Azure Linux 3.0 Security Update: kernel (CVE-2024-54683)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-54683 advisory. - In the Linux kernel, the following vulnerability has been resolved: netfilter: IDLETIMER: Fix for possible...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37988)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37988 advisory. - In the Linux kernel, the following vulnerability has been resolved: fix a couple of races in MNTTREEBENEATH...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2025-65637)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-65637 advisory. - A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer...

Azure Linux 3.0 Security Update: optipng (CVE-2023-43907)

The version of optipng installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-43907 advisory. - OptiPNG v0.7.7 was discovered to contain a global buffer overflow via the 'buffer' variable at gifread.c...

Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2024-35816)

The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-35816 advisory. - In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: prevent leak of...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21858)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21858 advisory. - In the Linux kernel, the following vulnerability has been resolved: geneve: Fix use-after-free in...

Azure Linux 3.0 Security Update: valkey (CVE-2025-27151)

The version of valkey installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-27151 advisory. - Redis is an open source, in-memory database that persists on disk. In versions starting from 7.0.0 to before...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21979)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21979 advisory. - In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: cancel wiphywork before...

Toward greater transparency: Introducing machine-readable Vulnerability Exploitability Xchange (VEX) for Azure Linux and beyond

Microsoft is now publishing standard attestations about third-party CVEs through the Vulnerability Exploitability eXchange VEX standard including vulnerabilities in embedded open-source software in Microsoft products and services and starting with the Azure Linux Distribution formerly CBL-Mariner...

Azure Linux 3.0 Security Update: libsoup (CVE-2025-4948)

The version of libsoup installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-4948 advisory. - A flaw was found in the soupmultipartnewfrommessage function of the libsoup HTTP library, which is commonly...

Azure Linux 3.0 Security Update: httpd (CVE-2025-54090)

The version of httpd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-54090 advisory. - A bug in Apache HTTP Server 2.4.64 results in all RewriteCond expr ... tests evaluating as true. Users are...

Azure Linux 3.0 Security Update: yasm (CVE-2024-22653)

The version of yasm installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-22653 advisory. - yasm commit 9defefae was discovered to contain a NULL pointer dereference via the yasmsectionbcsappend functio...

Azure Linux 3.0 Security Update: polkit (CVE-2025-7519)

The version of polkit installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-7519 advisory. - A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an...

Azure Linux 3.0 Security Update: python3 (CVE-2025-6069)

The version of python3 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-6069 advisory. - The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malform...

Azure Linux 3.0 Security Update: kata-containers / kata-containers-cc (CVE-2025-5791)

The version of kata-containers / kata-containers-cc installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-5791 advisory. - A flaw was found in the user's crate for Rust. This vulnerability allows...

Azure Linux 3.0 Security Update: edk2 / hvloader (CVE-2023-45229)

The version of edk2 / hvloader installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-45229 advisory. - EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IA...

Azure Linux 3.0 Security Update: kata-containers / kata-containers-cc / rpm-ostree (CVE-2024-27308)

The version of kata-containers / kata-containers-cc / rpm-ostree installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27308 advisory. - Mio is a Metal I/O library for Rust. When using named pipes on...

Azure Linux 3.0 Security Update: vim (CVE-2025-53906)

The version of vim installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-53906 advisory. - Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim's...

Azure Linux 3.0 Security Update: edk2 (CVE-2024-38796)

The version of edk2 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-38796 advisory. - EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage. An Attacker May cause memory corruption due to...

Azure Linux 3.0 Security Update: cmake (CVE-2025-4947)

The version of cmake installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-4947 advisory. - libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specifi...