Amazon Linux 2 : glib2, --advisory ALAS2-2025-3094 (ALAS-2025-3094)

The version of glib2 installed on the remote host is prior to 2.56.1-9. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3094 advisory. A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the gescapeuristring...

Amazon Linux 2 : python3, --advisory ALAS2-2025-3084 (ALAS-2025-3084)

The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3084 advisory. If the value passed to os.path.expandvars is user-controlled aperformance degradation is possible when expanding...

Amazon Linux 2 : curl, --advisory ALAS2-2025-3088 (ALAS-2025-3088)

The version of curl installed on the remote host is prior to 8.3.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3088 advisory. wcurl path traversal with percent-encoded slashes URLs containing percent-encoded slashes / or \ can trick wcurl into saving the outpu...

Amazon Linux 2 : bind, --advisory ALAS2-2025-3093 (ALAS-2025-3093)

The version of bind installed on the remote host is prior to 9.11.4-26.P2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3093 advisory. Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: NFSD: Avoid calling OPDESC with ops-opnum == OPILLEGAL CVE-2023-53680 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference...

Amazon Linux 2 : python-ldap, --advisory ALAS2-2025-3083 (ALAS-2025-3083)

The version of python-ldap installed on the remote host is prior to 2.4.15-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3083 advisory. python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitizatio...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2025-094 (ALASKERNEL-5.15-2025-094)

The version of kernel installed on the remote host is prior to 5.15.196-137.219. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2025-094 advisory. In the Linux kernel, the following vulnerability has been resolved: vfs: Don't leak disconnected dentrie...

Amazon Linux 2 : thunderbird, --advisory ALAS2-2025-3091 (ALAS-2025-3091)

The version of thunderbird installed on the remote host is prior to 140.4.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3091 advisory. A heap buffer over-read vulnerability exists in libpng's pngdoquantize function when processing PNG files with...

Amazon Linux 2 : containerd, --advisory ALAS2ECS-2025-084 (ALASECS-2025-084)

The version of containerd installed on the remote host is prior to 2.1.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2025-084 advisory. containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta...

Amazon Linux 2 : cri-tools, --advisory ALAS2-2025-3079 (ALAS-2025-3079)

The version of cri-tools installed on the remote host is prior to 1.32.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3079 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: vfs: Don't leak disconnected dentries on umount CVE-2025-40105 In the Linux kernel, the following vulnerability has been resolved: ext4: detect invalid INLINEDATA + EXTENTS flag combination CVE-2025-40167 In the...

Medium: unbound

Issue Overview: NLnet Labs Unbound up to and including version 1.24.0 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive DNS replies in the authority section can be used to trick resolvers to update their delegation information for the zone. Usually...

Amazon Linux 2 : audiofile, --advisory ALAS2-2025-3087 (ALAS-2025-3087)

The version of audiofile installed on the remote host is prior to 0.3.6-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3087 advisory. Audiofile v0.3.7 was discovered to contain a NULL pointer dereference via the ModuleState::setup function. CVE-2025-50950 Tenabl...

Amazon Linux 2 : linux-firmware, --advisory ALAS2-2025-3092 (ALAS-2025-3092)

The version of linux-firmware installed on the remote host is prior to 20200421-85.git78c0348. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3092 advisory. Improper isolation of shared resources on a system on a chip by a malicious local attacker with high...

Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2025-047 (ALASFIREFOX-2025-047)

The version of firefox installed on the remote host is prior to 140.5.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2025-047 advisory. Race condition in the Graphics component. This vulnerability affects Firefox 145, Firefox ESR 140.5, and Firefox E...

Important: glib2

Issue Overview: A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the gescapeuristring function. If the string to escape contains a very large number of unacceptable characters which would need escaping, the calculation of the length of the...

Amazon Linux 2 : exiv2, --advisory ALAS2-2025-3086 (ALAS-2025-3086)

The version of exiv2 installed on the remote host is prior to 0.27.0-4. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3086 advisory. Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata...

Amazon Linux 2 : containerd, --advisory ALAS2NITRO-ENCLAVES-2025-074 (ALASNITRO-ENCLAVES-2025-074)

The version of containerd installed on the remote host is prior to 2.1.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2025-074 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other tha...

Amazon Linux 2 : java-1.8.0-openjdk, --advisory ALAS2-2025-3072 (ALAS-2025-3072)

The version of java-1.8.0-openjdk installed on the remote host is prior to 1.8.0.472.b08-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3072 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product ...

Amazon Linux 2 : python-ldap, --advisory ALAS2-2025-3058 (ALAS-2025-3058)

The version of python-ldap installed on the remote host is prior to 2.4.15-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3058 advisory. python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5,...