Medium: libtasn1

Issue Overview: When an input DER data contains a large number of SEQUENCE OF or SET OF elements, decoding the data and searching a specific element in it take quadratic time to complete. This could be utilized for a remote DoS attack by presenting a crafted certificate to the network peer...

Medium: qt

Issue Overview: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion. CVE-2023-38197 Affected Packages: qt Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this F...

Medium: gnutls

Issue Overview: A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send...

Important: perl

Issue Overview: Thread creation while a directory handle is open does a fchdir, affecting other threads race condition CVE-2025-40909 Affected Packages: perl Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2...

Medium: openssh

Issue Overview: In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding. CVE-2025-32728 Affected Packages: openssh Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ...

Medium: python-tornado

Issue Overview: Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume ...

Medium: python3-tornado

Issue Overview: Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume ...

Important: cni-plugins

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

Important: cni-plugins

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

Amazon Linux 2 : amazon-ssm-agent (ALAS-2025-2883)

The version of amazon-ssm-agent installed on the remote host is prior to 3.3.2299.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2883 advisory. SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: udp: Fix memory accounting leak. CVE-2025-22058 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.15 Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and...

Amazon Linux 2 : containerd (ALASNITRO-ENCLAVES-2025-063)

The version of containerd installed on the remote host is prior to 1.7.27-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2025-063 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminat...

Amazon Linux 2 : ecs-init (ALASECS-2025-065)

The version of ecs-init installed on the remote host is prior to 1.94.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-065 advisory. The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing...

Amazon Linux 2 : containerd (ALASDOCKER-2025-067)

The version of containerd installed on the remote host is prior to 1.7.27-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2025-067 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a...

Important: kernel-livepatch-4.14.355-276.639

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: nilfs2: protect access to buffers with no active references CVE-2025-21811 Affected Packages: kernel-livepatch-4.14.355-276.639 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Important: kernel-livepatch-4.14.355-276.618

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: nilfs2: protect access to buffers with no active references CVE-2025-21811 Affected Packages: kernel-livepatch-4.14.355-276.618 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Amazon Linux 2 : kernel (ALASKERNEL-5.15-2025-074)

The version of kernel installed on the remote host is prior to 5.15.179-122.186. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.15-2025-074 advisory. In the Linux kernel, the following vulnerability has been resolved: udp: Fix memory accounting leak. CVE-2025-220...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2025-098)

The version of kernel installed on the remote host is prior to 5.4.291-207.406. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2025-098 advisory. In the Linux kernel, the following vulnerability has been resolved: macsec: fix UAF bug for realdev...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2025-094 (ALASKERNEL-5.10-2025-094)

The version of kernel installed on the remote host is prior to 5.10.237-230.949. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2025-094 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Cleanup partial engine...

Important: ppp

Issue Overview: The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges. CVE-2024-58250 Affected Packages: ppp Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue...