Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2025-110 (ALASKERNEL-5.10-2025-110)

The version of kernel installed on the remote host is prior to 5.10.245-241.978. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.10-2025-110 advisory. In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix invalid derefence of sblvbptr...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2025-114 (ALASKERNEL-5.4-2025-114)

The version of kernel installed on the remote host is prior to 5.4.301-221.445. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2025-114 advisory. In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix invalid derefence of...

Low: lz4

Issue Overview: No CVE associated with this advisory Affected Packages: lz4 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update lz4 or yum update --advisory...

Low: curl

Issue Overview: Out of bounds read for cookie path NOTE: https://curl.se/docs/CVE-2025-9086.html NOTE: Introduced with: https://github.com/curl/curl/commit/f24dc09d209a2f91ca38d854f0c15ad93f3d7e2d curl-7310 NOTE: Fixed by: https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb62b45dd377113...

Amazon Linux 2 : runc, --advisory ALAS2NITRO-ENCLAVES-2025-072 (ALASNITRO-ENCLAVES-2025-072)

The version of runc installed on the remote host is prior to 1.3.2-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2025-072 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

Amazon Linux 2 : runc, --advisory ALAS2DOCKER-2025-078 (ALASDOCKER-2025-078)

The version of runc installed on the remote host is prior to 1.3.2-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2025-078 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

Low: unbound

Issue Overview: No CVE associated with this advisory Affected Packages: unbound Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update unbound or yum update...

Important: bind

Issue Overview: Querying for records within a specially crafted zone containing certain malformed DNSKEY records can lead to CPU exhaustion. This issue affects BIND 9 versions 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1...

Amazon Linux 2 : unbound, --advisory ALAS2-2025-3055 (ALAS-2025-3055)

The version of unbound installed on the remote host is prior to 1.7.3-15. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3055 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

Important: webkitgtk4

Issue Overview: The issue was addressed with improved memory handling. This issue is fixed in Safari 26, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to an unexpected Safari crash. CVE-2025-43272 A correctness issue was address...

Amazon Linux 2 : bind, --advisory ALAS2-2025-3054 (ALAS-2025-3054)

The version of bind installed on the remote host is prior to 9.11.4-26.P2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3054 advisory. Querying for records within a specially crafted zone containing certain malformed DNSKEY records can lead to CPU exhaustion. This...

Low: runc

Issue Overview: No CVE associated with this advisory Affected Packages: runc Note: This advisory is applicable to Amazon Linux 2 - Ecs Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue...

Low: runc

Issue Overview: No CVE associated with this advisory Affected Packages: runc Note: This advisory is applicable to Amazon Linux 2 - Docker Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue...

Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2025-044 (ALASFIREFOX-2025-044)

The version of firefox installed on the remote host is prior to 140.4.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2025-044 advisory. Use-after-free in MediaTrackGraphImpl::GetInstance This vulnerability affects Firefox 144, Firefox ESR 140.4,...

Amazon Linux 2 : thunderbird, --advisory ALAS2-2025-3052 (ALAS-2025-3052)

The version of thunderbird installed on the remote host is prior to 140.4.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3052 advisory. There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpximgalloc with a large value of the...

Amazon Linux 2 : squid, --advisory ALAS2-2025-3045 (ALAS-2025-3045)

The version of squid installed on the remote host is prior to 3.5.20-17. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3045 advisory. Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error...

Amazon Linux 2 : qemu, --advisory ALAS2-2025-3044 (ALAS-2025-3044)

The version of qemu installed on the remote host is prior to 3.1.0-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3044 advisory. A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked...

Amazon Linux 2 : docker, --advisory ALAS2ECS-2025-076 (ALASECS-2025-076)

The version of docker installed on the remote host is prior to 25.0.13-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-076 advisory. Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container...

Amazon Linux 2 : python3, --advisory ALAS2-2025-3041 (ALAS-2025-3041)

The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3041 advisory. The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not...

Amazon Linux 2 : kernel, --advisory ALAS2-2025-3053 (ALAS-2025-3053)

The version of kernel installed on the remote host is prior to 4.14.355-280.706. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3053 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: libsas: Fix use-after-free bug in...