Important: amazon-ssm-agent

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

Medium: openjpeg2

Issue Overview: openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c. CVE-2025-50952 Affected Packages: openjpeg2 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core a...

Medium: LibRaw

Issue Overview: There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system. CVE-2021-3624 Affected Packages: LibRaw Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

Important: microcode_ctl

Issue Overview: A potential security vulnerability in some Intelr Processors may allow information disclosure. Intel is releasing microcode updates and prescriptive guidance to mitigate this potential vulnerability. Info:...

Medium: gstreamer1-plugins-base

Issue Overview: In GStreamer through 1.26.1, the subparse plugin's parsesubriptime function may write data past the bounds of a stack buffer, leading to a crash. CVE-2025-47806 In GStreamer through 1.26.1, the subparse plugin's subripunescapeformatting function may dereference a NULL pointer whil...

Important: microcode_ctl

Issue Overview: Improper buffer restrictions for some IntelR XeonR Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2025-20053 Missing reference to active allocated resource for some IntelR XeonR processors may all...

Important: kernel-livepatch-5.10.238-234.956

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ACPICA: Refuse to evaluate a method if arguments are missing CVE-2025-38386 Affected Packages: kernel-livepatch-5.10.238-234.956 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Amazon Linux 2 : gstreamer1-plugins-good, --advisory ALAS2-2025-3003 (ALAS-2025-3003)

The version of gstreamer1-plugins-good installed on the remote host is prior to 1.18.4-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3003 advisory. GStreamer is a library for constructing graphs of media-handling components. The function qtdemuxparsesbg...

Amazon Linux 2 : giflib, --advisory ALAS2-2025-2998 (ALAS-2025-2998)

The version of giflib installed on the remote host is prior to 4.1.6-9. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2998 advisory. A memory leak out-of-memory in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception ...

Amazon Linux 2 : microcode_ctl, --advisory ALAS2-2025-2993 (ALAS-2025-2993)

The version of microcodectl installed on the remote host is prior to 2.1-47. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2993 advisory. Improper buffer restrictions for some IntelR XeonR Processor firmware with SGX enabled may allow a privileged user to...

Important: kernel-livepatch-5.10.239-236.958

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ACPICA: Refuse to evaluate a method if arguments are missing CVE-2025-38386 Affected Packages: kernel-livepatch-5.10.239-236.958 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2025-109 (ALASKERNEL-5.4-2025-109)

The version of kernel installed on the remote host is prior to 5.4.298-218.429. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2025-109 advisory. In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: idle: Check...

Amazon Linux 2 : ImageMagick, --advisory ALAS2-2025-3000 (ALAS-2025-3000)

The version of ImageMagick installed on the remote host is prior to 6.9.10.97-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3000 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version...

Amazon Linux 2 : kernel, --advisory ALAS2-2025-3001 (ALAS-2025-3001)

The version of kernel installed on the remote host is prior to 4.14.355-280.684. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3001 advisory. In the Linux kernel, the following vulnerability has been resolved: mm/khugepaged: fix -anonvma race CVE-2023-5293...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2025-089 (ALASKERNEL-5.15-2025-089)

The version of kernel installed on the remote host is prior to 5.15.191-132.213. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2025-089 advisory. In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: idle: Check...

Amazon Linux 2 : redis, --advisory ALAS2REDIS6-2025-014 (ALASREDIS6-2025-014)

The version of redis installed on the remote host is prior to 6.2.14-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2REDIS6-2025-014 advisory. TOCTOU in linenoiseHistorySave in linenoise allows local attackers to overwrite arbitrary files and change permissions via a...

Amazon Linux 2 : memcached, --advisory ALAS2MEMCACHED1.5-2025-001 (ALASMEMCACHED1.5-2025-001)

The version of memcached installed on the remote host is prior to 1.5.17-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2MEMCACHED1.5-2025-001 advisory. Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows attackers to cause a denial of service via crafted...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2025-102 (ALASKERNEL-5.10-2025-102)

The version of kernel installed on the remote host is prior to 5.10.240-238.955. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.10-2025-102 advisory. In the Linux kernel, the following vulnerability has been resolved: ACPICA: Refuse to evaluate a method if...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2025-088 (ALASKERNEL-5.15-2025-088)

The version of kernel installed on the remote host is prior to 5.15.189-131.211. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2025-088 advisory. In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: check if the new...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2025-103 (ALASKERNEL-5.10-2025-103)

The version of kernel installed on the remote host is prior to 5.10.240-238.966. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2025-103 advisory. In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: check if the new...