AWS Security Advisories — July 2020 — AWS Security Advisories

ALAS-2020-1402

ALAS · AL1Medium2020-07-29

ALAS-2020-1402: mysql56 (medium)

CVEs:CVE-2020-2763 CVE-2020-2780 CVE-2020-2804 CVE-2020-2812 CVE-2020-2814

Affected products

Product	Status	Vendor	Package	Ecosystem
mysql56	affected	Amazon	mysql56	—

Upstream advisory

ALAS-2020-1403

ALAS · AL1Medium2020-07-29

ALAS-2020-1403: mysql57 (medium)

CVEs:CVE-2020-2760 CVE-2020-2763 CVE-2020-2765 CVE-2020-2780 CVE-2020-2804 CVE-2020-2812 CVE-2020-2814

Affected products

Product	Status	Vendor	Package	Ecosystem
mysql57	affected	Amazon	mysql57	—

Upstream advisory

ALAS-2020-1404

ALAS · AL1Important2020-07-29

ALAS-2020-1404: nghttp2 (important)

CVEs:CVE-2020-11080

Affected products

Product	Status	Vendor	Package	Ecosystem
nghttp2	affected	Amazon	nghttp2	—

Upstream advisory

ALAS-2020-1406

ALAS · AL1Medium2020-07-29

ALAS-2020-1406: python26 (medium)

CVEs:CVE-2020-8492

Affected products

Product	Status	Vendor	Package	Ecosystem
python26	affected	Amazon	python26	—

Upstream advisory

ALAS-2020-1407

ALAS · AL1Medium2020-07-29

ALAS-2020-1407: python27, python34, python35, python36 (medium)

CVEs:CVE-2019-18348 CVE-2020-8492

Affected products

Product	Status	Vendor	Package	Ecosystem
python27, python34, python35, python36	affected	Amazon	python27, python34, python35, python36	—

Upstream advisory

ALAS-2020-1408

ALAS · AL1Important2020-07-29

ALAS-2020-1408: qemu-kvm (important)

CVEs:CVE-2019-9824 CVE-2020-7039 CVE-2020-8608

Affected products

Product	Status	Vendor	Package	Ecosystem
qemu-kvm	affected	Amazon	qemu-kvm	—

Upstream advisory

ALAS-2020-1409

ALAS · AL1Important2020-07-29

ALAS-2020-1409: tomcat8 (important)

CVEs:CVE-2020-13934 CVE-2020-13935

Affected products

Product	Status	Vendor	Package	Ecosystem
tomcat8	affected	Amazon	tomcat8	—

Upstream advisory

ALAS-2020-1410

ALAS · AL1Medium2020-07-29

ALAS-2020-1410: openvpn (medium)

CVEs:CVE-2020-11810

Affected products

Product	Status	Vendor	Package	Ecosystem
openvpn	affected	Amazon	openvpn	—

Upstream advisory

ALAS-2020-1411

ALAS · AL1Medium2020-07-29

ALAS-2020-1411: curl (medium)

CVEs:CVE-2020-8177

Affected products

Product	Status	Vendor	Package	Ecosystem
curl	affected	Amazon	curl	—

Upstream advisory

ALAS-2020-1412

ALAS · AL1Low2020-07-29

ALAS-2020-1412: doxygen (low)

CVEs:CVE-2016-10245

Affected products

Product	Status	Vendor	Package	Ecosystem
doxygen	affected	Amazon	doxygen	—

Upstream advisory

ALAS-2020-1413

ALAS · AL1Important2020-07-29

ALAS-2020-1413: git (important)

CVEs:CVE-2020-11008 CVE-2020-5260

Affected products

Product	Status	Vendor	Package	Ecosystem
git	affected	Amazon	git	—

Upstream advisory

ALAS-2020-1392

ALAS · AL1Medium2020-07-16

ALAS-2020-1392: cairo (medium)

CVEs:CVE-2016-3190

Affected products

Product	Status	Vendor	Package	Ecosystem
cairo	affected	Amazon	cairo	—

Upstream advisory

ALAS-2020-1393

ALAS · AL1Medium2020-07-16

ALAS-2020-1393: libexif (medium)

CVEs:CVE-2020-13112

Affected products

Product	Status	Vendor	Package	Ecosystem
libexif	affected	Amazon	libexif	—

Upstream advisory

ALAS-2020-1394

ALAS · AL1Medium2020-07-16

ALAS-2020-1394: librabbitmq (medium)

CVEs:CVE-2019-18609

Affected products

Product	Status	Vendor	Package	Ecosystem
librabbitmq	affected	Amazon	librabbitmq	—

Upstream advisory

ALAS-2020-1395

ALAS · AL1Medium2020-07-16

ALAS-2020-1395: mailman (medium)

CVEs:CVE-2018-0618 CVE-2018-13796

Affected products

Product	Status	Vendor	Package	Ecosystem
mailman	affected	Amazon	mailman	—

Upstream advisory

ALAS-2020-1396

ALAS · AL1Medium2020-07-16

ALAS-2020-1396: microcode_ctl (medium)

CVEs:CVE-2020-0543 CVE-2020-0548 CVE-2020-0549

Affected products

Product	Status	Vendor	Package	Ecosystem
microcode_ctl	affected	Amazon	microcode_ctl	—

Upstream advisory

ALAS-2020-1397

ALAS · AL1Medium2020-07-16

ALAS-2020-1397: php72, php73 (medium)

CVEs:CVE-2019-11048

Affected products

Product	Status	Vendor	Package	Ecosystem
php72, php73	affected	Amazon	php72, php73	—

Upstream advisory

ALAS-2020-1398

ALAS · AL1Medium2020-07-16

ALAS-2020-1398: poppler (medium)

CVEs:CVE-2018-21009 CVE-2019-10871 CVE-2019-11459 CVE-2019-12293 CVE-2019-9959

Affected products

Product	Status	Vendor	Package	Ecosystem
poppler	affected	Amazon	poppler	—

Upstream advisory

ALAS-2020-1399

ALAS · AL1Medium2020-07-16

ALAS-2020-1399: transmission (medium)

CVEs:CVE-2018-10756

Affected products

Product	Status	Vendor	Package	Ecosystem
transmission	affected	Amazon	transmission	—

Upstream advisory

ALAS-2020-1400

ALAS · AL1Important2020-07-16

ALAS-2020-1400: qemu-kvm (important)

CVEs:CVE-2019-9824 CVE-2020-7039 CVE-2020-8608

Affected products

Product	Status	Vendor	Package	Ecosystem
qemu-kvm	affected	Amazon	qemu-kvm	—

Upstream advisory

ALAS-2020-1401

ALAS · AL1Important2020-07-16

ALAS-2020-1401: kernel (important)

CVEs:CVE-2018-20669 CVE-2019-19462 CVE-2020-0543 CVE-2020-10732 CVE-2020-10757 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-12771

Affected products

Product	Status	Vendor	Package	Ecosystem
kernel	affected	Amazon	kernel	—

Upstream advisory

AWS-2020-002v2

AWS Bulletin2020-07-10

Container Networking Security Issue (CVE-2020-8558)

CVEs:CVE-2020-8558

Upstream advisory

Advisories

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Need live exploit intelligence?