Amazon Linux 2023 : captree, libcap, libcap-devel (ALAS2023-2025-1322)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1322 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf...

Amazon Linux 2023 : docker (ALAS2023-2025-1329)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1329 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate...

Medium: nodejs20

Issue Overview: Use after free due to connection being cleaned up after error CVE-2025-62408 Affected Packages: nodejs20 Issue Correction: Run dnf update nodejs20 --releasever 2023.10.20260105 or dnf update --advisory ALAS2023-2025-1346 --releasever 2023.10.20260105 to update your system. More...

Medium: php8.1

Issue Overview: NOTE: https://github.com/php/php-src/security/advisories/GHSA-3237-qqm7-mfv7 NOTE: https://github.com/php/php-src/commit/c5f28c7cf0a052f48e47877c7aa5c5bcc54f1cfc DEBIANBUG: 1123574 CVE-2025-14177 NOTE: https://github.com/php/php-src/security/advisories/GHSA-h96m-rvf9-jgm2 NOTE:...

Medium: python3.9

Issue Overview: When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building excessively nested documents. CVE-2025-12084 When loading a plist file, the plistlib module...

Important: kernel-livepatch-6.12.53-69.119

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/ip6tunnel: Prevent perpetual tunnel growth CVE-2025-40173 Affected Packages: kernel-livepatch-6.12.53-69.119 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Important: kernel-livepatch-6.1.155-176.282

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/ip6tunnel: Prevent perpetual tunnel growth CVE-2025-40173 Affected Packages: kernel-livepatch-6.1.155-176.282 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Important: ecs-init

Issue Overview: A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is...

Medium: php8.2

Issue Overview: NOTE: https://github.com/php/php-src/security/advisories/GHSA-3237-qqm7-mfv7 NOTE: https://github.com/php/php-src/commit/c5f28c7cf0a052f48e47877c7aa5c5bcc54f1cfc DEBIANBUG: 1123574 CVE-2025-14177 NOTE: https://github.com/php/php-src/security/advisories/GHSA-h96m-rvf9-jgm2 NOTE:...

Medium: libcap

Issue Overview: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not...

Medium: containerd

Issue Overview: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not...

Medium: soci-snapshotter

Issue Overview: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not...

Medium: docker

Issue Overview: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not...

Medium: nerdctl

Issue Overview: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not...

Medium: usbmuxd

Issue Overview: A Path Traversal vulnerability in usbmuxd allows local users to escalate to the service user. CVE-2025-66004 Affected Packages: usbmuxd Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extra...

Medium: ImageMagick

Issue Overview: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-9 and 6.9.13-34, there is a vulnerability in ImageMagick's Magick++ layer that manifests when Options::fontFamily is invoked with an empty string. Clearing a font family...

Important: kernel-livepatch-5.10.245-241.976

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/ip6tunnel: Prevent perpetual tunnel growth CVE-2025-40173 Affected Packages: kernel-livepatch-5.10.245-241.976 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Important: glib2

Issue Overview: Buffer underflow on Glib through glib/gvariant via bytestringparse or stringparse leads to OOB Write. CVE-2025-14087 Affected Packages: glib2 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2...

Medium: python3

Issue Overview: When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building excessively nested documents. CVE-2025-12084 When loading a plist file, the plistlib module...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2025-116 (ALASKERNEL-5.4-2025-116)

The version of kernel installed on the remote host is prior to 5.4.254-169.358. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2025-116 advisory. A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss ...