Low: kernel

Issue Overview: No CVE associated with this advisory Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.15 Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories...

Important: runc

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

Important: containerd

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

Medium: amazon-cloudwatch-agent

Issue Overview: The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result i...

Important: amazon-ecr-credential-helper

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

Medium: ghostscript

Issue Overview: gslibctxstashsanitizedarg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the case. A created PDF document includes its password in cleartext. CVE-2025-48708 Affected Packages: ghostscript Note: This advisory is applicable to Amazon Linux 2...

Important: python2-setuptools

Issue Overview: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the...

Important: perl-File-Find-Rule

Issue Overview: File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when grep encounters a crafted filename. A file handle is opened with the 2 argument form of open allowing an attacker controlled filename to provide the MODE parameter to open, turning the filename...

Important: amazon-ssm-agent

Issue Overview: SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted. CVE-2025-22869 Affected Packages:...

Medium: python3-tornado

Issue Overview: Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume ...

Medium: perl-FCGI

Issue Overview: FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 aka fcgi library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow and resultant heap-based buffer overflow via crafted nameLen or valueLen values in...

Medium: docker

Issue Overview: containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container...

Important: kernel-livepatch-4.14.355-277.643

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: nilfs2: protect access to buffers with no active references CVE-2025-21811 Affected Packages: kernel-livepatch-4.14.355-277.643 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Important: kernel-livepatch-4.14.355-277.647

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: nilfs2: protect access to buffers with no active references CVE-2025-21811 Affected Packages: kernel-livepatch-4.14.355-277.647 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Important: kernel-livepatch-4.14.355-275.603

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: nilfs2: protect access to buffers with no active references CVE-2025-21811 Affected Packages: kernel-livepatch-4.14.355-275.603 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Medium: ecs-init

Issue Overview: containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container...

Medium: ecs-init

Issue Overview: The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result i...

Important: containerd

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

Important: ppp

Issue Overview: The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges. CVE-2024-58250 Affected Packages: ppp Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue...

Low: kernel

Issue Overview: No CVE associated with this advisory Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.10 Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories...