clair/ext/vulnsrc/amzn/testdata/amazon_linux_1_updateinfo.xml

<?xml version="1.0" ?>
<updates>
    <update author="linux-security@amazon.com" from="linux-security@amazon.com" status="final" type="security" version="1.4">
        <id>ALAS-2011-1</id>
        <title>Amazon Linux AMI 2011.09 - ALAS-2011-1: medium priority package update for httpd</title>
        <issued date="2011-09-27 22:46" />
        <updated date="2014-09-14 14:25" />
        <severity>medium</severity>
        <description>
            Package updates are available for Amazon Linux AMI that fix the following vulnerabilities:
            CVE-2011-3192:
            A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header.
            The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
        </description>
        <references>
            <reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192" id="CVE-2011-3192" title="" type="cve" />
            <reference href="https://rhn.redhat.com/errata/RHSA-2011:1245.html" id="RHSA-2011:1245" title="" type="redhat" />
        </references>
        <pkglist>
            <collection short="amazon-linux-ami">
                <name>Amazon Linux AMI</name>
                <package arch="i686" epoch="0" name="httpd-devel" release="1.18.amzn1" version="2.2.21">
                    <filename>Packages/httpd-devel-2.2.21-1.18.amzn1.i686.rpm</filename>
                </package>
                <package arch="i686" epoch="0" name="httpd-debuginfo" release="1.18.amzn1" version="2.2.21">
                    <filename>Packages/httpd-debuginfo-2.2.21-1.18.amzn1.i686.rpm</filename>
                </package>
                <package arch="i686" epoch="0" name="httpd" release="1.18.amzn1" version="2.2.21">
                    <filename>Packages/httpd-2.2.21-1.18.amzn1.i686.rpm</filename>
                </package>
                <package arch="i686" epoch="0" name="httpd-tools" release="1.18.amzn1" version="2.2.21">
                    <filename>Packages/httpd-tools-2.2.21-1.18.amzn1.i686.rpm</filename>
                </package>
                <package arch="i686" epoch="1" name="mod_ssl" release="1.18.amzn1" version="2.2.21">
                    <filename>Packages/mod_ssl-2.2.21-1.18.amzn1.i686.rpm</filename>
                </package>
                <package arch="x86_64" epoch="1" name="mod_ssl" release="1.18.amzn1" version="2.2.21">
                    <filename>Packages/mod_ssl-2.2.21-1.18.amzn1.x86_64.rpm</filename>
                </package>
                <package arch="x86_64" epoch="0" name="httpd-tools" release="1.18.amzn1" version="2.2.21">
                    <filename>Packages/httpd-tools-2.2.21-1.18.amzn1.x86_64.rpm</filename>
                </package>
                <package arch="x86_64" epoch="0" name="httpd" release="1.18.amzn1" version="2.2.21">
                    <filename>Packages/httpd-2.2.21-1.18.amzn1.x86_64.rpm</filename>
                </package>
                <package arch="x86_64" epoch="0" name="httpd-devel" release="1.18.amzn1" version="2.2.21">
                    <filename>Packages/httpd-devel-2.2.21-1.18.amzn1.x86_64.rpm</filename>
                </package>
                <package arch="x86_64" epoch="0" name="httpd-debuginfo" release="1.18.amzn1" version="2.2.21">
                    <filename>Packages/httpd-debuginfo-2.2.21-1.18.amzn1.x86_64.rpm</filename>
                </package>
                <package arch="noarch" epoch="0" name="httpd-manual" release="1.18.amzn1" version="2.2.21">
                    <filename>Packages/httpd-manual-2.2.21-1.18.amzn1.noarch.rpm</filename>
                </package>
            </collection>
        </pkglist>
    </update>
    <update author="linux-security@amazon.com" from="linux-security@amazon.com" status="final" type="security" version="1.4">
        <id>ALAS-2011-2</id>
        <title>Amazon Linux  - ALAS-2011-2: important priority package update for cyrus-imapd</title>
        <issued date="2011-10-10 22:29" />
        <updated date="2014-09-14 14:25" />
        <severity>important</severity>
        <description>
            Package updates are available for Amazon Linux that fix the following vulnerabilities:
            CVE-2011-3208:
            Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command.
            A buffer overflow flaw was found in the cyrus-imapd NNTP server, nntpd. A remote user able to use the nntpd service could use this flaw to crash the nntpd child process or, possibly, execute arbitrary code with the privileges of the cyrus user.
        </description>
        <references>
            <reference href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3208" id="CVE-2011-3208" title="" type="cve" />
            <reference href="https://rhn.redhat.com/errata/RHSA-2011:1317.html" id="RHSA-2011:1317" title="" type="redhat" />
        </references>
        <pkglist>
            <collection short="amazon-linux">
                <name>Amazon Linux</name>
                <package arch="i686" epoch="0" name="cyrus-imapd-debuginfo" release="6.4.amzn1" version="2.3.16">
                    <filename>Packages/cyrus-imapd-debuginfo-2.3.16-6.4.amzn1.i686.rpm</filename>
                </package>
                <package arch="i686" epoch="0" name="cyrus-imapd-utils" release="6.4.amzn1" version="2.3.16">
                    <filename>Packages/cyrus-imapd-utils-2.3.16-6.4.amzn1.i686.rpm</filename>
                </package>
                <package arch="i686" epoch="0" name="cyrus-imapd-devel" release="6.4.amzn1" version="2.3.16">
                    <filename>Packages/cyrus-imapd-devel-2.3.16-6.4.amzn1.i686.rpm</filename>
                </package>
                <package arch="i686" epoch="0" name="cyrus-imapd" release="6.4.amzn1" version="2.3.16">
                    <filename>Packages/cyrus-imapd-2.3.16-6.4.amzn1.i686.rpm</filename>
                </package>
                <package arch="x86_64" epoch="0" name="cyrus-imapd-debuginfo" release="6.4.amzn1" version="2.3.16">
                    <filename>Packages/cyrus-imapd-debuginfo-2.3.16-6.4.amzn1.x86_64.rpm</filename>
                </package>
                <package arch="x86_64" epoch="0" name="cyrus-imapd-devel" release="6.4.amzn1" version="2.3.16">
                    <filename>Packages/cyrus-imapd-devel-2.3.16-6.4.amzn1.x86_64.rpm</filename>
                </package>
                <package arch="x86_64" epoch="0" name="cyrus-imapd" release="6.4.amzn1" version="2.3.16">
                    <filename>Packages/cyrus-imapd-2.3.16-6.4.amzn1.x86_64.rpm</filename>
                </package>
                <package arch="x86_64" epoch="0" name="cyrus-imapd-utils" release="6.4.amzn1" version="2.3.16">
                    <filename>Packages/cyrus-imapd-utils-2.3.16-6.4.amzn1.x86_64.rpm</filename>
                </package>
            </collection>
        </pkglist>
    </update>
</updates>