arno/clair
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
0e5c4b6445
clair/ext/vulnsrc/amzn/testdata/amazon_linux_1_updateinfo.xml
Eric Sim 8fb9097dbd Add updaters for Amazon Linux 2018.03 and Amazon Linux 2 
We get vulnerabilities from ALAS (Amazon Linux Security Advisories) data, which can be found in updateinfo.xml from the repos.
2019-04-11 13:26:13 -07:00

104 lines
7.3 KiB
XML
Raw Blame History

<?xml version="1.0" ?>
<updates>
<update author="linux-security@amazon.com" from="linux-security@amazon.com" status="final" type="security" version="1.4">
<id>ALAS-2011-1</id>
<title>Amazon Linux AMI 2011.09 - ALAS-2011-1: medium priority package update for httpd</title>
<issued date="2011-09-27 22:46" />
<updated date="2014-09-14 14:25" />
<severity>medium</severity>
<description>
Package updates are available for Amazon Linux AMI that fix the following vulnerabilities:
CVE-2011-3192:
A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header.
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
</description>
<references>
<reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192" id="CVE-2011-3192" title="" type="cve" />
<reference href="https://rhn.redhat.com/errata/RHSA-2011:1245.html" id="RHSA-2011:1245" title="" type="redhat" />
</references>
<pkglist>
<collection short="amazon-linux-ami">
<name>Amazon Linux AMI</name>
<package arch="i686" epoch="0" name="httpd-devel" release="1.18.amzn1" version="2.2.21">
<filename>Packages/httpd-devel-2.2.21-1.18.amzn1.i686.rpm</filename>
</package>
<package arch="i686" epoch="0" name="httpd-debuginfo" release="1.18.amzn1" version="2.2.21">
<filename>Packages/httpd-debuginfo-2.2.21-1.18.amzn1.i686.rpm</filename>
</package>
<package arch="i686" epoch="0" name="httpd" release="1.18.amzn1" version="2.2.21">
<filename>Packages/httpd-2.2.21-1.18.amzn1.i686.rpm</filename>
</package>
<package arch="i686" epoch="0" name="httpd-tools" release="1.18.amzn1" version="2.2.21">
<filename>Packages/httpd-tools-2.2.21-1.18.amzn1.i686.rpm</filename>
</package>
<package arch="i686" epoch="1" name="mod_ssl" release="1.18.amzn1" version="2.2.21">
<filename>Packages/mod_ssl-2.2.21-1.18.amzn1.i686.rpm</filename>
</package>
<package arch="x86_64" epoch="1" name="mod_ssl" release="1.18.amzn1" version="2.2.21">
<filename>Packages/mod_ssl-2.2.21-1.18.amzn1.x86_64.rpm</filename>
</package>
<package arch="x86_64" epoch="0" name="httpd-tools" release="1.18.amzn1" version="2.2.21">
<filename>Packages/httpd-tools-2.2.21-1.18.amzn1.x86_64.rpm</filename>
</package>
<package arch="x86_64" epoch="0" name="httpd" release="1.18.amzn1" version="2.2.21">
<filename>Packages/httpd-2.2.21-1.18.amzn1.x86_64.rpm</filename>
</package>
<package arch="x86_64" epoch="0" name="httpd-devel" release="1.18.amzn1" version="2.2.21">
<filename>Packages/httpd-devel-2.2.21-1.18.amzn1.x86_64.rpm</filename>
</package>
<package arch="x86_64" epoch="0" name="httpd-debuginfo" release="1.18.amzn1" version="2.2.21">
<filename>Packages/httpd-debuginfo-2.2.21-1.18.amzn1.x86_64.rpm</filename>
</package>
<package arch="noarch" epoch="0" name="httpd-manual" release="1.18.amzn1" version="2.2.21">
<filename>Packages/httpd-manual-2.2.21-1.18.amzn1.noarch.rpm</filename>
</package>
</collection>
</pkglist>
</update>
<update author="linux-security@amazon.com" from="linux-security@amazon.com" status="final" type="security" version="1.4">
<id>ALAS-2011-2</id>
<title>Amazon Linux - ALAS-2011-2: important priority package update for cyrus-imapd</title>
<issued date="2011-10-10 22:29" />
<updated date="2014-09-14 14:25" />
<severity>important</severity>
<description>
Package updates are available for Amazon Linux that fix the following vulnerabilities:
CVE-2011-3208:
Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command.
A buffer overflow flaw was found in the cyrus-imapd NNTP server, nntpd. A remote user able to use the nntpd service could use this flaw to crash the nntpd child process or, possibly, execute arbitrary code with the privileges of the cyrus user.
</description>
<references>
<reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3208" id="CVE-2011-3208" title="" type="cve" />
<reference href="https://rhn.redhat.com/errata/RHSA-2011:1317.html" id="RHSA-2011:1317" title="" type="redhat" />
</references>
<pkglist>
<collection short="amazon-linux">
<name>Amazon Linux</name>
<package arch="i686" epoch="0" name="cyrus-imapd-debuginfo" release="6.4.amzn1" version="2.3.16">
<filename>Packages/cyrus-imapd-debuginfo-2.3.16-6.4.amzn1.i686.rpm</filename>
</package>
<package arch="i686" epoch="0" name="cyrus-imapd-utils" release="6.4.amzn1" version="2.3.16">
<filename>Packages/cyrus-imapd-utils-2.3.16-6.4.amzn1.i686.rpm</filename>
</package>
<package arch="i686" epoch="0" name="cyrus-imapd-devel" release="6.4.amzn1" version="2.3.16">
<filename>Packages/cyrus-imapd-devel-2.3.16-6.4.amzn1.i686.rpm</filename>
</package>
<package arch="i686" epoch="0" name="cyrus-imapd" release="6.4.amzn1" version="2.3.16">
<filename>Packages/cyrus-imapd-2.3.16-6.4.amzn1.i686.rpm</filename>
</package>
<package arch="x86_64" epoch="0" name="cyrus-imapd-debuginfo" release="6.4.amzn1" version="2.3.16">
<filename>Packages/cyrus-imapd-debuginfo-2.3.16-6.4.amzn1.x86_64.rpm</filename>
</package>
<package arch="x86_64" epoch="0" name="cyrus-imapd-devel" release="6.4.amzn1" version="2.3.16">
<filename>Packages/cyrus-imapd-devel-2.3.16-6.4.amzn1.x86_64.rpm</filename>
</package>
<package arch="x86_64" epoch="0" name="cyrus-imapd" release="6.4.amzn1" version="2.3.16">
<filename>Packages/cyrus-imapd-2.3.16-6.4.amzn1.x86_64.rpm</filename>
</package>
<package arch="x86_64" epoch="0" name="cyrus-imapd-utils" release="6.4.amzn1" version="2.3.16">
<filename>Packages/cyrus-imapd-utils-2.3.16-6.4.amzn1.x86_64.rpm</filename>
</package>
</collection>
</pkglist>
</update>
</updates>
Reference in New Issue View Git Blame Copy Permalink