Skip to content

Instantly share code, notes, and snippets.

Created January 22, 2011 14:00
Show Gist options
  • Save jetztgradnet/791135 to your computer and use it in GitHub Desktop.
Save jetztgradnet/791135 to your computer and use it in GitHub Desktop.
Readme of Amazon Elastic Beanstalk AMI running Amazon Linux release 2010.11.1 (beta)
Changes in Amazon Linux AMI Beta2 (v 2010.11):
Security Updates:
* glibc package update
CVE-2010-3856: glibc: arbitrary DSO loading via LD_AUDIT in setuid/setgid programs
CVE-2010-3847: glibc: insecure handling of $ORIGIN in LD_AUDIT for setuid/setgid programs
* kernel package updates for
CVE-2010-3081: kernel: 64-bit Compatibility Mode Stack Pointer Underflow
CVE-2010-3301: kernel: IA32 System Call Entry Point Vulnerability
CVE-2010-3904: kernel: RDS sockets local privilege escalation
* java-1.6.0-openjdk package update
CVE-2009-3555: TLS: MITM attacks via session renegotiation
CVE-2010-3541: CVE-2010-3573 OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004)
CVE-2010-3548: OpenJDK DNS server IP address information leak (6957564)
CVE-2010-3549: OpenJDK HttpURLConnection request splitting (6952017)
CVE-2010-3551: OpenJDK local network address disclosure (6952603)
CVE-2010-3553: OpenJDK Swing unsafe reflection usage (6622002)
CVE-2010-3554: CVE-2010-3561 OpenJDK corba reflection vulnerabilities (6891766,6925672)
CVE-2010-3557: OpenJDK Swing mutable static (6938813)
CVE-2010-3562: OpenJDK IndexColorModel double-free (6925710)
CVE-2010-3564: OpenJDK kerberos vulnerability (6958060)
CVE-2010-3565: OpenJDK JPEG writeImage remote code execution (6963023)
CVE-2010-3567: OpenJDK ICU Opentype layout engine crash (6963285)
CVE-2010-3568: OpenJDK Deserialization Race condition (6559775)
CVE-2010-3569: OpenJDK Serialization inconsistencies (6966692)
CVE-2010-3574: OpenJDK HttpURLConnection incomplete TRACE permission check (6981426)
* openssl package update
CVE-2010-3864 OpenSSL TLS extension parsing race condition
Image Updates:
* Security updates will be downloaded and installed on instance launch (can be disabled via userdata, see user guide for more details)
* Reduced Image size to 8G
* Changed version numbering scheme
* Updated kernel to allow 64G of memory on c1.xlarge instances
* Added /dev/sd* symlinks to point to /dev/xvd* devices for backward compatibility
* Mount ephemeral0 (when requested) on /media/ephemeral0 by default
Updated Packages:
* amanda updated to version 2.6.1p2-5.5
* aws-apitools-iam updated to version 1.1.0
* bash updated to version 4.1.2-2.6
* classpathx-mail updated to version 1.1.2-9.4.5
* cloud-init updated to version 0.5.14-21
* coreutils updated to version 8.4-7.9
* findutils updated to version 4.4.2-5.7
* gcc44 updated to version 4.4.4-5.18
* ImageMagick updated to version
* initscripts updated to version 8.45.30-2.12
* log4j updated to version 1.2.16-6.4.4
* mkinitrd updated to version
* php updated to version 5.3.3-1.6
* python26 updated to version 2.6.6-1.15
* readline updated to version 5.1-3.11
* rsync updated to version 3.0.6-4.8
* ruby updated to version 1.8.7
* tar updated to version 1.23
* tomcat6 updated to version 6.0.29
* util-linux-ng updated to version 2.17.2
New packages provided:
* cacti: An rrd based graphing tool
* dkim-milter: DomainKeys Identified Mail sender authentication sendmail milter
* fping: Scriptable, parallelized ping-like utility
* freetds: Implementation of the TDS (Tabular DataStream) protocol
* libdmx: X.Org X11 DMX runtime library
* libmcrypt: Encryption algorithms library
* lighttpd: fast webserver with light system requirements
