Important: kernel-livepatch-6.12.40-63.107

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix backlog accounting in qdiscdequeueinternal CVE-2025-39677 Affected Packages: kernel-livepatch-6.12.40-63.107 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Important: kernel-livepatch-6.12.31-35.92

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix backlog accounting in qdiscdequeueinternal CVE-2025-39677 Affected Packages: kernel-livepatch-6.12.31-35.92 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Medium: openjpeg2

Issue Overview: openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c. CVE-2025-50952 Affected Packages: openjpeg2 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core a...

Important: kernel-livepatch-6.12.37-61.105

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix backlog accounting in qdiscdequeueinternal CVE-2025-39677 Affected Packages: kernel-livepatch-6.12.37-61.105 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Medium: perl-Cpanel-JSON-XS

Issue Overview: Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact CVE-2025-40929 Affected Packages: perl-Cpanel-JSON-XS Issue Correction: Run dnf update...

Medium: loupe

Issue Overview: tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be...

Important: expat

Issue Overview: libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing. CVE-2025-59375 Affected Packages: expat Issue Correction: Run dnf update expat --releasever 2023.9.20250929 or dnf update --advisory...

Medium: LibRaw

Issue Overview: There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system. CVE-2021-3624 Affected Packages: LibRaw Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

Important: libsoup

Issue Overview: A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service DoS. CVE-2025-32049 Affected Packages: libsoup Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

Medium: coreutils

Issue Overview: A flaw was found in GNU Coreutils. The sort utility's begfield function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash ...

Important: amazon-ssm-agent

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

Important: amazon-ssm-agent

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

Low: libtiff

Issue Overview: A flaw has been found in LibTIFF 4.7.0. This affects the function TIFFmallocExt/TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tiffcmp.c of the component tiffcmp. Executing manipulation can lead to memory leak. The attack is restricted to local execution. The...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix the behavior of READ near OFFSETMAX CVE-2022-48827 In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix iasize underflow CVE-2022-48828 In the Linux kernel, the following...

Medium: ImageMagick

Issue Overview: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2, passing a geometry string containing only a colon ":" to montage -geometry leads GetGeometry to set width/height to 0. Later, ThumbnailImage...

Amazon Linux 2 : python-templated-dictionary, --advisory ALAS2MOCK2-2025-001 (ALASMOCK2-2025-001)

It is, therefore, affected by a vulnerability as referenced in the ALAS2MOCK2-2025-001 advisory. The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems...

Medium: pki-core

Issue Overview: Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Bootstrap allows Cross-Site Scripting XSS.This issue affects Bootstrap: from 3.4.1 before 4.0.0. CVE-2025-1647 Affected Packages: pki-core Note: This advisory is applicable t...

Medium: redis

Issue Overview: TOCTOU in linenoiseHistorySave in linenoise allows local attackers to overwrite arbitrary files and change permissions via a symlink race between fopen"w" on the history path and subsequent chmod on the same path. CVE-2025-9810 Affected Packages: redis Note: This advisory is...

Important: kernel-livepatch-5.10.238-231.953

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ACPICA: Refuse to evaluate a method if arguments are missing CVE-2025-38386 Affected Packages: kernel-livepatch-5.10.238-231.953 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Amazon Linux 2 : ImageMagick, --advisory ALAS2-2025-3000 (ALAS-2025-3000)

The version of ImageMagick installed on the remote host is prior to 6.9.10.97-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3000 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version...