Amazon Linux 2 : amazon-ssm-agent, --advisory ALAS2-2025-3010 (ALAS-2025-3010)

The version of amazon-ssm-agent installed on the remote host is prior to 3.3.3050.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3010 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line...

Amazon Linux 2 : GraphicsMagick, --advisory ALAS2GRAPHICSMAGICK1.3-2025-004 (ALASGRAPHICSMAGICK1.3-2025-004)

The version of GraphicsMagick installed on the remote host is prior to 1.3.45-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2GRAPHICSMAGICK1.3-2025-004 advisory. ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits...

Amazon Linux 2 : LibRaw, --advisory ALAS2-2025-3016 (ALAS-2025-3016)

The version of LibRaw installed on the remote host is prior to 0.19.4-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3016 advisory. There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitra...

Medium: openjpeg2

Issue Overview: openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c. CVE-2025-50952 Affected Packages: openjpeg2 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core a...

Medium: LibRaw

Issue Overview: There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system. CVE-2021-3624 Affected Packages: LibRaw Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix the behavior of READ near OFFSETMAX CVE-2022-48827 In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix iasize underflow CVE-2022-48828 In the Linux kernel, the following...

Important: amazon-ssm-agent

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

Important: microcode_ctl

Issue Overview: Improper buffer restrictions for some IntelR XeonR Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2025-20053 Missing reference to active allocated resource for some IntelR XeonR processors may all...

Medium: gstreamer1-plugins-base

Issue Overview: In GStreamer through 1.26.1, the subparse plugin's parsesubriptime function may write data past the bounds of a stack buffer, leading to a crash. CVE-2025-47806 In GStreamer through 1.26.1, the subparse plugin's subripunescapeformatting function may dereference a NULL pointer whil...

Amazon Linux 2 : giflib, --advisory ALAS2-2025-2998 (ALAS-2025-2998)

The version of giflib installed on the remote host is prior to 4.1.6-9. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2998 advisory. A memory leak out-of-memory in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception ...

Amazon Linux 2 : ImageMagick, --advisory ALAS2-2025-3000 (ALAS-2025-3000)

The version of ImageMagick installed on the remote host is prior to 6.9.10.97-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3000 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version...

Amazon Linux 2 : gstreamer1-plugins-good, --advisory ALAS2-2025-3003 (ALAS-2025-3003)

The version of gstreamer1-plugins-good installed on the remote host is prior to 1.18.4-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3003 advisory. GStreamer is a library for constructing graphs of media-handling components. The function qtdemuxparsesbg...

Important: kernel-livepatch-5.10.238-234.956

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ACPICA: Refuse to evaluate a method if arguments are missing CVE-2025-38386 Affected Packages: kernel-livepatch-5.10.238-234.956 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Important: kernel-livepatch-5.10.239-236.958

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ACPICA: Refuse to evaluate a method if arguments are missing CVE-2025-38386 Affected Packages: kernel-livepatch-5.10.239-236.958 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Important: microcode_ctl

Issue Overview: A potential security vulnerability in some Intelr Processors may allow information disclosure. Intel is releasing microcode updates and prescriptive guidance to mitigate this potential vulnerability. Info:...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2025-109 (ALASKERNEL-5.4-2025-109)

The version of kernel installed on the remote host is prior to 5.4.298-218.429. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2025-109 advisory. In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: idle: Check...

Amazon Linux 2 : kernel, --advisory ALAS2-2025-3001 (ALAS-2025-3001)

The version of kernel installed on the remote host is prior to 4.14.355-280.684. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3001 advisory. In the Linux kernel, the following vulnerability has been resolved: mm/khugepaged: fix -anonvma race CVE-2023-5293...

Amazon Linux 2 : redis, --advisory ALAS2REDIS6-2025-014 (ALASREDIS6-2025-014)

The version of redis installed on the remote host is prior to 6.2.14-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2REDIS6-2025-014 advisory. TOCTOU in linenoiseHistorySave in linenoise allows local attackers to overwrite arbitrary files and change permissions via a...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2025-089 (ALASKERNEL-5.15-2025-089)

The version of kernel installed on the remote host is prior to 5.15.191-132.213. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2025-089 advisory. In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: idle: Check...

Amazon Linux 2 : microcode_ctl, --advisory ALAS2-2025-2993 (ALAS-2025-2993)

The version of microcodectl installed on the remote host is prior to 2.1-47. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2993 advisory. Improper buffer restrictions for some IntelR XeonR Processor firmware with SGX enabled may allow a privileged user to...