Amazon Linux AMI 2011.09 - ALAS-2011-1: medium priority package update for httpd

ALAS-2011-1 Amazon Linux AMI 2011.09 - ALAS-2011-1: medium priority package update for httpd medium Package updates are available for Amazon Linux AMI that fix the following vulnerabilities: CVE-2011-3192: A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086. Amazon Linux AMI Packages/httpd-devel-2.2.21-1.18.amzn1.i686.rpm Packages/httpd-debuginfo-2.2.21-1.18.amzn1.i686.rpm Packages/httpd-2.2.21-1.18.amzn1.i686.rpm Packages/httpd-tools-2.2.21-1.18.amzn1.i686.rpm Packages/mod_ssl-2.2.21-1.18.amzn1.i686.rpm Packages/mod_ssl-2.2.21-1.18.amzn1.x86_64.rpm Packages/httpd-tools-2.2.21-1.18.amzn1.x86_64.rpm Packages/httpd-2.2.21-1.18.amzn1.x86_64.rpm Packages/httpd-devel-2.2.21-1.18.amzn1.x86_64.rpm Packages/httpd-debuginfo-2.2.21-1.18.amzn1.x86_64.rpm Packages/httpd-manual-2.2.21-1.18.amzn1.noarch.rpm ALAS-2011-2 Amazon Linux - ALAS-2011-2: important priority package update for cyrus-imapd important Package updates are available for Amazon Linux that fix the following vulnerabilities: CVE-2011-3208: Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command. A buffer overflow flaw was found in the cyrus-imapd NNTP server, nntpd. A remote user able to use the nntpd service could use this flaw to crash the nntpd child process or, possibly, execute arbitrary code with the privileges of the cyrus user. Amazon Linux Packages/cyrus-imapd-debuginfo-2.3.16-6.4.amzn1.i686.rpm Packages/cyrus-imapd-utils-2.3.16-6.4.amzn1.i686.rpm Packages/cyrus-imapd-devel-2.3.16-6.4.amzn1.i686.rpm Packages/cyrus-imapd-2.3.16-6.4.amzn1.i686.rpm Packages/cyrus-imapd-debuginfo-2.3.16-6.4.amzn1.x86_64.rpm Packages/cyrus-imapd-devel-2.3.16-6.4.amzn1.x86_64.rpm Packages/cyrus-imapd-2.3.16-6.4.amzn1.x86_64.rpm Packages/cyrus-imapd-utils-2.3.16-6.4.amzn1.x86_64.rpm