Amazon Linux 2 : python2-setuptools (ALAS-2024-2632)

The version of python2-setuptools installed on the remote host is prior to 41.2.0-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2632 advisory. A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution vi...

Amazon Linux 2 : firefox (ALASFIREFOX-2024-029)

The version of firefox installed on the remote host is prior to 115.15.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2024-029 advisory. 2024-09-26: CVE-2024-7652 was added to this advisory. An error in the ECMA-262 specification relating to Async...

Amazon Linux 2 : systemd (ALAS-2024-2636)

The version of systemd installed on the remote host is prior to 219-78. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2636 advisory. An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the...

Amazon Linux 2 : thunderbird (ALAS-2024-2629)

The version of thunderbird installed on the remote host is prior to 115.14.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2629 advisory. Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be...

Amazon Linux 2 : amazon-cloudwatch-agent (ALAS-2024-2630)

The version of amazon-cloudwatch-agent installed on the remote host is prior to 1.300044.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2630 advisory. Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability...

Amazon Linux 2 : microcode_ctl (ALAS-2024-2631)

The version of microcodectl installed on the remote host is prior to 2.1-47. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2631 advisory. Insufficient control flow management for some IntelR Xeon Processors may allow an authenticated user to potentially enable deni...

Amazon Linux 2 : kernel (ALASKERNEL-5.15-2024-051)

The version of kernel installed on the remote host is prior to 5.15.165-110.161. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2024-051 advisory. 2024-12-05: CVE-2024-41042 was added to this advisory. 2024-09-26: CVE-2024-42302 was added to this...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-083)

The version of kernel installed on the remote host is prior to 5.4.282-194.378. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2024-083 advisory. 2024-12-05: CVE-2024-41042 was added to this advisory. 2024-09-12: CVE-2024-44944 was added to this...

Amazon Linux 2 : nginx (ALASNGINX1-2024-007)

The version of nginx installed on the remote host is prior to 1.22.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NGINX1-2024-007 advisory. NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX...

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-069)

The version of kernel installed on the remote host is prior to 5.10.224-212.876. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2024-069 advisory. 2024-12-05: CVE-2024-41042 was added to this advisory. 2024-09-26: CVE-2024-42302 was added to this...

Medium: microcode_ctl

Issue Overview: Insufficient control flow management for some IntelR Xeon Processors may allow an authenticated user to potentially enable denial of service via local access. CVE-2024-22374 Affected Packages: microcodectl Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository...

Amazon Linux 2 : docker (ALASECS-2024-041)

The version of docker installed on the remote host is prior to 25.0.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2024-041 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read man...

Amazon Linux 2 : docker (ALASECS-2024-042)

The version of docker installed on the remote host is prior to 25.0.6-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2024-042 advisory. 2025-01-04: CVE-2024-36620 was added to this advisory. 2025-01-04: CVE-2024-36623 was added to this advisory. When...

Medium: fdupes

Issue Overview: In deletefiles in FDUPES before 2.2.0, a TOCTOU race condition allows arbitrary file deletion via a symlink. CVE-2022-48682 Affected Packages: fdupes Note: This advisory is applicable to Amazon Linux 2 - Mate-desktop1.x Extra. Visit this page to learn more about Amazon Linux 2 AL2...

Important: amazon-cloudwatch-agent

Issue Overview: Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability CVE-2024-35255 The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows...

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: use timestamp to check for set element timeout CVE-2024-27397 In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: prefer nftchainvalidate CVE-2024-41042 In...

Amazon Linux 2 : docker (ALASDOCKER-2024-044)

The version of docker installed on the remote host is prior to 25.0.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2024-044 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read...

Medium: runc

Issue Overview: The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. CVE-2024-24790 Affected Packages: runc Note: This advisory is applicable to Amazon Linu...

Amazon Linux 2 : docker (ALASDOCKER-2024-045)

The version of docker installed on the remote host is prior to 25.0.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2024-045 advisory. When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an...

Amazon Linux 2 : docker (ALASNITRO-ENCLAVES-2024-046)

The version of docker installed on the remote host is prior to 25.0.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2024-046 advisory. When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial...