Amazon Linux 2023 : php8.1, php8.1-bcmath, php8.1-cli (ALAS2023-2025-1087)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1087 advisory. fsockopen doesn't regard hostname as well, hostname is terminated at the null byte. This can cause Server Side Request Forgery in general case. CVE-2025-1220 Missing error checking could resul...

Amazon Linux 2023 : nvidia-kmod-common (ALAS2023NVIDIA-2025-134)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023NVIDIA-2025-134 advisory. NVIDIA Display Driver for Linux and Windows contains a vulnerability in the kernel mode driver, where an attacker could access memory outside bounds permitted under normal use cases. A...

Amazon Linux 2023 : php8.3, php8.3-bcmath, php8.3-cli (ALAS2023-2025-1114)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1114 advisory. fsockopen doesn't regard hostname as well, hostname is terminated at the null byte. This can cause Server Side Request Forgery in general case. CVE-2025-1220 Missing error checking could resul...

Amazon Linux 2023 : php8.4, php8.4-bcmath, php8.4-cli (ALAS2023-2025-1113)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1113 advisory. fsockopen doesn't regard hostname as well, hostname is terminated at the null byte. This can cause Server Side Request Forgery in general case. CVE-2025-1220 Missing error checking could resul...

Amazon Linux 2023 : xorg-x11-server-common, xorg-x11-server-devel, xorg-x11-server-source (ALAS2023-2025-1061)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1061 advisory. A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and...

Amazon Linux 2023 : docker (ALAS2023-2025-1074)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1074 advisory. Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which a...

Amazon Linux 2023 : xorg-x11-server-Xwayland, xorg-x11-server-Xwayland-devel (ALAS2023-2025-1062)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1062 advisory. A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and...

Amazon Linux 2023 : soci-snapshotter (ALAS2023-2025-1076)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1076 advisory. Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which a...

Amazon Linux 2023 : tigervnc, tigervnc-icons, tigervnc-license (ALAS2023-2025-1060)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1060 advisory. A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and...

Amazon Linux 2023 : glib2, glib2-devel, glib2-static (ALAS2023-2025-1069)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1069 advisory. A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the gdatetimenewfromiso8601 function. CVE-2025-3360 A flaw was fou...

Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2025-1046)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1046 advisory. Allows modifying some file metadata e.g. last modified with filter=data or file permissions chmod with filter=tar of files outside the extraction directory.You are affected by this vulnerabili...

Amazon Linux 2023 : nerdctl (ALAS2023-2025-980)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-980 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which...

Amazon Linux 2023 : soci-snapshotter (ALAS2023-2025-981)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-981 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which...

Amazon Linux 2023 : amazon-cloudwatch-agent (ALAS2023-2025-968)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-968 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which...

Amazon Linux 2023 : docker (ALAS2023-2025-934)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-934 advisory. An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. CVE-2025-22868 SSH servers which implement file transfer protocols are vulnerable ...

Amazon Linux 2023 : xorg-x11-server-common, xorg-x11-server-devel, xorg-x11-server-source (ALAS2023-2025-892)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-892 advisory. A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to...

Amazon Linux 2023 : java-23-amazon-corretto, java-23-amazon-corretto-devel, java-23-amazon-corretto-headless (ALAS2023-2025-904)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-904 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle...

Amazon Linux 2023 : python3.11, python3.11-devel, python3.11-idle (ALAS2023-2025-871)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-871 advisory. A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands...

Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2025-822)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-822 advisory. Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is...

Amazon Linux 2023 : rsync, rsync-daemon (ALAS2023-2025-800)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-800 advisory. Placeholder CVE. Details forthcoming CVE-2024-12085 Placeholder CVE. Details forthcoming CVE-2024-12086 Placeholder CVE. Details forthcoming CVE-2024-12087 Placeholder CVE. Details forthcoming...