Important: kernel-livepatch-5.10.237-230.949

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: check if the new fence is really later CVE-2022-49935 Affected Packages: kernel-livepatch-5.10.237-230.949 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Medium: perl-Authen-SASL

Issue Overview: Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce client nonce is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time m...

Important: kernel-livepatch-4.14.355-280.664

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: check if the new fence is really later CVE-2022-49935 Affected Packages: kernel-livepatch-4.14.355-280.664 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Amazon Linux 2 : nginx, --advisory ALAS2NGINX1-2025-009 (ALASNGINX1-2025-009)

The version of nginx installed on the remote host is prior to 1.28.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NGINX1-2025-009 advisory. NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to...

Amazon Linux 2 : edk2 (ALAS-2025-2975)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2975 advisory. EDK2 contains a vulnerability in BIOS where an attacker may cause Protection Mechanism Failure by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impa...

Amazon Linux 2 : gstreamer1-plugins-good (ALAS-2025-2964)

The version of gstreamer1-plugins-good installed on the remote host is prior to 1.18.4-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2964 advisory. GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files...

Medium: gstreamer-plugins-bad-free

Issue Overview: Integer overflow leading to heap overwrite in MXF file handling with uncompressed video NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0006.html NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/mergerequests/5362 NOTE: Fixed by:...

Important: kernel-livepatch-5.10.237-230.948

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: check if the new fence is really later CVE-2022-49935 Affected Packages: kernel-livepatch-5.10.237-230.948 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Important: kernel-livepatch-5.10.240-238.955

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: check if the new fence is really later CVE-2022-49935 Affected Packages: kernel-livepatch-5.10.240-238.955 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Amazon Linux 2 : webkitgtk4 (ALAS-2025-2970)

The version of webkitgtk4 installed on the remote host is prior to 2.48.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2970 advisory. A cookie management issue was addressed with improved state management. This issue is fixed in watchOS 11, macOS Sequo...

Amazon Linux 2 : LibRaw (ALAS-2025-2974)

The version of LibRaw installed on the remote host is prior to 0.19.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2974 advisory. In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser. CVE-2025-43961 In...

Amazon Linux 2 : 389-ds-base (ALAS-2025-2976)

The version of 389-ds-base installed on the remote host is prior to 1.3.10.2-17. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2976 advisory. A flaw was found in the 389-ds-base LDAP Server. This issue occurs when issuing a Modify DN LDAP operation through the ldap...

Amazon Linux 2 : libxslt (ALAS-2025-2966)

The version of libxslt installed on the remote host is prior to 1.1.28-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2966 advisory. A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead t...

Amazon Linux 2 : sqlite (ALAS-2025-2973)

The version of sqlite installed on the remote host is prior to 3.7.17-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2973 advisory. There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of column...

Amazon Linux 2 : libtiff (ALAS-2025-2965)

The version of libtiff installed on the remote host is prior to 4.0.3-35. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2965 advisory. A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the functi...

Amazon Linux 2 : gstreamer-plugins-bad-free (ALAS-2025-2972)

The version of gstreamer-plugins-bad-free installed on the remote host is prior to 0.10.23-42. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2972 advisory. Integer overflow leading to heap overwrite in MXF file handling with uncompressed video NOTE:...

Amazon Linux 2 : kernel, --advisory ALAS2-2025-2968 (ALAS-2025-2968)

The version of kernel installed on the remote host is prior to 4.14.355-280.672. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2968 advisory. In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: check if the new fence is...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: check if the new fence is really later CVE-2022-49935 In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Return the firmware result upon destroying QP/RQ CVE-2023-5328...

Amazon Linux 2 : python (ALAS-2025-2961)

The version of python installed on the remote host is prior to 2.7.18-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2961 advisory. There is a defect in the CPython tarfile module affecting the TarFile extraction and entry enumeration APIs. The tar implementation...

Amazon Linux 2 : gnutls (ALAS-2025-2969)

The version of gnutls installed on the remote host is prior to 3.3.29-9. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2969 advisory. A heap-buffer-overflow off-by-one flaw was found in the GnuTLS software in the template parsing logic within the certtool utility...