Amazon Linux 2023 : amazon-efs-utils (ALAS2023-2026-1564)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1564 advisory. time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via...

Amazon Linux 2023 : tigervnc, tigervnc-icons, tigervnc-license (ALAS2023-2026-1537)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1537 advisory. In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions. CVE-2026-34352...

Amazon Linux 2023 : dovecot, dovecot-devel, dovecot-mysql (ALAS2023-2026-1570)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1570 advisory. Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured credentials. Figuring out the...

Amazon Linux 2023 : libpng, libpng-devel, libpng-static (ALAS2023-2026-1563)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1563 advisory. LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. In versions 1.2.1 through 1.6.55, pngsettRNS and...

Amazon Linux 2023 : libtiff, libtiff-devel, libtiff-static (ALAS2023-2026-1547)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1547 advisory. A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. Thi...

Amazon Linux 2023 : squid (ALAS2023-2026-1569)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1569 advisory. Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetime and heap Use-After-Free bugs, Squid is vulnerable to Denial of Service...

Amazon Linux 2023 : vim-common, vim-data, vim-default-editor (ALAS2023-2026-1584)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1584 advisory. When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore ma...

Amazon Linux 2023 : amazon-ecr-credential-helper (ALAS2023-2026-1574)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1574 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or...

Amazon Linux 2023 : nerdctl (ALAS2023-2026-1535)

"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1535 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir o...

Medium: runc

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2026-1583)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1583 advisory. When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email message...

Amazon Linux 2023 : soci-snapshotter (ALAS2023-2026-1573)

"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1573 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir o...

Amazon Linux 2023 : runc (ALAS2023-2026-1541)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1541 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or...

Amazon Linux 2023 : oci-add-hooks (ALAS2023-2026-1575)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1575 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or...

Amazon Linux 2023 : nginx, nginx-all-modules, nginx-core (ALAS2023-2026-1540)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1540 advisory. When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP...

Medium: amazon-ecr-credential-helper

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix recvmsg unconditional requeue CVE-2026-23066 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.4 Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extr...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2026-119 (ALASKERNEL-5.4-2026-119)

The version of kernel installed on the remote host is prior to 5.4.302-223.457. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.4-2026-119 advisory. In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix recvmsg unconditional requeue...

Amazon Linux 2023 : python3-jwt, python3-jwt+crypto (ALAS2023-2026-1519)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1519 advisory. A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 SS4.1.11. When a JWS token contains a crit array listing...

Important: dotnet8.0

Issue Overview: Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network. CVE-2026-26130 Affected Packages: dotnet8.0 Issue Correction: Run dnf update dotnet8.0 --releasever 2023.10.20260330 or dnf update --advisory...