2021-1459. Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2019-15903: In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. 1752592: CVE-2019-15903 expat: heap-based buffer over-read via crafted XML input CVE-2018-20843: It was discovered that the "setElementTypePrefix()" function incorrectly extracted XML namespace prefixes. By tricking an application into processing a specially crafted XML file, an attacker could cause unusually high consumption of memory resources and possibly lead to a denial of service. 1723723: CVE-2018-20843 expat: large number of colons in input makes parser consume high amount of resources, leading to DoS

Remediation

Upgrade expat to version or higher.

References

medium severity

ALAS-2019-1186

  • Vulnerable module: file-libs
  • Introduced through: file-libs@5.30-11.34.amzn1
  • Fixed in: 5.34-3.37.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* file-libs@5.30-11.34.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2019-8907: 1679138: CVE-2019-8907 file: do_core_note in readelf.c allows remote attackers to cause a denial of service do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact. CVE-2019-8906: 1679175: CVE-2019-8906 file: out-of-bounds read in do_core_note in readelf.c do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. CVE-2019-8905: 1679181: CVE-2019-8905 file: stack-based buffer over-read in do_core_note in readelf.c do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. CVE-2019-8904: 1679188: CVE-2019-8904 file: stack-based buffer over-read in do_bid_note in readelf.c do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf.

References

medium severity

ALAS-2019-1326

  • Vulnerable module: file-libs
  • Introduced through: file-libs@5.30-11.34.amzn1
  • Fixed in: 5.37-8.48.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* file-libs@5.30-11.34.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2019-18218: 99999: CVE-2019-18218 file: heap-based buffer overflow in cdf_read_property_info in cdf.c cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).

References

medium severity

ALAS-2019-1256

  • Vulnerable module: glib2
  • Introduced through: glib2@2.36.3-5.18.amzn1
  • Fixed in: 2.36.3-5.21.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* glib2@2.36.3-5.18.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2019-12450: file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used. 1719141: CVE-2019-12450 glib2: file_copy_fallback in gio/gfile.c in GNOME GLib does not properly restrict file permissions while a copy operation is in progress

References

medium severity

ALAS-2018-1109

  • Vulnerable module: glibc
  • Introduced through: glibc@2.17-222.173.amzn1
  • Fixed in: 2.17-260.175.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* glibc@2.17-222.173.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2018-6485: 1542102: CVE-2018-6485 glibc: Integer overflow in posix_memalign in memalign functions An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. CVE-2018-11237: A buffer overflow has been discovered in the GNU C Library (aka glibc or libc6) in the __mempcpy_avx512_no_vzeroupper function when particular conditions are met. An attacker could use this vulnerability to cause a denial of service or potentially execute code. 1581274: CVE-2018-11237 glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper CVE-2018-11236: stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution. 1581269: CVE-2018-11236 glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow CVE-2017-16997: 1526865: CVE-2017-16997 glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.

References

medium severity

ALAS-2019-1320

  • Vulnerable module: glibc
  • Introduced through: glibc@2.17-222.173.amzn1
  • Fixed in: 2.17-292.178.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* glibc@2.17-222.173.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2016-10739: In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings. 99999: CVE-2016-10739 glibc: getaddrinfo should reject IP addresses with trailing characters

References

medium severity

ALAS-2018-1109

  • Vulnerable module: glibc-common
  • Introduced through: glibc-common@2.17-222.173.amzn1
  • Fixed in: 2.17-260.175.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* glibc-common@2.17-222.173.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2018-6485: 1542102: CVE-2018-6485 glibc: Integer overflow in posix_memalign in memalign functions An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. CVE-2018-11237: A buffer overflow has been discovered in the GNU C Library (aka glibc or libc6) in the __mempcpy_avx512_no_vzeroupper function when particular conditions are met. An attacker could use this vulnerability to cause a denial of service or potentially execute code. 1581274: CVE-2018-11237 glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper CVE-2018-11236: stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution. 1581269: CVE-2018-11236 glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow CVE-2017-16997: 1526865: CVE-2017-16997 glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.

