Amazon Linux 2 : kernel (ALAS-2024-2542)

The version of kernel installed on the remote host is prior to 4.14.343-261.564. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2542 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: exthdr: fix 4-byte stack OOB write...

Amazon Linux 2 : golang, --advisory ALAS2-2024-2545 (ALAS-2024-2545)

The version of golang installed on the remote host is prior to 1.13.4-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2545 advisory. Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key...

Amazon Linux 2 : flatpak (ALAS-2024-2538)

The version of flatpak installed on the remote host is prior to 1.0.9-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2538 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9,...

Important: unbound

Issue Overview: An issue was discovered in some DNS recursive resolvers that allows remote attackers to cause a denial of service using a maliciously designed authority and response amplification. CVE-2024-33655 Affected Packages: unbound Note: This advisory is applicable to Amazon Linux 2 AL2 Co...

Amazon Linux 2 : unbound (ALAS-2024-2536)

The version of unbound installed on the remote host is prior to 1.7.3-15. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2536 advisory. An issue was discovered in some DNS recursive resolvers that allows remote attackers to cause a denial of service using a...

Amazon Linux 2 : python3 (ALAS-2024-2541)

The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2541 advisory. An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18...

Medium: jose

Issue Overview: latchset jose through version 11 allows attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value. CVE-2023-50967 Affected Packages: jose Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the...

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: locking/qrwlock: Fix ordering in queuedwritelockslowpath CVE-2021-46921 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.4 Extra. Visit this page to learn more about Amazon...

Medium: curl

Issue Overview: When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protoco...

Amazon Linux 2 : jose (ALAS-2024-2529)

The version of jose installed on the remote host is prior to 10-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2529 advisory. latchset jose through version 11 allows attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value...

Amazon Linux 2 : java-17-amazon-corretto (ALAS-2024-2528)

The version of java-17-amazon-corretto installed on the remote host is prior to 17.0.11+9-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2528 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product...

Amazon Linux 2 : libreoffice (ALASLIBREOFFICE-2024-003)

The version of libreoffice installed on the remote host is prior to 5.3.6.1-21. It is, therefore, affected by a vulnerability as referenced in the ALAS2LIBREOFFICE-2024-003 advisory. Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an...

Amazon Linux 2 : java-1.8.0-amazon-corretto (ALASCORRETTO8-2024-011)

The version of java-1.8.0-amazon-corretto installed on the remote host is prior to 1.8.0412.b08-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2CORRETTO8-2024-011 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle...

Amazon Linux 2 : ruby (ALAS-2024-2534)

The version of ruby installed on the remote host is prior to 2.0.0.648-36. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2534 advisory. An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PAS...

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-055)

The version of kernel installed on the remote host is prior to 5.10.29-27.128. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.10-2024-055 advisory. In the Linux kernel, the following vulnerability has been resolved: locking/qrwlock: Fix ordering in...

Amazon Linux 2 : java-11-amazon-corretto (ALAS-2024-2527)

The version of java-11-amazon-corretto installed on the remote host is prior to 11.0.23+9-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2527 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product...

Amazon Linux 2 : glibc (ALAS-2024-2521)

The version of glibc installed on the remote host is prior to 2.26-64. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2521 advisory. The iconv function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when...

Amazon Linux 2 : nghttp2 (ALAS-2024-2523)

The version of nghttp2 installed on the remote host is prior to 1.41.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2523 advisory. nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps...

Amazon Linux 2 : bind (ALAS-2024-2530)

The version of bind installed on the remote host is prior to 9.11.4-26.P2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2530 advisory. Certain DNSSEC aspects of the DNS protocol in RFC 4035 and related RFCs allow remote attackers to cause a denial of...

Amazon Linux 2 : httpd (ALAS-2024-2532)

The version of httpd installed on the remote host is prior to 2.4.59-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2532 advisory. Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP...