Amazon Linux 2 : kernel, --advisory ALAS2-2025-2777 (ALAS-2025-2777)

The version of kernel installed on the remote host is prior to 4.14.353-270.569. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2777 advisory. In the Linux kernel, the following vulnerability has been resolved: mm: avoid overflows in dirty throttling logic...

Amazon Linux 2 : kernel, --advisory ALAS2-2025-2778 (ALAS-2025-2778)

The version of kernel installed on the remote host is prior to 4.14.352-267.564. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2778 advisory. In the Linux kernel, the following vulnerability has been resolved: net: relax socket state check at accept time...

Amazon Linux 2 : libglvnd (ALAS-2025-2782)

The version of libglvnd installed on the remote host is prior to 1.0.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2782 advisory. libglxproto.c in OpenGL libglvnd bb06db5a was discovered to contain a segmentation violation via the function glXGetDrawableScreen...

Amazon Linux 2 : openjpeg2 (ALAS-2025-2773)

The version of openjpeg2 installed on the remote host is prior to 2.4.0-5. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2773 advisory. openjpeg: heap buffer overflow in bin/common/color.c CVE-2024-56826 openjpeg: heap buffer overflow in lib/openjp2/j2k.c...

Amazon Linux 2 : emacs (ALAS-2025-2770)

The version of emacs installed on the remote host is prior to 27.2-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2770 advisory. A flaw was found in the Emacs text editor. Improper handling of custom man URI schemes allows attackers to execute arbitrary shell...

Amazon Linux 2 : amazon-cloudwatch-agent (ALAS-2025-2779)

The version of amazon-cloudwatch-agent installed on the remote host is prior to 1.300052.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2779 advisory. Calling any of the Parse functions on Go source code which contains deeply nested literals can cause ...

Medium: libglvnd

Issue Overview: libglxproto.c in OpenGL libglvnd bb06db5a was discovered to contain a segmentation violation via the function glXGetDrawableScreen. NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server...

Medium: expat

Issue Overview: An issue was discovered in libexpat before 2.6.4. There is a crash within the XMLResumeParser function because XMLStopParser can stop/suspend an unstarted parser. CVE-2024-50602 Affected Packages: expat Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit...

Important: gstreamer1-plugins-good

Issue Overview: GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemuxparsetheoraextension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a lar...

Medium: openssl11

Issue Overview: Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in smb2reconnectserver CVE-2024-35870 In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free of signing key CVE-2024-53179 In the Linux kernel, the...

Medium: microcode_ctl

Issue Overview: Improper Finite State Machines FSMs in Hardware Logic for some IntelR Processors may allow privileged user to potentially enable denial of service via local access. CVE-2024-31068 Sequence of processor instructions leads to unexpected behavior in the IntelR DSA V1.0 for some Intel...

Important: python-jinja2

Issue Overview: Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker need...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: tipc: Return non-zero value from tipcudpaddr2str on error CVE-2024-42284 In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix a use-after-free related to destroying CM IDs...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: relax socket state check at accept time. CVE-2024-36484 In the Linux kernel, the following vulnerability has been resolved: bonding: Fix out-of-bounds read in bondoptionarpiptargetsset CVE-2024-39487 In the...

Important: emacs

Issue Overview: A flaw was found in the Emacs text editor. Improper handling of custom "man" URI schemes allows attackers to execute arbitrary shell commands by tricking users into visiting a specially crafted website or an HTTP URL with a redirect. CVE-2025-1244 Affected Packages: emacs Note: Th...

Medium: openjpeg2

Issue Overview: openjpeg: heap buffer overflow in bin/common/color.c CVE-2024-56826 openjpeg: heap buffer overflow in lib/openjp2/j2k.c CVE-2024-56827 Affected Packages: openjpeg2 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference...

Important: aws-kinesis-agent

Issue Overview: In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer.deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization...

Amazon Linux 2 : python-crypto (ALASANSIBLE2-2025-012)

It is, therefore, affected by a vulnerability as referenced in the ALAS2ANSIBLE2-2025-012 advisory. lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data i.e., it does not...

Amazon Linux 2 : ecs-init (ALASECS-2025-051)

The version of ecs-init installed on the remote host is prior to 1.75.3-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-051 advisory. Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures...