Amazon Linux 2023 : java-11-amazon-corretto, java-11-amazon-corretto-devel, java-11-amazon-corretto-headless (ALAS2023-2025-1243)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1243 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Ja...

Amazon Linux 2023 : squid (ALAS2023-2025-1238)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1238 advisory. Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. . This potentially allows a...

Amazon Linux 2 : kernel, --advisory ALAS2-2025-3053 (ALAS-2025-3053)

The version of kernel installed on the remote host is prior to 4.14.355-280.706. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3053 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: libsas: Fix use-after-free bug in...

Amazon Linux 2 : sssd, --advisory ALAS2-2025-3050 (ALAS-2025-3050)

The version of sssd installed on the remote host is prior to 1.16.5-11. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3050 advisory. A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default...

Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2025-044 (ALASFIREFOX-2025-044)

The version of firefox installed on the remote host is prior to 140.4.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2025-044 advisory. Use-after-free in MediaTrackGraphImpl::GetInstance This vulnerability affects Firefox 144, Firefox ESR 140.4,...

Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2025-1227)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1227 advisory. In the Linux kernel, the following vulnerability has been resolved: bridge: mcast: Fix use-after-free during router port configuration CVE-2025-38248 In the Linux kernel, the following...

Amazon Linux 2 : java-17-amazon-corretto, --advisory ALAS2-2025-3047 (ALAS-2025-3047)

The version of java-17-amazon-corretto installed on the remote host is prior to 17.0.17+10-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3047 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produc...

Amazon Linux 2023 : java-17-amazon-corretto, java-17-amazon-corretto-devel, java-17-amazon-corretto-headless (ALAS2023-2025-1242)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1242 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Ja...

Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2025-1237)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1237 advisory. The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2025-093 (ALASKERNEL-5.15-2025-093)

The version of kernel installed on the remote host is prior to 5.15.194-135.217. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2025-093 advisory. In the Linux kernel, the following vulnerability has been resolved: netdevsim: fix memory leak in...

Amazon Linux 2023 : libnetapi, libnetapi-devel, libsmbclient (ALAS2023-2025-1234)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1234 advisory. A flaw was found in Samba, in the vfsstreamsxattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content...

Amazon Linux 2 : thunderbird, --advisory ALAS2-2025-3052 (ALAS-2025-3052)

The version of thunderbird installed on the remote host is prior to 140.4.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3052 advisory. There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpximgalloc with a large value of the...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2025-112 (ALASKERNEL-5.4-2025-112)

The version of kernel installed on the remote host is prior to 5.4.258-171.360. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2025-112 advisory. An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error...

Amazon Linux 2 : glibc, --advisory ALAS2-2025-3040 (ALAS-2025-3040)

The version of glibc installed on the remote host is prior to 2.26-64. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3040 advisory. The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It...

Important: gi-docgen

Issue Overview: gi-docgen does not encode search terms before inserting them into HTML, allowing XSS via a crafted URL. Description obtained from: https://gitlab.gnome.org/GNOME/gi-docgen/-/issues/228 CVE-2025-11687 Affected Packages: gi-docgen Issue Correction: Run dnf update gi-docgen...

Important: kernel-livepatch-6.1.148-173.267

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: bamdma: Fix DT error handling for num-channels/ees CVE-2025-39923 Affected Packages: kernel-livepatch-6.1.148-173.267 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Important: kernel-livepatch-6.12.37-61.105

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: bamdma: Fix DT error handling for num-channels/ees CVE-2025-39923 Affected Packages: kernel-livepatch-6.12.37-61.105 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Important: kernel-livepatch-4.14.355-280.698

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Use rawsmpprocessorid instead of smpprocessorid CVE-2023-53530 Affected Packages: kernel-livepatch-4.14.355-280.698 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Important: kernel-livepatch-4.14.355-280.695

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Use rawsmpprocessorid instead of smpprocessorid CVE-2023-53530 Affected Packages: kernel-livepatch-4.14.355-280.695 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Important: qt5-qtsvg

Issue Overview: The module will parse a node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free. CVE-2025-10729 Affected Packages: qt5-qtsvg Note: This advisory is applicable to Amazon Linux 2 AL2 Core...