Amazon Linux 2023 : git, git-all, git-core (ALAS2023-2025-1014)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1014 advisory. Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the remote Git process to the client via the so-called...

Amazon Linux 2 : amazon-ssm-agent (ALAS-2025-2883)

The version of amazon-ssm-agent installed on the remote host is prior to 3.3.2299.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2883 advisory. SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which...

Amazon Linux 2023 : bpftool, kernel6.12, kernel6.12-modules-extra (ALAS2023-2025-995)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-995 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf: track changespktdata property for global functions CVE-2024-58098 In the Linux kernel, the following vulnerability has...

Amazon Linux 2023 : amazon-ssm-agent (ALAS2023-2025-1013)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1013 advisory. SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read...

Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2025-1010)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1010 advisory. Corrupted pointer in node::fs::ReadFileUtf8const FunctionCallbackInfo& args when args0 is a string, resulting in an unrecoverable memory leak on every call. Repeated use can cause unbounded...

Amazon Linux 2023 : cni-plugins (ALAS2023-2025-1012)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1012 advisory. The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms...

Amazon Linux 2023 : python3-tornado (ALAS2023-2025-1002)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1002 advisory. Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form- data parser encounters certain errors, it logs a warning but continues trying to parse the remainde...

Amazon Linux 2023 : python3-setuptools, python3-setuptools-wheel (ALAS2023-2025-1005)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1005 advisory. setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version...

Important: amazon-ssm-agent

Issue Overview: SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted. CVE-2025-22869 Affected Packages:...

Medium: openssh

Issue Overview: In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding. CVE-2025-32728 Affected Packages: openssh Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ...

Important: amazon-ssm-agent

Issue Overview: SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted. CVE-2025-22869 Affected Packages:...

Amazon Linux 2 : perl (ALAS-2025-2879)

The version of perl installed on the remote host is prior to 5.16.3-299. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2879 advisory. Thread creation while a directory handle is open does a fchdir, affecting other threads race condition CVE-2025-40909 Tenable has...

Amazon Linux 2 : qt (ALAS-2025-2890)

The version of qt installed on the remote host is prior to 4.8.5-15. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2890 advisory. An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in...

Amazon Linux 2 : python-setuptools (ALAS-2025-2876)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2876 advisory. setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version...

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-993)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-993 advisory. In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix memory leak in tpm2keyencode CVE-2024-36967 In the Linux kernel, the following vulnerability has been...

Amazon Linux 2023 : libsoup, libsoup-devel (ALAS2023-2025-997)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-997 advisory. A flaw was found in the soupmultipartnewfrommessage function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the...

Amazon Linux 2 : git (ALAS-2025-2884)

The version of git installed on the remote host is prior to 2.47.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2884 advisory. Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are...

Amazon Linux 2 : cni-plugins (ALAS-2025-2882)

The version of cni-plugins installed on the remote host is prior to 1.7.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2882 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare...

Amazon Linux 2023 : ghostscript, ghostscript-gtk, ghostscript-tools-dvipdf (ALAS2023-2025-1000)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1000 advisory. gslibctxstashsanitizedarg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the case. A created PDF document includes its password in cleartext. CVE-2025-48708...

Amazon Linux 2 : screen (ALAS-2025-2878)

The version of screen installed on the remote host is prior to 4.1.0-0.27.20120314git3c2946. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2878 advisory. TTY Hijacking while Attaching to a Multiuser Session in the screen package Has potential to break some reattach...