Amazon Linux 2 : python3, --advisory ALAS2-2025-3084 (ALAS-2025-3084)

The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3084 advisory. If the value passed to os.path.expandvars is user-controlled aperformance degradation is possible when expanding...

Amazon Linux 2 : exiv2, --advisory ALAS2-2025-3086 (ALAS-2025-3086)

The version of exiv2 installed on the remote host is prior to 0.27.0-4. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3086 advisory. Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata...

Amazon Linux 2 : containerd, --advisory ALAS2ECS-2025-084 (ALASECS-2025-084)

The version of containerd installed on the remote host is prior to 2.1.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2025-084 advisory. containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta...

Important: openvpn

Issue Overview: HMAC verification check: fix incorrect memcmp call NOTE: https://community.openvpn.net/Security%20Announcements/CVE-2025-13086 CVE-2025-13086 Affected Packages: openvpn Issue Correction: Run dnf update openvpn --releasever 2023.9.20251208 or dnf update --advisory ALAS2023-2025-131...

Medium: audiofile

Issue Overview: Audiofile v0.3.7 was discovered to contain a NULL pointer dereference via the ModuleState::setup function. CVE-2025-50950 Affected Packages: audiofile Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Cor...

Important: glib2

Issue Overview: A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the gescapeuristring function. If the string to escape contains a very large number of unacceptable characters which would need escaping, the calculation of the length of the...

Important: glib2

Issue Overview: A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the gescapeuristring function. If the string to escape contains a very large number of unacceptable characters which would need escaping, the calculation of the length of the...

Medium: curl

Issue Overview: wcurl path traversal with percent-encoded slashes URLs containing percent-encoded slashes / or \ can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. CVE-2025-11563 Affected Packages: curl Note: This advisory is...

Low: python3

Issue Overview: If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment variables. CVE-2025-6075 Affected Packages: python3 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the...

Low: python3.11

Issue Overview: If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment variables. CVE-2025-6075 Affected Packages: python3.11 Issue Correction: Run dnf update python3.11 --releasever 2023.9.20251208 or dnf update --advisory...

Medium: unbound

Issue Overview: NLnet Labs Unbound up to and including version 1.24.0 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive DNS replies in the authority section can be used to trick resolvers to update their delegation information for the zone. Usually...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: NFSD: Avoid calling OPDESC with ops-opnum == OPILLEGAL CVE-2023-53680 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.4 Extra. Visit this page to learn more about Amazon...

Medium: bind

Issue Overview: Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12,...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: NFSD: Avoid calling OPDESC with ops-opnum == OPILLEGAL CVE-2023-53680 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference...

Medium: unbound

Issue Overview: NLnet Labs Unbound up to and including version 1.24.0 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive DNS replies in the authority section can be used to trick resolvers to update their delegation information for the zone. Usually...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: vfs: Don't leak disconnected dentries on umount CVE-2025-40105 In the Linux kernel, the following vulnerability has been resolved: ext4: detect invalid INLINEDATA + EXTENTS flag combination CVE-2025-40167 In the...

Medium: curl

Issue Overview: wcurl path traversal with percent-encoded slashes URLs containing percent-encoded slashes / or \ can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. CVE-2025-11563 Affected Packages: curl Issue Correction: Run dnf...

Medium: containerd

Issue Overview: containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths /var/lib/containerd,...

Medium: postgresql

Issue Overview: Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail...

Amazon Linux 2 : audiofile, --advisory ALAS2-2025-3087 (ALAS-2025-3087)

The version of audiofile installed on the remote host is prior to 0.3.6-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3087 advisory. Audiofile v0.3.7 was discovered to contain a NULL pointer dereference via the ModuleState::setup function. CVE-2025-50950 Tenabl...