References

medium severity

ALAS-2019-1320

  • Vulnerable module: glibc-common
  • Introduced through: glibc-common@2.17-222.173.amzn1
  • Fixed in: 2.17-292.178.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* glibc-common@2.17-222.173.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2016-10739: In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings. 99999: CVE-2016-10739 glibc: getaddrinfo should reject IP addresses with trailing characters

References

medium severity

ALAS-2018-1010

  • Vulnerable module: krb5-libs
  • Introduced through: krb5-libs@1.15.1-8.43.amzn1
  • Fixed in: 1.15.1-19.43.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* krb5-libs@1.15.1-8.43.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2017-7562: An authentication bypass flaw was found in the way krb5's certauth interface handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances. 1485510: CVE-2017-7562 krb5: Authentication bypass by improper validation of certificate EKU and SAN CVE-2017-11368: 1473560: CVE-2017-11368 krb5: Invalid S4U2Self or S4U2Proxy request causes assertion failure A denial of service flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to exit with an assertion failure by making an invalid S4U2Self or S4U2Proxy request.

References

medium severity

ALAS-2020-1374

  • Vulnerable module: krb5-libs
  • Introduced through: krb5-libs@1.15.1-8.43.amzn1
  • Fixed in: 1.15.1-46.48.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* krb5-libs@1.15.1-8.43.amzn1

Overview

Affected versions of this package are vulnerable to ALAS-2020-1374. Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2018-20217: 1665296: CVE-2018-20217 krb5: Reachable assertion in the KDC using S4U2Self requests A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.

Remediation

Upgrade krb5-libs to version or higher.

References

medium severity

new

ALAS-2021-1458

  • Vulnerable module: libcom_err
  • Introduced through: libcom_err@1.42.12-4.40.amzn1
  • Fixed in: 1.43.5-2.44.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* libcom_err@1.42.12-4.40.amzn1

Overview

Affected versions of this package are vulnerable to ALAS-2021-1458. Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2019-5188: 1790048: CVE-2019-5188 e2fsprogs: Out-of-bounds write in e2fsck/rehash.c A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. CVE-2019-5094: 1768555: CVE-2019-5094 e2fsprogs: Crafted ext4 partition leads to out-of-bounds write An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.

Remediation

Upgrade libcom_err to version or higher.

References

medium severity

ALAS-2019-1151

  • Vulnerable module: libcurl
  • Introduced through: libcurl@7.53.1-16.84.amzn1
  • Fixed in: 7.61.1-7.91.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* libcurl@7.53.1-16.84.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2018-20483: 1662705: CVE-2018-20483 wget: Information exposure in set_file_metadata function in xattr.c set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl. CVE-2018-0500: 1597101: CVE-2018-0500 curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP A heap-based buffer overflow has been found in the Curl_smtp_escape_eob() function of curl. An attacker could exploit this by convincing a user to use curl to upload data over SMTP with a reduced buffer to cause a crash or corrupt memory.

References

medium severity

ALAS-2019-1294

  • Vulnerable module: libcurl
  • Introduced through: libcurl@7.53.1-16.84.amzn1
  • Fixed in: 7.61.1-12.93.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* libcurl@7.53.1-16.84.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2019-5482: Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. 1749652: CVE-2019-5482 curl: heap buffer overflow in function tftp_receive_packet() CVE-2019-5481: Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. 1749402: CVE-2019-5481 curl: double free due to subsequent call of realloc()

References

medium severity

ALAS-2020-1411

  • Vulnerable module: libcurl
  • Introduced through: libcurl@7.53.1-16.84.amzn1
  • Fixed in: 7.61.1-12.94.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* libcurl@7.53.1-16.84.amzn1

Overview

Affected versions of this package are vulnerable to ALAS-2020-1411. Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2020-8177: No description is available for this CVE. 1847915: CVE-2020-8177 curl: command line arguments lead to local file overwrite

Remediation

Upgrade libcurl to version or higher.

References

medium severity

ALAS-2020-1361

  • Vulnerable module: libicu
  • Introduced through: libicu@50.1.2-11.12.amzn1
  • Fixed in: 50.2-4.0.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* libicu@50.1.2-11.12.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2020-10531: 1807349: CVE-2020-10531 ICU: Integer overflow in UnicodeString::doAppend() An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.

References

medium severity

ALAS-2019-1327

  • Vulnerable module: libidn2
  • Introduced through: libidn2@0.16-1.2.amzn1
  • Fixed in: 2.3.0-1.4.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* libidn2@0.16-1.2.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2019-18224: idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string. 99999: CVE-2019-18224 libidn2: heap-based buffer overflow in idn2_to_ascii_4i in lib/lookup.c CVE-2019-12290: 99999:

References

medium severity

ALAS-2018-1072

  • Vulnerable module: libxml2
  • Introduced through: libxml2@2.9.1-6.3.49.amzn1
  • Fixed in: 2.9.1-6.3.52.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* libxml2@2.9.1-6.3.49.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2018-14404: 1595985: CVE-2018-14404 libxml2: NULL pointer dereference in xpath.c:xmlXPathCompOpEval() can allow attackers to cause a denial of service A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the application.

References

medium severity

ALAS-2020-1438

  • Vulnerable module: libxml2
  • Introduced through: libxml2@2.9.1-6.3.49.amzn1
  • Fixed in: 2.9.1-6.4.41.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* libxml2@2.9.1-6.3.49.amzn1

Overview

Affected versions of this package are vulnerable to ALAS-2020-1438. Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2020-7595: 1799786: CVE-2020-7595 libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. CVE-2019-20388: 1799734: CVE-2019-20388 libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c A memory leak was found in the xmlSchemaValidateStream function of libxml2. Applications that use this library may be vulnerable to memory not being freed leading to a denial of service. System availability is the highest threat from this vulnerability. CVE-2019-19956: xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. 1788856: CVE-2019-19956 libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c

Remediation

Upgrade libxml2 to version or higher.

References

medium severity

ALAS-2018-1072

  • Vulnerable module: libxml2-python27
  • Introduced through: libxml2-python27@2.9.1-6.3.49.amzn1
  • Fixed in: 2.9.1-6.3.52.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* libxml2-python27@2.9.1-6.3.49.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2018-14404: 1595985: CVE-2018-14404 libxml2: NULL pointer dereference in xpath.c:xmlXPathCompOpEval() can allow attackers to cause a denial of service A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the application.

References

medium severity

ALAS-2020-1438

  • Vulnerable module: libxml2-python27
  • Introduced through: libxml2-python27@2.9.1-6.3.49.amzn1
  • Fixed in: 2.9.1-6.4.41.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* libxml2-python27@2.9.1-6.3.49.amzn1

Overview

Affected versions of this package are vulnerable to ALAS-2020-1438. Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2020-7595: 1799786: CVE-2020-7595 libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. CVE-2019-20388: 1799734: CVE-2019-20388 libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c A memory leak was found in the xmlSchemaValidateStream function of libxml2. Applications that use this library may be vulnerable to memory not being freed leading to a denial of service. System availability is the highest threat from this vulnerability. CVE-2019-19956: xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. 1788856: CVE-2019-19956 libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c

Remediation

Upgrade libxml2-python27 to version or higher.

References

medium severity

ALAS-2018-1095

  • Vulnerable module: nss
  • Introduced through: nss@3.28.4-12.80.amzn1
  • Fixed in: 3.36.0-5.82.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* nss@3.28.4-12.80.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2018-12384: A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack. 1622089: CVE-2018-12384 nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello

References

medium severity

ALAS-2018-1095

  • Vulnerable module: nss-sysinit
  • Introduced through: nss-sysinit@3.28.4-12.80.amzn1
  • Fixed in: 3.36.0-5.82.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* nss-sysinit@3.28.4-12.80.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2018-12384: A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack. 1622089: CVE-2018-12384 nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello

References

medium severity

ALAS-2018-1095

  • Vulnerable module: nss-tools
  • Introduced through: nss-tools@3.28.4-12.80.amzn1
  • Fixed in: 3.36.0-5.82.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* nss-tools@3.28.4-12.80.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2018-12384: A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack. 1622089: CVE-2018-12384 nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello

References

medium severity

ALAS-2018-1098

  • Vulnerable module: openssl
  • Introduced through: openssl@1:1.0.2k-12.110.amzn1
  • Fixed in: 1:1.0.2k-13.111.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* openssl@1:1.0.2k-12.110.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o). 1591100: CVE-2018-0732 openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang

References

medium severity

ALAS-2018-1102

  • Vulnerable module: openssl
  • Introduced through: openssl@1:1.0.2k-12.110.amzn1
  • Fixed in: 1:1.0.2k-16.146.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* openssl@1:1.0.2k-12.110.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2018-0739: Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n). 1561266: CVE-2018-0739 openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service CVE-2018-0495: Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. 1591163: CVE-2018-0495 openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries CVE-2017-3735: 1486144: CVE-2017-3735 openssl: Malformed X.509 IPAdressFamily could cause OOB read While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.

References

medium severity

ALAS-2019-1188

  • Vulnerable module: openssl
  • Introduced through: openssl@1:1.0.2k-12.110.amzn1
  • Fixed in: 1:1.0.2k-16.150.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* openssl@1:1.0.2k-12.110.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2019-1559: 1683804: CVE-2019-1559 openssl: 0-byte record padding oracle If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q). CVE-2018-5407: A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information. 1645695: CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)

References

medium severity

ALAS-2018-1108

  • Vulnerable module: python27
  • Introduced through: python27@2.7.14-1.123.amzn1
  • Fixed in: 2.7.15-1.124.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* python27@2.7.14-1.123.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2018-1061: 1549192: CVE-2018-1061 python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib A flaw was found in the way catastrophic backtracking was implemented in python's difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service. CVE-2018-1060: A flaw was found in the way catastrophic backtracking was implemented in python's pop3lib's apop() method. An attacker could use this flaw to cause denial of service. 1549191: CVE-2018-1060 python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib

References

medium severity

ALAS-2019-1169

  • Vulnerable module: python27
  • Introduced through: python27@2.7.14-1.123.amzn1
  • Fixed in: 2.7.16-1.125.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* python27@2.7.14-1.123.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2019-5010: 1666519: CVE-2019-5010 python: NULL pointer dereference using a specially crafted X509 certificate A null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accepts certificates only from trusted root certificate authorities.

References

medium severity

ALAS-2019-1230

  • Vulnerable module: python27
  • Introduced through: python27@2.7.14-1.123.amzn1
  • Fixed in: 2.7.16-1.127.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* python27@2.7.14-1.123.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2019-9947: 1695572: CVE-2019-9947 python: improper neutralization of CRLF sequences in urllib module An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. CVE-2019-9740: An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. 1688169: CVE-2019-9740 python: improper neutralization of CRLF sequences in urllib module CVE-2019-9636: 1688543: CVE-2019-9636 python: Information Disclosure due to urlsplit improper NFKC normalization Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.

References

medium severity

ALAS-2019-1314

  • Vulnerable module: python27
  • Introduced through: python27@2.7.14-1.123.amzn1
  • Fixed in: 2.7.16-1.130.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* python27@2.7.14-1.123.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2019-16056: 99999: CVE-2019-16056 python: email.utils.parseaddr wrongly parses email addresses An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.

References

medium severity

ALAS-2020-1342

  • Vulnerable module: python27
  • Introduced through: python27@2.7.14-1.123.amzn1
  • Fixed in: 2.7.16-1.131.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* python27@2.7.14-1.123.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2019-16935: The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server. 1763229: CVE-2019-16935 python: XSS vulnerability in the documentation XML-RPC server in server_title field

References

medium severity

ALAS-2020-1375

  • Vulnerable module: python27
  • Introduced through: python27@2.7.14-1.123.amzn1
  • Fixed in: 2.7.18-1.137.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* python27@2.7.14-1.123.amzn1

Overview

Affected versions of this package are vulnerable to ALAS-2020-1375. Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2019-18348: An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.) 1727276: CVE-2019-18348 python: CRLF injection via the host part of the url passed to urlopen() CVE-2018-20852: http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3. 1740347: CVE-2018-20852 python: Cookie domain check returns incorrect results

Remediation

Upgrade python27 to version or higher.

