9341 matches found
CLSA-2026-1778227041 jasper: Fix of 3 CVEs
Add Amazon Linux 2 ELS support mirrors centos7els branch with .amzn2 dist via / leapfrog over stock 1.900.1-33.amzn2.0.1 - Import CVE-2020-27828 patch from amzn2 stock SRPM out-of-bounds write in jpc encoder; jasper-2.0.14-CVE-2020-27828.patch - Import CVE-2021-3443 patch from amzn2 stock SRPM...
CLSA-2026-1778218633 jasper: Fix of 3 CVEs
Add Amazon Linux 2 ELS support mirrors centos7els branch with .amzn2 dist via / leapfrog over stock 1.900.1-33.amzn2.0.1 - Import CVE-2020-27828 patch from amzn2 stock SRPM out-of-bounds write in jpc encoder; jasper-2.0.14-CVE-2020-27828.patch - Import CVE-2021-3443 patch from amzn2 stock SRPM...
CLSA-2026-1778163112 Update of cups
Merge of the Amazon Linux 2 cups package cups-1.6.3-51.amzn2.0.9...
CLSA-2026-1778166697 Update of cups
Merge of the Amazon Linux 2 cups package cups-1.6.3-51.amzn2.0.9...
CLSA-2026-1778166693 Update of cups
Merge of the Amazon Linux 2 cups package cups-1.6.3-51.amzn2.0.9...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - Revert to operating out-of-place To mitigate this issue, we recommend that customers disable loading of the algifaead module by running the following commands as an administrator user: echo...
Important: kernel-livepatch-6.18.15-14.217
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - Revert to operating out-of-place To mitigate this issue, we recommend that customers disable loading of the algifaead module by running the following commands: echo "install algifaead /bin/fals...
Important: kernel-livepatch-6.12.80-105.147
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - Revert to operating out-of-place To mitigate this issue, we recommend that customers disable loading of the algifaead module by running the following commands: echo "install algifaead /bin/fals...
Medium: docker
Issue Overview: Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may...
Medium: ecs-service-connect-agent
Issue Overview: Envoy is a cloud-native high-performance edge/middle/service proxy. A security vulnerability in Envoy allows external clients to manipulate Envoy headers, potentially leading to unauthorized access or other malicious actions within the mesh. This issue arises due to Envoy's defaul...
Important: kernel6.18
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - Revert to operating out-of-place To mitigate this issue, we recommend that customers disable loading of the algifaead module by running the following commands as an administrator user: echo...
Amazon Linux 2023 : bpftool6.18, kernel6.18, kernel6.18-devel (ALAS2023-2026-1649)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1649 advisory. In the Linux kernel, the following vulnerability has been resolved:crypto: algifaead - Revert to operating out-of-place To mitigate this issue, we recommend that customers disable loading of t...
Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2026-1650)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1650 advisory. In the Linux kernel, the following vulnerability has been resolved:crypto: algifaead - Revert to operating out-of-place To mitigate this issue, we recommend that customers disable loading of t...
Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2026-101 (ALASKERNEL-5.15-2026-101)
The version of kernel installed on the remote host is prior to 5.15.202-142.235. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2026-101 advisory. In the Linux kernel, the following vulnerability has been resolved:crypto: algifaead - Revert to operati...
Amazon Linux 2 : docker, --advisory ALAS2ECS-2026-113 (ALASECS-2026-113)
The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-113 advisory. Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that...
Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2026-1664)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1664 advisory. Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using oghttp as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To...
Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2026-116 (ALASKERNEL-5.10-2026-116)
The version of kernel installed on the remote host is prior to 5.10.252-250.1016. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2026-116 advisory. In the Linux kernel, the following vulnerability has been resolved:crypto: algifaead - Revert to...
CLSA-2026-1777544655 rsync: Fix of 2 CVEs
CVE-2024-12086: prevent server from reading arbitrary client files via path traversal - CVE-2025-10158: fix invalid access to files array in sender - Add upstream stability fix RsyncProject/rsync PR 706: use-after-free in generator - Enable Amazon Linux 2 ELS...
Important: edk2
Issue Overview: Potential use-after-free in DANE client code CVE-2026-28387 NULL Pointer Dereference When Processing a Delta CRL NOTE: https://openssl-library.org/news/secadv/20260407.txt CVE-2026-28388 Possible NULL dereference when processing CMS KeyAgreeRecipientInfo CVE-2026-28389 Possible NU...
Important: openssh
Issue Overview: In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode. CVE-2026-35385 Affected Packages: openssh Note: This...