Amazon Linux 2023 : freerdp, freerdp-devel, freerdp-libs (ALAS2023-2026-1643)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1643 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Versions prior to 3.25.0 have an off-by- one in the path traversal filter in channels/drive/client/drivefile.c. The containsdotdot...

Amazon Linux 2023 : dnsmasq, dnsmasq-utils (ALAS2023-2026-1516)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1516 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks...

Amazon Linux 2023 : wireshark-cli, wireshark-devel (ALAS2023-2026-1677)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1677 advisory. RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution CVE-2026-5405 Tenable has extracted the preceding description block...

Amazon Linux 2023 : libpng, libpng-devel, libpng-static (ALAS2023-2026-1670)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1670 advisory. Use-after-free in pngsetPLTE, pngsettRNS and pngsethIST in libpng before 1.6.57. