Important: kernel-livepatch-6.1.170-210.320

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through pskbcopy CVE-2026-46300 Affected Packages: kernel-livepatch-6.1.170-210.320 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Important: kernel-livepatch-6.18.20-20.229

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through pskbcopy CVE-2026-46300 Affected Packages: kernel-livepatch-6.18.20-20.229 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Important: kernel-livepatch-6.12.73-95.123

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through pskbcopy CVE-2026-46300 Affected Packages: kernel-livepatch-6.12.73-95.123 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Important: kernel-livepatch-6.12.80-105.147

Issue Overview: PinTheft is a Linux local privilege escalation exploit for an RDS zerocopy double-free that can be turned into a page-cache overwrite through iouring fixed buffers. Affected Packages: kernel-livepatch-6.12.80-105.147 Issue Correction: Please ensure you have live patching enabled...

Amazon Linux 2023 : bind, bind-chroot, bind-devel (ALAS2023-2026-1755)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1755 advisory. Fix GSS-API resource leak CVE-2026-3039 Limit resolver server list size CVE-2026-3592 An unauthenticated remote attacker can crash any affected named instance with a single crafted DNS message...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: Buffer overflow in drivers/xen/sys-hypervisor.c CVE-2026-31786 In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: fix double free via VMA splitting CVE-2026-31787 In the Linux kernel,...

Amazon Linux 2023 : amazon-ecr-credential-helper (ALAS2023-2026-1738)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1738 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport...

Amazon Linux 2023 : golang-github-burntsushi-toml-test, golang-github-burntsushi-toml-test-devel (ALAS2023-2026-1750)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1750 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 Within HostnameError.Error, when constructing ...

Amazon Linux 2023 : wireshark-cli, wireshark-devel (ALAS2023-2026-1677)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1677 advisory. RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution CVE-2026-5405 Tenable has extracted the preceding description block...

Amazon Linux 2023 : rclone (ALAS2023-2026-1658)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1658 advisory. Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can muta...

Amazon Linux 2023 : krb5-devel, krb5-libs, krb5-pkinit (ALAS2023-2026-1680)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1680 advisory. In MIT Kerberos 5 aka krb5 before 1.22.3, there is a NULL pointer dereference if an application calls gssacceptseccontext on a system with a NegoEx mechanism registered in /etc/gss/mech. An...

Amazon Linux 2023 : nodejs24, nodejs24-devel, nodejs24-full-i18n (ALAS2023-2026-1647)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1647 advisory. nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API...

Amazon Linux 2023 : nodejs22, nodejs22-devel, nodejs22-full-i18n (ALAS2023-2026-1648)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1648 advisory. @isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service DoS issue caused by unbound...

Amazon Linux 2023 : vim-common, vim-data, vim-default-editor (ALAS2023-2026-1667)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1667 advisory. Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is...

Amazon Linux 2023 : ecs-init (ALAS2023-2026-1637)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1637 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to...

Amazon Linux 2023 : python3.13-lxml (ALAS2023-2026-1679)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1679 advisory. lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input t...

Amazon Linux 2023 : dnsmasq, dnsmasq-utils (ALAS2023-2026-1516)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1516 advisory. dnsmasqs extractname function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an...

Amazon Linux 2023 : cups, cups-client, cups-devel (ALAS2023-2026-1668)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1668 advisory. OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon cupsd contains an authorization bypass...

Amazon Linux 2023 : python3.14, python3.14-devel, python3.14-freethreading (ALAS2023-2026-1674)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1674 advisory. The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode to read the .pyc files. sys.audit handle...

Amazon Linux 2023 : python3-lxml (ALAS2023-2026-1678)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1678 advisory. lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input t...