Medium: thunderbird

Issue Overview: A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above CVE-2023-6349 Affected Packages: thunderbird Note:...

Low: protobuf-c

Issue Overview: Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parsetagandwiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service DoS via unspecified vectors. CVE-2022-33070 Affected Packages: protobuf-c Note:...

Low: protobuf-c

Issue Overview: Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parsetagandwiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service DoS via unspecified vectors. CVE-2022-33070 Affected Packages: protobuf-c Note:...

Important: gtk2

Issue Overview: gtk3: gtk2: Library injection from CWD CVE-2024-6655 Affected Packages: gtk2 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update gtk2 to upda...

Low: openssl11

Issue Overview: No CVE associated with this advisory Affected Packages: openssl11 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update openssl11 to update you...

Medium: ghostscript

Issue Overview: NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=5ae2e320d69a7d0973011796bd388cd5befa1a43 ghostpdl-10.03.1 NOTE:...

Low: ca-certificates

Issue Overview: Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.05.30 and prior to 2024.07.4 recognized root certificates from GLOBALTRUST. Certifi 2024.07.04 removes ro...

Important: freeradius

Issue Overview: RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response Access-Accept, Access-Reject, or Access-Challenge to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature...

Amazon Linux 2 : docker (ALASDOCKER-2024-040)

The version of docker installed on the remote host is prior to 25.0.6-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2024-040 advisory. 2025-01-04: CVE-2024-36620 was added to this advisory. 2025-01-04: CVE-2024-36623 was added to this advisory...

Amazon Linux 2 : docker (ALASNITRO-ENCLAVES-2024-041)

The version of docker installed on the remote host is prior to 25.0.6-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2024-041 advisory. 2025-01-04: CVE-2024-36620 was added to this advisory. 2025-01-04: CVE-2024-36623 was added to this advisory...

Amazon Linux 2 : edk2 (ALAS-2024-2591)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2591 advisory. Issue summary: Calling the OpenSSL API function SSLselectnextproto with anempty supported client protocols buffer may cause a crash or memory contents tobe sent to the peer. Impact summary: A buffer...

Amazon Linux 2 : java-11-amazon-corretto (ALAS-2024-2599)

The version of java-11-amazon-corretto installed on the remote host is prior to 11.0.24+8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2599 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product...

Amazon Linux 2 : java-17-amazon-corretto (ALAS-2024-2600)

The version of java-17-amazon-corretto installed on the remote host is prior to 17.0.12+7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2600 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product...

Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2024-038)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.29.6.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2024-038 advisory. dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context du...

Amazon Linux 2 : kernel (ALASKERNEL-5.15-2024-045)

The version of kernel installed on the remote host is prior to 5.15.161-106.159. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.15-2024-045 advisory. In the Linux kernel, the following vulnerability has been resolved: net: fix dstnegativeadvice race CVE-2024-3697...

Amazon Linux 2 : golang (ALAS-2024-2598)

The version of golang installed on the remote host is prior to 1.22.5-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2598 advisory. The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an Expect: 100-continue header with a...

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-064)

The version of kernel installed on the remote host is prior to 5.10.220-209.867. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2024-064 advisory. 2024-12-05: CVE-2022-48827 was added to this advisory. 2024-12-05: CVE-2022-48828 was added to this...

Amazon Linux 2 : java-1.8.0-amazon-corretto (ALASCORRETTO8-2024-013)

The version of java-1.8.0-amazon-corretto installed on the remote host is prior to 1.8.0422.b05-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2CORRETTO8-2024-013 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-075)

The version of kernel installed on the remote host is prior to 5.4.278-191.377. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.4-2024-075 advisory. In the Linux kernel, the following vulnerability has been resolved: net: fix dstnegativeadvice race CVE-2024-36971...

Amazon Linux 2 : nano (ALAS-2024-2590)

The version of nano installed on the remote host is prior to 2.9.8-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2590 advisory. nano: running chmod and chown on the filename allows malicious user to replace the emergency file with a malicious symlink to a...