References

medium severity

ALAS-2020-1407

  • Vulnerable module: python27
  • Introduced through: python27@2.7.14-1.123.amzn1
  • Fixed in: 2.7.18-1.138.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* python27@2.7.14-1.123.amzn1

Overview

Affected versions of this package are vulnerable to ALAS-2020-1407. Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2020-8492: 1809065: CVE-2020-8492 python: wrong backtracking in urllib.request.AbstractBasicAuthHandler allows for a ReDoS Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.

Remediation

Upgrade python27 to version or higher.

References

medium severity

ALAS-2020-1427

  • Vulnerable module: python27
  • Introduced through: python27@2.7.14-1.123.amzn1
  • Fixed in: 2.7.18-2.139.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* python27@2.7.14-1.123.amzn1

Overview

Affected versions of this package are vulnerable to ALAS-2020-1427. Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2019-20907: In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. 1856481: CVE-2019-20907 python: infinite loop in the tarfile module via crafted TAR archive

Remediation

Upgrade python27 to version or higher.

References

medium severity

ALAS-2020-1454

  • Vulnerable module: python27
  • Introduced through: python27@2.7.14-1.123.amzn1
  • Fixed in: 2.7.18-2.140.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* python27@2.7.14-1.123.amzn1

Overview

Affected versions of this package are vulnerable to ALAS-2020-1454. Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2020-26116: http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. 1883014: CVE-2020-26116 python: CRLF injection via HTTP request method in httplib/http.client

Remediation

Upgrade python27 to version or higher.

References

medium severity

ALAS-2018-1108

  • Vulnerable module: python27-libs
  • Introduced through: python27-libs@2.7.14-1.123.amzn1
  • Fixed in: 2.7.15-1.124.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* python27-libs@2.7.14-1.123.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2018-1061: 1549192: CVE-2018-1061 python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib A flaw was found in the way catastrophic backtracking was implemented in python's difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service. CVE-2018-1060: A flaw was found in the way catastrophic backtracking was implemented in python's pop3lib's apop() method. An attacker could use this flaw to cause denial of service. 1549191: CVE-2018-1060 python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib

References

medium severity

ALAS-2019-1169

  • Vulnerable module: python27-libs
  • Introduced through: python27-libs@2.7.14-1.123.amzn1
  • Fixed in: 2.7.16-1.125.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* python27-libs@2.7.14-1.123.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2019-5010: 1666519: CVE-2019-5010 python: NULL pointer dereference using a specially crafted X509 certificate A null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accepts certificates only from trusted root certificate authorities.

References

medium severity

ALAS-2019-1230

  • Vulnerable module: python27-libs
  • Introduced through: python27-libs@2.7.14-1.123.amzn1
  • Fixed in: 2.7.16-1.127.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* python27-libs@2.7.14-1.123.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2019-9947: 1695572: CVE-2019-9947 python: improper neutralization of CRLF sequences in urllib module An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. CVE-2019-9740: An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. 1688169: CVE-2019-9740 python: improper neutralization of CRLF sequences in urllib module CVE-2019-9636: 1688543: CVE-2019-9636 python: Information Disclosure due to urlsplit improper NFKC normalization Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.

References

medium severity

ALAS-2019-1314

  • Vulnerable module: python27-libs
  • Introduced through: python27-libs@2.7.14-1.123.amzn1
  • Fixed in: 2.7.16-1.130.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* python27-libs@2.7.14-1.123.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2019-16056: 99999: CVE-2019-16056 python: email.utils.parseaddr wrongly parses email addresses An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.

