Amazon Linux 2 : runc (ALASDOCKER-2024-043)

The version of runc installed on the remote host is prior to 1.1.13-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2024-043 advisory. The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for...

Amazon Linux 2 : runc (ALASNITRO-ENCLAVES-2024-044)

The version of runc installed on the remote host is prior to 1.1.13-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2024-044 advisory. The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning fal...

Amazon Linux 2 : docker (ALASNITRO-ENCLAVES-2024-045)

The version of docker installed on the remote host is prior to 25.0.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2024-045 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body ...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-076)

The version of kernel installed on the remote host is prior to 5.4.190-107.353. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2024-076 advisory. In the Linux kernel, the following vulnerability has been resolved: ubi: Fix race condition between...

Important: kernel-livepatch-5.10.220-209.869

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix a use-after-free CVE-2022-48666 kernel: virtio-net: tap: mlx5core short frame denial of service CVE-2024-41090 kernel: virtio-net: tun: mlx5core short frame denial of service CVE-2024-41091 Affecte...

Important: kernel-livepatch-4.14.345-262.561

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: kdb: Fix buffer overflow during tab-complete CVE-2024-39480 Affected Packages: kernel-livepatch-4.14.345-262.561 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Amazon Linux 2 : apache-commons-compress (ALAS-2024-2627)

The version of apache-commons-compress installed on the remote host is prior to 1.5-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2627 advisory. When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-081)

The version of kernel installed on the remote host is prior to 5.4.279-193.377. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2024-081 advisory. In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Check whether the...

Amazon Linux 2 : cups (ALAS-2024-2628)

The version of cups installed on the remote host is prior to 1.6.3-51. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2628 advisory. A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Serv...

Amazon Linux 2 : kernel, --advisory ALAS2-2024-2622 (ALAS-2024-2622)

The version of kernel installed on the remote host is prior to 4.14.350-266.564. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2622 advisory. A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function...

Amazon Linux 2 : firefox (ALASFIREFOX-2024-028)

The version of firefox installed on the remote host is prior to 115.13.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2FIREFOX-2024-028 advisory. There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpximgalloc with a large value of the dw, d...

Amazon Linux 2 : webkitgtk4 (ALAS-2024-2623)

The version of webkitgtk4 installed on the remote host is prior to 2.42.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2623 advisory. A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS...

Amazon Linux 2 : bind (ALAS-2024-2625)

The version of bind installed on the remote host is prior to 9.11.4-26.P2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2625 advisory. The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problem...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-082)

The version of kernel installed on the remote host is prior to 5.4.272-185.370. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2024-082 advisory. In the Linux kernel, the following vulnerability has been resolved: hvnetvsc: Register VF in netvscprobe i...

Amazon Linux 2 : oci-add-hooks (ALASNITRO-ENCLAVES-2024-043)

The version of oci-add-hooks installed on the remote host is prior to 0-0.2.20200504git325a340. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2024-043 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an...

Amazon Linux 2 : oci-add-hooks (ALASDOCKER-2024-042)

The version of oci-add-hooks installed on the remote host is prior to 0-0.2.20200504git325a340. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2024-042 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessi...

Low: cups

Issue Overview: A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root with...

Medium: apache-commons-compress

Issue Overview: When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package...

Medium: apache-commons-compress

Issue Overview: When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package...

Amazon Linux 2 : containerd, --advisory ALAS2ECS-2024-040 (ALASECS-2024-040)

The version of containerd installed on the remote host is prior to 1.7.20-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2024-040 advisory. The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This...