Amazon Linux 2 : samba, --advisory ALAS2-2025-2979 (ALAS-2025-2979)

The version of samba installed on the remote host is prior to 4.10.16-24. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2979 advisory. All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be...

Medium: httpd

Issue Overview: A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue. CVE-2025-54090 Affected Packages: httpd Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

Medium: mod_security

Issue Overview: ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response's Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we...

Medium: cairo

Issue Overview: An issue was discovered in freedesktop poppler v25.04.0. The heap memory containing PDF stream objects is not cleared upon program exit, allowing attackers to obtain sensitive PDF content via a memory dump. CVE-2025-50422 Affected Packages: cairo Note: This advisory is applicable ...

Amazon Linux 2 : rust, --advisory ALAS2-2025-2978 (ALAS-2025-2978)

The version of rust installed on the remote host is prior to 1.86.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2978 advisory. There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns...

Amazon Linux 2 : giflib, --advisory ALAS2-2025-2987 (ALAS-2025-2987)

The version of giflib installed on the remote host is prior to 4.1.6-9. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2987 advisory. Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the...

Low: giflib

Issue Overview: Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c CVE-2023-48161 Affected Packages: giflib Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Vis...

Amazon Linux 2 : golang, --advisory ALAS2-2025-2984 (ALAS-2025-2984)

The version of golang installed on the remote host is prior to 1.24.6-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2984 advisory. os/exec: LookPath may return unexpected paths. If the PATH environment variable contains paths which are executables rathe...

Amazon Linux 2 : libxml2, --advisory ALAS2-2025-2977 (ALAS-2025-2977)

The version of libxml2 installed on the remote host is prior to 2.9.1-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2977 advisory. A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management...

Amazon Linux 2 : vorbis-tools, --advisory ALAS2-2025-2983 (ALAS-2025-2983)

The version of vorbis-tools installed on the remote host is prior to 1.4.0-13. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2983 advisory. Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of...

Amazon Linux 2 : cairo, --advisory ALAS2-2025-2989 (ALAS-2025-2989)

The version of cairo installed on the remote host is prior to 1.15.12-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2989 advisory. An issue was discovered in freedesktop poppler v25.04.0. The heap memory containing PDF stream objects is not cleared upon program...

Amazon Linux 2 : httpd, --advisory ALAS2-2025-2982 (ALAS-2025-2982)

The version of httpd installed on the remote host is prior to 2.4.65-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2982 advisory. A bug in Apache HTTP Server 2.4.64 results in all RewriteCond expr ... tests evaluating as true. Users are recommended to upgrade to...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: check if the new fence is really later CVE-2022-49935 In the Linux kernel, the following vulnerability has been resolved: cifs: fix small mempool leak in SMB2negotiate CVE-2022-49938 In the Linux...

Important: ImageMagick

Issue Overview: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, the magnified size calculations in ReadOneMNGIMage in coders/png.c are unsafe and can overflow, leading to memory corruption. This issue has been...

Amazon Linux 2 : ImageMagick, --advisory ALAS2-2025-2980 (ALAS-2025-2980)

The version of ImageMagick installed on the remote host is prior to 6.9.10.97-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2980 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27...

Medium: mod_security

Issue Overview: ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.8 to before 2.9.11, an empty XML tag can cause a segmentation fault. If SecParseXmlIntoArgs is set to On or OnlyArgs, and the request type is application/xm...

Important: kernel-livepatch-5.10.239-236.958

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: check if the new fence is really later CVE-2022-49935 Affected Packages: kernel-livepatch-5.10.239-236.958 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Important: kernel-livepatch-4.14.355-277.647

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: check if the new fence is really later CVE-2022-49935 Affected Packages: kernel-livepatch-4.14.355-277.647 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Important: libxslt

Issue Overview: A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may le...

Low: nginx

Issue Overview: NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server...