References

medium severity

ALAS-2020-1342

  • Vulnerable module: python27-libs
  • Introduced through: python27-libs@2.7.14-1.123.amzn1
  • Fixed in: 2.7.16-1.131.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* python27-libs@2.7.14-1.123.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2019-16935: The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server. 1763229: CVE-2019-16935 python: XSS vulnerability in the documentation XML-RPC server in server_title field

References

medium severity

ALAS-2020-1375

  • Vulnerable module: python27-libs
  • Introduced through: python27-libs@2.7.14-1.123.amzn1
  • Fixed in: 2.7.18-1.137.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* python27-libs@2.7.14-1.123.amzn1

Overview

Affected versions of this package are vulnerable to ALAS-2020-1375. Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2019-18348: An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.) 1727276: CVE-2019-18348 python: CRLF injection via the host part of the url passed to urlopen() CVE-2018-20852: http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3. 1740347: CVE-2018-20852 python: Cookie domain check returns incorrect results

Remediation

Upgrade python27-libs to version or higher.

References

medium severity

ALAS-2020-1407

  • Vulnerable module: python27-libs
  • Introduced through: python27-libs@2.7.14-1.123.amzn1
  • Fixed in: 2.7.18-1.138.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* python27-libs@2.7.14-1.123.amzn1

Overview

Affected versions of this package are vulnerable to ALAS-2020-1407. Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2020-8492: 1809065: CVE-2020-8492 python: wrong backtracking in urllib.request.AbstractBasicAuthHandler allows for a ReDoS Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.

Remediation

Upgrade python27-libs to version or higher.

References

medium severity

ALAS-2020-1427

  • Vulnerable module: python27-libs
  • Introduced through: python27-libs@2.7.14-1.123.amzn1
  • Fixed in: 2.7.18-2.139.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* python27-libs@2.7.14-1.123.amzn1

Overview

Affected versions of this package are vulnerable to ALAS-2020-1427. Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2019-20907: In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. 1856481: CVE-2019-20907 python: infinite loop in the tarfile module via crafted TAR archive

Remediation

Upgrade python27-libs to version or higher.

References

medium severity

ALAS-2020-1454

  • Vulnerable module: python27-libs
  • Introduced through: python27-libs@2.7.14-1.123.amzn1
  • Fixed in: 2.7.18-2.140.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* python27-libs@2.7.14-1.123.amzn1

Overview

Affected versions of this package are vulnerable to ALAS-2020-1454. Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2020-26116: http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. 1883014: CVE-2020-26116 python: CRLF injection via HTTP request method in httplib/http.client

Remediation

Upgrade python27-libs to version or higher.

References

low severity

ALAS-2018-1112

  • Vulnerable module: curl
  • Introduced through: curl@7.53.1-16.84.amzn1
  • Fixed in: 7.53.1-16.85.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* curl@7.53.1-16.84.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2018-14618: 1622707: CVE-2018-14618 curl: NTLM password overflow via integer overflow curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)

References

low severity

ALAS-2019-1148

  • Vulnerable module: curl
  • Introduced through: curl@7.53.1-16.84.amzn1
  • Fixed in: 7.53.1-16.86.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* curl@7.53.1-16.84.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2018-16842: Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service. 1644124: CVE-2018-16842 curl: Heap-based buffer over-read in the curl tool warning formatting CVE-2018-16840: 1642203: CVE-2018-16840 curl: Use-after-free when closing "easy" handle in Curl_close() A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the Curl_close() function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct. CVE-2018-16839: Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service. 1642201: CVE-2018-16839 curl: Integer overflow leading to heap-based buffer overflow in Curl_sasl_create_plain_message()

References

low severity

ALAS-2019-1233

  • Vulnerable module: curl
  • Introduced through: curl@7.53.1-16.84.amzn1
  • Fixed in: 7.61.1-11.91.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* curl@7.53.1-16.84.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2019-5436: A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. 1710620: CVE-2019-5436 curl: TFTP receive heap buffer overflow in tftp_receive_packet() function CVE-2019-5435: An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1. 1710609: CVE-2019-5435 curl: Integer overflows in curl_url_set() function

References

low severity

ALAS-2020-1444

  • Vulnerable module: curl
  • Introduced through: curl@7.53.1-16.84.amzn1
  • Fixed in: 7.61.1-12.95.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* curl@7.53.1-16.84.amzn1

Overview

Affected versions of this package are vulnerable to ALAS-2020-1444. Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2020-8231: A flaw was found in libcurl from versions 7.29.0 through 7.71.1. An application that performs multiple requests with libcurl's multi API, and sets the CURLOPT_CONNECT_ONLY option, might experience libcurl using the wrong connection. The highest threat from this vulnerability is to data confidentiality. 1868032: CVE-2020-8231 curl: Expired pointer dereference via multi API with CURLOPT_CONNECT_ONLY option set

Remediation

Upgrade curl to version or higher.

References

low severity

ALAS-2018-1129

  • Vulnerable module: krb5-libs
  • Introduced through: krb5-libs@1.15.1-8.43.amzn1
  • Fixed in: 1.15.1-34.44.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* krb5-libs@1.15.1-8.43.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2018-5730: 1551082: CVE-2018-5730 krb5: DN container check bypass by supplying special crafted data MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN. CVE-2018-5729: 1551083: CVE-2018-5729 krb5: null dereference in kadmind or DN container check bypass by supplying special crafted data MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.

References

low severity

ALAS-2018-1112

  • Vulnerable module: libcurl
  • Introduced through: libcurl@7.53.1-16.84.amzn1
  • Fixed in: 7.53.1-16.85.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* libcurl@7.53.1-16.84.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2018-14618: 1622707: CVE-2018-14618 curl: NTLM password overflow via integer overflow curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)

References

low severity

ALAS-2019-1148

  • Vulnerable module: libcurl
  • Introduced through: libcurl@7.53.1-16.84.amzn1
  • Fixed in: 7.53.1-16.86.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* libcurl@7.53.1-16.84.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2018-16842: Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service. 1644124: CVE-2018-16842 curl: Heap-based buffer over-read in the curl tool warning formatting CVE-2018-16840: 1642203: CVE-2018-16840 curl: Use-after-free when closing "easy" handle in Curl_close() A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the Curl_close() function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct. CVE-2018-16839: Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service. 1642201: CVE-2018-16839 curl: Integer overflow leading to heap-based buffer overflow in Curl_sasl_create_plain_message()

References

low severity

ALAS-2019-1233

  • Vulnerable module: libcurl
  • Introduced through: libcurl@7.53.1-16.84.amzn1
  • Fixed in: 7.61.1-11.91.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* libcurl@7.53.1-16.84.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2019-5436: A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. 1710620: CVE-2019-5436 curl: TFTP receive heap buffer overflow in tftp_receive_packet() function CVE-2019-5435: An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1. 1710609: CVE-2019-5435 curl: Integer overflows in curl_url_set() function

References

low severity

ALAS-2020-1444

  • Vulnerable module: libcurl
  • Introduced through: libcurl@7.53.1-16.84.amzn1
  • Fixed in: 7.61.1-12.95.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* libcurl@7.53.1-16.84.amzn1

Overview

Affected versions of this package are vulnerable to ALAS-2020-1444. Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2020-8231: A flaw was found in libcurl from versions 7.29.0 through 7.71.1. An application that performs multiple requests with libcurl's multi API, and sets the CURLOPT_CONNECT_ONLY option, might experience libcurl using the wrong connection. The highest threat from this vulnerability is to data confidentiality. 1868032: CVE-2020-8231 curl: Expired pointer dereference via multi API with CURLOPT_CONNECT_ONLY option set

Remediation

Upgrade libcurl to version or higher.

References

low severity

ALAS-2019-1153

  • Vulnerable module: openssl
  • Introduced through: openssl@1:1.0.2k-12.110.amzn1
  • Fixed in: 1:1.0.2k-16.148.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* openssl@1:1.0.2k-12.110.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2018-0734: 1644364: CVE-2018-0734 openssl: timing side channel attack in the DSA signature algorithm The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).

References

low severity

ALAS-2020-1344

  • Vulnerable module: openssl
  • Introduced through: openssl@1:1.0.2k-12.110.amzn1
  • Fixed in: 1:1.0.2k-16.151.amzn1

Detailed paths

  • Introduced through: amazonlinux:2018.03.0.20180827@* openssl@1:1.0.2k-12.110.amzn1

Overview

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2019-1563: In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s). 1752100: CVE-2019-1563 openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey

References