Amazon Linux 2 : tigervnc, --advisory ALAS2-2025-3065 (ALAS-2025-3065)

The version of tigervnc installed on the remote host is prior to 1.8.0-24. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3065 advisory. A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error...

Amazon Linux 2 : containerd, --advisory ALAS2NITRO-ENCLAVES-2025-074 (ALASNITRO-ENCLAVES-2025-074)

The version of containerd installed on the remote host is prior to 2.1.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2025-074 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other tha...

Amazon Linux 2 : docker, --advisory ALAS2DOCKER-2025-084 (ALASDOCKER-2025-084)

The version of docker installed on the remote host is prior to 25.0.13-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2025-084 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6...

Amazon Linux 2023 : amazon-ecr-credential-helper (ALAS2023-2025-1271)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1271 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL...

Amazon Linux 2 : kernel, --advisory ALAS2-2025-3075 (ALAS-2025-3075)

The version of kernel installed on the remote host is prior to 4.14.355-280.708. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3075 advisory. In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix invalid derefence of sblvbptr...

Medium: libssh

Issue Overview: NULL Pointer Dereference vulnerability in the session ID calculation logic of the libssh library. The flaw arises from improper handling of allocation errors during cryptographic operations in the key exchange KEX phase. If a memory allocation fails, the resulting NULL pointer may...

Important: kernel-livepatch-6.12.48-67.114

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: tcp: Clear tcpsksk-fastopenrsk in tcpdisconnect. CVE-2025-39955 Affected Packages: kernel-livepatch-6.12.48-67.114 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Important: gimp

Issue Overview: GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a...

Medium: fontforge

Issue Overview: FontForge v20230101 was discovered to contain a memory leak via the component DlgCreate8. CVE-2025-50949 Affected Packages: fontforge Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix invalid derefence of sblvbptr CVE-2022-50516 In the Linux kernel, the following vulnerability has been resolved: ext4: fix possible double unlock when moving a directory CVE-2023-53626 Affected...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix invalid derefence of sblvbptr CVE-2022-50516 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.10 Extra. Visit this page to learn more about Amazon Linux 2 AL2...

Important: amazon-efs-utils

Issue Overview: regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those tunable mitigations already provide sane...

Important: kernel-livepatch-6.1.153-175.280

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: tcp: Clear tcpsksk-fastopenrsk in tcpdisconnect. CVE-2025-39955 Affected Packages: kernel-livepatch-6.1.153-175.280 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Medium: python-ldap

Issue Overview: python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, ldap.dn.escapednchars escapes \x00 incorrectly by emitting a backslash followed by a literal NUL byte instead of the RFC-4514 hex form \00. Any application that uses this...

Important: xmlunit

Issue Overview: XMLUnit for Java before 2.10.0, in the default configuration, might allow code execution via an untrusted stylesheet used for an XSLT transformation, because XSLT extension functions are enabled. CVE-2024-31573 Affected Packages: xmlunit Issue Correction: Run dnf update xmlunit...

Medium: tomcat

Issue Overview: Improper Resource Shutdown or Release vulnerability in Apache Tomcat. If an error occurred including exceeding limits during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage...

Important: webkitgtk4

Issue Overview: The issue was addressed with improved memory handling. This issue is fixed in Safari 26, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to an unexpected Safari crash. CVE-2025-43272 A correctness issue was address...

Important: amazon-ecr-credential-helper

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

Important: amazon-ecr-credential-helper

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

Important: runfinch-finch

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...