AWS Security Advisories — August 2017 — AWS Security Advisories

ALAS-2017-889

ALAS · AL1Medium2017-08-31

ALAS-2017-889: curl (medium)

CVEs:CVE-2017-1000099 CVE-2017-1000100 CVE-2017-1000101

Affected products

Product	Status	Vendor	Package	Ecosystem
curl	affected	Amazon	curl	—

Upstream advisory

ALAS-2017-888

ALAS · AL1Medium2017-08-31

ALAS-2017-888: mysql56 (medium)

CVEs:CVE-2017-3633 CVE-2017-3634 CVE-2017-3635 CVE-2017-3641 CVE-2017-3647 CVE-2017-3648 CVE-2017-3649 CVE-2017-3651 CVE-2017-3652 CVE-2017-3653

Affected products

Product	Status	Vendor	Package	Ecosystem
mysql56	affected	Amazon	mysql56	—

Upstream advisory

ALAS-2017-887

ALAS · AL1Medium2017-08-31

ALAS-2017-887: mysql55 (medium)

CVEs:CVE-2017-3635 CVE-2017-3636 CVE-2017-3641 CVE-2017-3648 CVE-2017-3651 CVE-2017-3652 CVE-2017-3653

Affected products

Product	Status	Vendor	Package	Ecosystem
mysql55	affected	Amazon	mysql55	—

Upstream advisory

ALAS-2017-886

ALAS · AL1Important2017-08-31

ALAS-2017-886: aws-cfn-bootstrap (important)

CVEs:CVE-2017-9450

Affected products

Product	Status	Vendor	Package	Ecosystem
aws-cfn-bootstrap	affected	Amazon	aws-cfn-bootstrap	—

Upstream advisory

ALAS-2017-885

ALAS · AL1Medium2017-08-31

ALAS-2017-885: postgresql94, postgresql95 (medium)

CVEs:CVE-2017-7546 CVE-2017-7547 CVE-2017-7548

Affected products

Product	Status	Vendor	Package	Ecosystem
postgresql94, postgresql95	affected	Amazon	postgresql94, postgresql95	—

Upstream advisory

ALAS-2017-884

ALAS · AL1Medium2017-08-31

ALAS-2017-884: postgresql93, postgresql92 (medium)

CVEs:CVE-2017-7546 CVE-2017-7547

Affected products

Product	Status	Vendor	Package	Ecosystem
postgresql93, postgresql92	affected	Amazon	postgresql93, postgresql92	—

Upstream advisory

ALAS-2017-883

ALAS · AL1Important2017-08-31

ALAS-2017-883: subversion, mod_dav_svn (important)

CVEs:CVE-2017-9800

Affected products

Product	Status	Vendor	Package	Ecosystem
subversion, mod_dav_svn	affected	Amazon	subversion, mod_dav_svn	—

Upstream advisory

ALAS-2017-882

ALAS · AL1Important2017-08-31

ALAS-2017-882: git (important)

CVEs:CVE-2017-1000117

Affected products

Product	Status	Vendor	Package	Ecosystem
git	affected	Amazon	git	—

Upstream advisory

ALAS-2017-881

ALAS · AL1Low2017-08-31

ALAS-2017-881: wget (low)

CVEs:CVE-2017-6508

Affected products

Product	Status	Vendor	Package	Ecosystem
wget	affected	Amazon	wget	—

Upstream advisory

ALAS-2017-880

ALAS · AL1Medium2017-08-31

ALAS-2017-880: ruby23 (medium)

CVEs:CVE-2016-7798

Affected products

Product	Status	Vendor	Package	Ecosystem
ruby23	affected	Amazon	ruby23	—

Upstream advisory

ALAS-2017-879

ALAS · AL1Medium2017-08-31

ALAS-2017-879: tigervnc (medium)

CVEs:CVE-2016-10207 CVE-2017-5581 CVE-2017-7392 CVE-2017-7393 CVE-2017-7394 CVE-2017-7395 CVE-2017-7396

Affected products

Product	Status	Vendor	Package	Ecosystem
tigervnc	affected	Amazon	tigervnc	—

Upstream advisory

ALAS-2017-878

ALAS · AL1Medium2017-08-31

ALAS-2017-878: bash (medium)

CVEs:CVE-2016-0634 CVE-2016-7543 CVE-2016-9401

Affected products

Product	Status	Vendor	Package	Ecosystem
bash	affected	Amazon	bash	—

Upstream advisory

ALAS-2017-877

ALAS · AL1Medium2017-08-31

ALAS-2017-877: glibc (medium)

CVEs:CVE-2014-9761 CVE-2015-8776 CVE-2015-8777 CVE-2015-8778 CVE-2015-8779

Affected products

Product	Status	Vendor	Package	Ecosystem
glibc	affected	Amazon	glibc	—

Upstream advisory

ALAS-2017-876

ALAS · AL1Medium2017-08-30

ALAS-2017-876: libnl3 (medium)

CVEs:CVE-2017-0553

Affected products

Product	Status	Vendor	Package	Ecosystem
libnl3	affected	Amazon	libnl3	—

Upstream advisory

ALAS-2017-875

ALAS · AL1Medium2017-08-30

ALAS-2017-875: authconfig (medium)

CVEs:CVE-2017-7488

Affected products

Product	Status	Vendor	Package	Ecosystem
authconfig	affected	Amazon	authconfig	—

Upstream advisory

ALAS-2017-874

ALAS · AL1Important2017-08-17

ALAS-2017-874: cacti (important)

CVEs:CVE-2017-10970 CVE-2017-12065 CVE-2017-12066

Affected products

Product	Status	Vendor	Package	Ecosystem
cacti	affected	Amazon	cacti	—

Upstream advisory

ALAS-2017-873

ALAS · AL1Important2017-08-17

ALAS-2017-873: tomcat7 (important)

CVEs:CVE-2017-5648 CVE-2017-5664 CVE-2017-7674

Affected products

Product	Status	Vendor	Package	Ecosystem
tomcat7	affected	Amazon	tomcat7	—

Upstream advisory

ALAS-2017-872

ALAS · AL1Important2017-08-17

ALAS-2017-872: graphite2 (important)

CVEs:CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775 CVE-2017-7776 CVE-2017-7777 CVE-2017-7778

Affected products

Product	Status	Vendor	Package	Ecosystem
graphite2	affected	Amazon	graphite2	—

Upstream advisory

ALAS-2017-871

ALAS · AL1Medium2017-08-17

ALAS-2017-871: php56 (medium)

CVEs:CVE-2017-9224 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229

Affected products

Product	Status	Vendor	Package	Ecosystem
php56	affected	Amazon	php56	—

Upstream advisory

ALAS-2017-870

ALAS · AL1Important2017-08-17

ALAS-2017-870: kernel (important)

CVEs:CVE-2017-11473 CVE-2017-7533 CVE-2017-7542 CVE-2017-8831

Affected products

Product	Status	Vendor	Package	Ecosystem
kernel	affected	Amazon	kernel	—

Upstream advisory

ALAS-2017-869

ALAS · AL1Critical2017-08-15

ALAS-2017-869: java-1.7.0-openjdk (critical)

CVEs:CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10081 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10115 CVE-2017-10116 CVE-2017-10135 CVE-2017-10243

Affected products

Product	Status	Vendor	Package	Ecosystem
java-1.7.0-openjdk	affected	Amazon	java-1.7.0-openjdk	—

Upstream advisory

ALAS-2017-868

ALAS · AL1Critical2017-08-10

ALAS-2017-868: kernel (critical)

CVEs:CVE-2017-1000111 CVE-2017-1000112 CVE-2017-11176

Affected products

Product	Status	Vendor	Package	Ecosystem
kernel	affected	Amazon	kernel	—

Upstream advisory

ALAS-2017-867

ALAS · AL1Medium2017-08-03

ALAS-2017-867: php70 (medium)

CVEs:CVE-2017-7890 CVE-2017-9224 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229

Affected products

Product	Status	Vendor	Package	Ecosystem
php70	affected	Amazon	php70	—

Upstream advisory

ALAS-2017-866

ALAS · AL1Important2017-08-03

ALAS-2017-866: aws-cfn-bootstrap (important)

Affected products

Product	Status	Vendor	Package	Ecosystem
aws-cfn-bootstrap	affected	Amazon	aws-cfn-bootstrap	—

Upstream advisory

ALAS-2017-865

ALAS · AL1Important2017-08-03

ALAS-2017-865: freeradius (important)

CVEs:CVE-2017-10978 CVE-2017-10979 CVE-2017-10980 CVE-2017-10981 CVE-2017-10982 CVE-2017-10983

Affected products

Product	Status	Vendor	Package	Ecosystem
freeradius	affected	Amazon	freeradius	—

Upstream advisory

ALAS-2017-864

ALAS · AL1Medium2017-08-03

ALAS-2017-864: libtommath, libtomcrypt (medium)

CVEs:CVE-2016-6129

Affected products

Product	Status	Vendor	Package	Ecosystem
libtommath, libtomcrypt	affected	Amazon	libtommath, libtomcrypt	—

Upstream advisory

ALAS-2017-863

ALAS · AL1Medium2017-08-03

ALAS-2017-863: httpd24 (medium)

CVEs:CVE-2016-8743 CVE-2017-3167 CVE-2017-3169 CVE-2017-7659 CVE-2017-7668 CVE-2017-7679

Affected products

Product	Status	Vendor	Package	Ecosystem
httpd24	affected	Amazon	httpd24	—

Upstream advisory

ALAS-2017-862

ALAS · AL1Important2017-08-03

ALAS-2017-862: tomcat8 (important)

CVEs:CVE-2017-5664 CVE-2017-7674

Affected products

Product	Status	Vendor	Package	Ecosystem
tomcat8	affected	Amazon	tomcat8	—

Upstream advisory

Advisories

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Need live exploit intelligence?