Important: kernel-livepatch-4.14.355-276.618

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ext4: Fix possible corruption when moving a directory CVE-2023-53137 Affected Packages: kernel-livepatch-4.14.355-276.618 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Amazon Linux 2023 : firefox (ALAS2023-2025-1055)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1055 advisory. A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability affects Firefox or tag, potentially making a website vulnerable to a cross- site scripting attac...

Amazon Linux 2023 : sudo, sudo-devel, sudo-logsrvd (ALAS2023-2025-1070)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1070 advisory. Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines. CVE-2025-324...

Amazon Linux 2023 : python3-crypto (ALAS2023-2025-1051)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1051 advisory. lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data i.e., it does not have...

Amazon Linux 2023 : python3.12-pip, python3.12-pip-wheel (ALAS2023-2025-1083)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1083 advisory. Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to...

Amazon Linux 2023 : aspnetcore-runtime-8.0, aspnetcore-runtime-dbg-8.0, aspnetcore-targeting-pack-8.0 (ALAS2023-2025-1072)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1072 advisory. A remote code execution vulnerability in .NET 8.0 and 9.0. An attacker who can place malicious files in specific locations may trigger unintended code execution when the .NET runtime loads these files...

Amazon Linux 2023 : redis6, redis6-devel (ALAS2023-2025-1066)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1066 advisory. Redis and Valkey contain a defect such that a well constructed hyperloglog can corrupt arbitrary memory on the heap, which could lead to remote code execution. CVE-2025-32023 Redis and Valkey...

Amazon Linux 2023 : bpftool, kernel6.12, kernel6.12-modules-extra (ALAS2023-2025-1052)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1052 advisory. In the Linux kernel, the following vulnerability has been resolved: schhfsc: Fix qlen accounting bug when using peek in hfscenqueue CVE-2025-38000 In the Linux kernel, the following...

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-1054)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1054 advisory. A flaw was found in the Linux kernel Traffic Control TC subsystem. Using a specific networking configuration redirecting egress packets to ingress using TC action mirred a local unprivileged...

Amazon Linux 2 : kernel (ALAS-2025-2909)

The version of kernel installed on the remote host is prior to 4.14.311-233.529. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2909 advisory. In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix invalid address access in lookupre...

Important: cloud-init

Issue Overview: When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration. CVE-2024-6174 Affected Packages: cloud-init Issue Correction: Run dnf update cloud-init...

Amazon Linux 2023 : runfinch-finch (ALAS2023-2025-1073)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1073 advisory. Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which a...

Amazon Linux 2 : containerd (ALASDOCKER-2025-073)

The version of containerd installed on the remote host is prior to 2.0.5-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2025-073 advisory. Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive...

Medium: soci-snapshotter

Issue Overview: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673 Affected Packages: soci-snapshotter Note: This advisory is applicable to Amazon Linux 2 - Docker Extra. Visit this page to learn more abo...

Amazon Linux 2023 : nerdctl (ALAS2023-2025-1075)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1075 advisory. Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which a...

Amazon Linux 2023 : runc (ALAS2023-2025-1078)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1078 advisory. Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which a...

Amazon Linux 2023 : oci-add-hooks (ALAS2023-2025-1079)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1079 advisory. Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which a...

Amazon Linux 2 : golist (ALAS-2025-2922)

The version of golist installed on the remote host is prior to 0.10.1-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2922 advisory. Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information...

Medium: nerdctl

Issue Overview: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673 Affected Packages: nerdctl Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the...

Medium: docker

Issue Overview: Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon. CVE-2025-22874 Proxy-Authorization and Proxy-Authenticate headers...