Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2025-1145)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1145 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: fix block group refcount race in btrfscreatependingblockgroups CVE-2025-22115 In the Linux kernel, the following...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2025-087 (ALASKERNEL-5.15-2025-087)

The version of kernel installed on the remote host is prior to 5.15.189-131.206. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2025-087 advisory. In the Linux kernel, the following vulnerability has been resolved: net: tap: NULL pointer derefence in...

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-1144)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1144 advisory. In the Linux kernel, the following vulnerability has been resolved: xsk: Fix race condition in AFXDP generic RX path CVE-2025-37920 In the Linux kernel, the following vulnerability has been...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2025-101 (ALASKERNEL-5.10-2025-101)

The version of kernel installed on the remote host is prior to 5.10.240-238.959. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2025-101 advisory. In the Linux kernel, the following vulnerability has been resolved: net: tap: NULL pointer derefence in...

Important: mtr

Issue Overview: mtr through 0.95, in certain privileged contexts, mishandles execution of a program specified by the MTRPACKET environment variable. CVE-2025-49809 Affected Packages: mtr Issue Correction: Run dnf update mtr --releasever 2023.8.20250808 or dnf update --advisory ALAS2023-2025-1102...

Important: jakarta-mail

Issue Overview: In Jakarta Mail 2.2 it is possible to preform a SMTP Injection by utilizing the \r and \n UTF-8 characters to separate different messages. CVE-2025-7962 Affected Packages: jakarta-mail Issue Correction: Run dnf update jakarta-mail --releasever 2023.8.20250808 or dnf update...

Important: golang

Issue Overview: cmd/go: unexpected command execution in untrusted VCS repositories CVE-2025-4674 Affected Packages: golang Issue Correction: Run dnf update golang --releasever 2023.8.20250808 or dnf update --advisory ALAS2023-2025-1104 --releasever 2023.8.20250808 to update your system. More...

Medium: python3.11-pip

Issue Overview: Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc...

Low: kernel

Issue Overview: No CVE associated with this advisory Affected Packages: kernel Issue Correction: Run dnf update kernel --releasever 2023.8.20250808 or dnf update --advisory ALAS2023-2025-1128 --releasever 2023.8.20250808 to update your system. More information on how to update your system can be...

Low: gnupg2

Issue Overview: In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."...

Low: kernel6.12

Issue Overview: No CVE associated with this advisory Affected Packages: kernel6.12 Issue Correction: Run dnf update kernel6.12 --releasever 2023.8.20250808 or dnf update --advisory ALAS2023-2025-1129 --releasever 2023.8.20250808 to update your system. More information on how to update your system...

Important: unbound

Issue Overview: A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet ECS. Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information along wit...

Medium: jq

Issue Overview: jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for...

Amazon Linux 2023 : gdk-pixbuf2, gdk-pixbuf2-devel, gdk-pixbuf2-modules (ALAS2023-2025-1120)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1120 advisory. In GNOME GdkPixbuf aka gdk-pixbuf through 2.42.10, the ANI Windows animated cursor decoder encounters heap memory corruption in aniloadchunk in io-ani.c when parsing chunks in a crafted .ani...

Amazon Linux 2023 : python3.11-pip, python3.11-pip-wheel (ALAS2023-2025-1097)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1097 advisory. Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgra...

Amazon Linux 2023 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2023-2025-1123)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1123 advisory. A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The...

Amazon Linux 2023 : cargo, clippy, rust (ALAS2023-2025-1092)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1092 advisory. The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::codedinputstream::CodedInputStream::skipgroup parsing of unknown fields in untrusted input. CVE-2025-53605 Tenabl...

Medium: thunderbird

Issue Overview: There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above. CVE-2025-6965 Affected Packages:...

Medium: ruby

Issue Overview: The attack vector is a potential Denial of Service DoS. The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv...

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-1111)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1111 advisory. In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Leak pages if setmemoryencrypted fails CVE-2024-36913 In the Linux kernel, the following vulnerability h...