9394 matches found
Low: lz4
Issue Overview: No CVE associated with this advisory Affected Packages: lz4 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update lz4 or yum update --advisory...
Low: lz4
Issue Overview: No CVE associated with this advisory Affected Packages: lz4 Issue Correction: Run dnf update lz4 --releasever 2023.9.20251110 or dnf update --advisory ALAS2023-2025-1266 --releasever 2023.9.20251110 to update your system. More information on how to update your system can be found ...
Important: webkitgtk4
Issue Overview: The issue was addressed with improved memory handling. This issue is fixed in Safari 26, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to an unexpected Safari crash. CVE-2025-43272 A correctness issue was address...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix invalid derefence of sblvbptr CVE-2022-50516 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.10 Extra. Visit this page to learn more about Amazon Linux 2 AL2...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix invalid derefence of sblvbptr CVE-2022-50516 In the Linux kernel, the following vulnerability has been resolved: ext4: fix possible double unlock when moving a directory CVE-2023-53626 Affected...
Medium: tomcat
Issue Overview: Improper Resource Shutdown or Release vulnerability in Apache Tomcat. If an error occurred including exceeding limits during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage...
Important: runfinch-finch
Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...
Important: amazon-ecr-credential-helper
Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...
Important: amazon-ecr-credential-helper
Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...
Important: kernel-livepatch-6.12.48-67.114
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: tcp: Clear tcpsksk-fastopenrsk in tcpdisconnect. CVE-2025-39955 Affected Packages: kernel-livepatch-6.12.48-67.114 Issue Correction: Please ensure you have live patching enabled. Run dnf update...
Important: kernel-livepatch-6.1.153-175.280
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: tcp: Clear tcpsksk-fastopenrsk in tcpdisconnect. CVE-2025-39955 Affected Packages: kernel-livepatch-6.1.153-175.280 Issue Correction: Please ensure you have live patching enabled. Run dnf update...
Medium: fontforge
Issue Overview: FontForge v20230101 was discovered to contain a memory leak via the component DlgCreate8. CVE-2025-50949 Affected Packages: fontforge Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras...
Amazon Linux 2 : gimp, --advisory ALAS2GIMP-2025-009 (ALASGIMP-2025-009)
The version of gimp installed on the remote host is prior to 2.8.22-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2GIMP-2025-009 advisory. GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers t...
Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2025-114 (ALASKERNEL-5.4-2025-114)
The version of kernel installed on the remote host is prior to 5.4.301-221.445. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2025-114 advisory. In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix invalid derefence of...
Amazon Linux 2023 : libnvsdm (ALAS2023NVIDIA-2025-249)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023NVIDIA-2025-249 advisory. NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to code execution, escalatio...
Amazon Linux 2023 : kmod-nvidia-latest-dkms (ALAS2023NVIDIA-2025-253)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023NVIDIA-2025-253 advisory. NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to code execution, escalatio...
Amazon Linux 2023 : kmod-nvidia-open-dkms (ALAS2023NVIDIA-2025-252)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023NVIDIA-2025-252 advisory. NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to code execution, escalatio...
Amazon Linux 2023 : nvidia-xconfig (ALAS2023NVIDIA-2025-241)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023NVIDIA-2025-241 advisory. NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to code execution, escalatio...
Amazon Linux 2023 : nvidia, nvidia-fabric-manager (ALAS2023NVIDIA-2025-248)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023NVIDIA-2025-248 advisory. NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to code execution, escalatio...
Amazon Linux 2023 : nvidia-modprobe (ALAS2023NVIDIA-2025-244)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023NVIDIA-2025-244 advisory. NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to code execution, escalatio...