* memcached: High Performance, Distributed Memory Object Cache
* mod_security: Security module for the Apache HTTP Server
* monit: Manages and monitors processes, files, directories and devices
* munin: Network-wide graphing framework (grapher/gatherer)
* nagios: Nagios monitors hosts and services and yells if somethings breaks
* nagios-plugins: Host/service/network monitoring program plugins for Nagios
* nginx: Robust, small and high performance HTTP and reverse proxy server
* nrpe: Host/service/network monitoring agent for Nagios
* perl-Archive-Any: Single interface to deal with file archives
* perl-Array-Diff: Diff two arrays
* perl-Class-C3: Pragma to use the C3 method resolution order algorithm
* perl-Class-C3-XS: XS speedups for Class::C3
* perl-CPAN-DistnameInfo: Extract distribution name and version from a distribution filename
* perl-Data-Section: Read multiple hunks of data out of your DATA section
* perl-DBD-CSV: DBI driver for CSV files
* perl-DBD-XBase: Perl module for reading and writing the dbf files
* perl-File-MMagic: A Perl module emulating the file(1) command
* perl-HTML-Lint: HTML::Lint Perl module
* perl-HTML-Template: Perl module to use HTML Templates
* perl-IO-Capture: Abstract Base Class to build modules to capture output
* perl-IO-Multiplex: IO-Multiplex module for perl
* perl-IPC-SharedCache: Perl module to manage a cache in SysV IPC shared memory
* perl-IPC-ShareLite: Lightweight interface to shared memory
* perl-Log-Dispatch: Dispatches messages to one or more outputs
* perl-Log-Dispatch-FileRotate: Log to files that archive/rotate themselves
* perl-Log-Log4perl: Log4j implementation for Perl
* perl-Mail-Sender: Module for sending mails with attachments through an SMTP server
* perl-Mail-Sendmail: Simple platform independent mailer for Perl
* perl-Module-CPANTS-Analyse: Generate Kwalitee ratings for a distribution
* perl-Module-ExtractUse: Find out what modules are used
* perl-MRO-Compat: Mro::* interface compatibility for Perls < 5.9.5
* perl-Net-Server: Extensible, general Perl server engine
* perl-Net-SNMP: Object oriented interface to SNMP
* perl-Parse-RecDescent: Parse-RecDescent Perl module
* perl-Perl-Critic: Critique Perl source code for best-practices
* perl-Pod-Strip: Remove POD from Perl code
* perl-RRD-Simple: Simple interface to create and store data in RRD files
* perl-Software-License: Package that provides templated software licenses
* perl-SQL-Statement: SQL parsing and processing engine
* perl-Sub-Name: Name -- or rename -- a sub
* perl-Test-Kwalitee: Test the Kwalitee of a distribution before you release it
* perl-Test-Perl-Critic: Use Perl::Critic in test programs
* perl-Test-YAML-Meta: Validation of the META.yml file in a distribution
* perl-Test-YAML-Valid: Lets you test the validity of YAML files in unit tests
* perl-Text-CSV_XS: Comma-separated values manipulation routines
* perl-Text-Template: Expand template text with embedded Perl
* perl-UNIVERSAL-require: Require() modules from a variable
* perl-YAML-LibYAML: YAML::LibYAML Perl module
* python-epdb : an extended Python debugger
* radiusclient-ng: RADIUS protocol client library
* rrdtool: Round Robin Database Tool to store and display time-series data
* rsyslog: Enhanced system logging and kernel message trapping daemons
* rubygems: The Ruby standard for packaging ruby libraries
* t1lib: PostScript Type 1 font rasterizer
* tomcat-native: Tomcat native library
* xorg-x11-apps: X.Org X11 applications
* xorg-x11-utils: X.Org X11 X client utilities
* xorg-x11-xbitmaps: X.Org X11 application bitmaps
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment