Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-065)

The version of kernel installed on the remote host is prior to 5.10.219-208.866. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2024-065 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: Fix potential...

Amazon Linux 2 : kernel (ALASKERNEL-5.15-2024-047)

The version of kernel installed on the remote host is prior to 5.15.161-106.159. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2024-047 advisory. In the Linux kernel, the following vulnerability has been resolved: Input: cyapa - add missing input cor...

Amazon Linux 2 : httpd (ALAS-2024-2606)

The version of httpd installed on the remote host is prior to 2.4.62-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2606 advisory. A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based...

Amazon Linux 2 : squid (ALAS-2024-2609)

The version of squid installed on the remote host is prior to 3.5.20-17. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2609 advisory. Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-079)

The version of kernel installed on the remote host is prior to 5.4.274-187.369. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2024-079 advisory. In the Linux kernel, the following vulnerability has been resolved: vt: fix memory overlapping when deleti...

Amazon Linux 2 : gtk2 (ALAS-2024-2603)

The version of gtk2 installed on the remote host is prior to 2.24.31-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2603 advisory. gtk3: gtk2: Library injection from CWD CVE-2024-6655 Tenable has extracted the preceding description block directly from the tested...

Amazon Linux 2 : vte291 (ALAS-2024-2610)

The version of vte291 installed on the remote host is prior to 0.52.2-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2610 advisory. GNOME VTE before 0.76.3 allows an attacker to cause a denial of service memory consumption via a window resize escape sequence, a...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2024-050 (ALASKERNEL-5.15-2024-050)

The version of kernel installed on the remote host is prior to 5.15.164-108.161. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2024-050 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix a use-after-free...

Amazon Linux 2 : kernel (ALASKERNEL-5.15-2024-048)

The version of kernel installed on the remote host is prior to 5.15.158-103.164. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2024-048 advisory. In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify a...

Amazon Linux 2 : gtk3 (ALAS-2024-2602)

The version of gtk3 installed on the remote host is prior to 3.22.30-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2602 advisory. gtk3: gtk2: Library injection from CWD CVE-2024-6655 Tenable has extracted the preceding description block directly from the tested...

Amazon Linux 2 : thunderbird (ALAS-2024-2617)

The version of thunderbird installed on the remote host is prior to 115.12.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2617 advisory. A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured...

Amazon Linux 2 : bind (ALAS-2024-2616)

The version of bind installed on the remote host is prior to 9.11.4-26.P2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2616 advisory. Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname of any RTYPE...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2024-077 (ALASKERNEL-5.4-2024-077)

The version of kernel installed on the remote host is prior to 5.4.278-191.377. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2024-077 advisory. In the Linux kernel, the following vulnerability has been resolved: tcp: fix a signed-integer-overflow bug...

Amazon Linux 2 : tomcat (ALASTOMCAT8.5-2024-020)

The version of tomcat installed on the remote host is prior to 8.5.100-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2TOMCAT8.5-2024-020 advisory. Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When...

Amazon Linux 2 : containerd (ALASDOCKER-2024-041)

The version of containerd installed on the remote host is prior to 1.7.20-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2024-041 advisory. 2024-08-27: CVE-2024-24790 was added to this advisory. 2024-08-14: CVE-2023-47108 was removed from this advisory...

Amazon Linux 2 : containerd (ALASNITRO-ENCLAVES-2024-042)

The version of containerd installed on the remote host is prior to 1.7.20-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2024-042 advisory. 2024-08-27: CVE-2024-24790 was added to this advisory. 2024-08-09: CVE-2023-47108 was removed from this...

Amazon Linux 2 : nerdctl (ALAS-2024-2618)

The version of nerdctl installed on the remote host is prior to 1.7.6-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2618 advisory. 2024-08-28: CVE-2024-24790 was added to this advisory. A malicious HTTP sender can use chunk extensions to cause a receive...

Amazon Linux 2 : openssl11 (ALAS-2024-2621)

The version of openssl11 installed on the remote host is prior to 1.1.1g-12. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2621 advisory. openssl: Use After Free with SSLfreebuffers CVE-2024-4741 Issue summary: Calling the OpenSSL API function...

Important: gtk3

Issue Overview: gtk3: gtk2: Library injection from CWD CVE-2024-6655 Affected Packages: gtk3 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update gtk3 to upda...

Medium: vte291

Issue Overview: GNOME VTE before 0.76.3 allows an attacker to cause a denial of service memory consumption via a window resize escape sequence, a related issue to CVE-2000-0476. CVE-2024-37535 Affected Packages: vte291 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit...