Amazon Linux 2 : rclone, --advisory ALAS2-2026-3285 (ALAS-2026-3285)

The version of rclone installed on the remote host is prior to 1.55.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3285 advisory. Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC...

Amazon Linux 2 : gimp, --advisory ALAS2GIMP-2026-015 (ALASGIMP-2026-015)

The version of gimp installed on the remote host is prior to 2.8.22-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2GIMP-2026-015 advisory. A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by providing ...

Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2026-058 (ALASFIREFOX-2026-058)

The version of firefox installed on the remote host is prior to 140.10.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2026-058 advisory. Double-Free / Use-After-Free UAF in the IntoIter::drop and ThinVec::clear functions in the thinvec crate. A panic...

Amazon Linux 2 : python, --advisory ALAS2-2026-3280 (ALAS-2026-3280)

The version of python installed on the remote host is prior to 2.7.18-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3280 advisory. Mitgation of CVE-2026-4519 was incomplete. If the URL contained %action the mitigation could be bypassed for certain brows...

Amazon Linux 2 : docker, --advisory ALAS2DOCKER-2026-114 (ALASDOCKER-2026-114)

The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-114 advisory. Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that...

Amazon Linux 2 : rust, --advisory ALAS2-2026-3296 (ALAS-2026-3296)

The version of rust installed on the remote host is prior to 1.95.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3296 advisory. Double-Free / Use-After-Free UAF in the IntoIter::drop and ThinVec::clear functions in the thinvec crate. A panic in ptr::dropinplace...

Amazon Linux 2 : ruby, --advisory ALAS2-2026-3284 (ALAS-2026-3284)

The version of ruby installed on the remote host is prior to 2.0.0.648-36. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3284 advisory. ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance...

Amazon Linux 2 : ImageMagick, --advisory ALAS2-2026-3288 (ALAS-2026-3288)

The version of ImageMagick installed on the remote host is prior to 6.9.10.97-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3288 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both...

Amazon Linux 2 : PackageKit, --advisory ALAS2-2026-3282 (ALAS-2026-3282)

The version of PackageKit installed on the remote host is prior to 1.1.5-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3282 advisory. PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro,...

Amazon Linux 2 : libXpm, --advisory ALAS2-2026-3291 (ALAS-2026-3291)

The version of libXpm installed on the remote host is prior to 3.5.12-9. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3291 advisory. As per upstream advisory: libXpm Out-of-bounds read in xpmNextWord CVE-2026-4367 Tenable has extracted the preceding description...

Amazon Linux 2 : qemu, --advisory ALAS2-2026-3293 (ALAS-2026-3293)

The version of qemu installed on the remote host is prior to 3.1.0-8. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3293 advisory. hcd-ohci: infinite loop NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/129922c2bc398b656a9180150e667f98fdf0d40...

Amazon Linux 2 : python3, --advisory ALAS2-2026-3281 (ALAS-2026-3281)

The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3281 advisory. Mitgation of CVE-2026-4519 was incomplete. If the URL contained %action the mitigation could be bypassed for certain...

Amazon Linux 2 : xdg-desktop-portal, --advisory ALAS2-2026-3298 (ALAS-2026-3298)

The version of xdg-desktop-portal installed on the remote host is prior to 1.0.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3298 advisory. Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash any file in the host...

Amazon Linux 2 : runfinch-finch, --advisory ALAS2DOCKER-2026-117 (ALASDOCKER-2026-117)

The version of runfinch-finch installed on the remote host is prior to 1.17.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-117 advisory. SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination ...

Amazon Linux 2 : docker, --advisory ALAS2ECS-2026-108 (ALASECS-2026-108)

The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-108 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler...

Amazon Linux 2 : amazon-ecr-credential-helper, --advisory ALAS2DOCKER-2026-113 (ALASDOCKER-2026-113)

The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.12.0-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-113 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overfl...

Amazon Linux 2 : amazon-ecr-credential-helper, --advisory ALAS2NITRO-ENCLAVES-2026-099 (ALASNITRO-ENCLAVES-2026-099)

The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.12.0-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-099 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow o...

Important: kernel-livepatch-6.1.170-208.319

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags "Dirty Frag" and other issues in Amazon Linux kernels: https://aws.amazon.com/security/security-bulletins/2026-027-aws/ CVE-2026-43284 Affected Packages:...

Amazon Linux 2023 : bpftool6.18, kernel6.18, kernel6.18-devel (ALAS2023-2026-1693)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1693 advisory. In the Linux kernel, the following vulnerability has been resolved: afunix: Give up GC if MSGPEEK intervened. CVE-2026-23394 In the Linux kernel, the following vulnerability has been resolved:...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2026-118 (ALASKERNEL-5.10-2026-118)

The version of kernel installed on the remote host is prior to 5.10.253-252.1015. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2026-118 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: add seqadj...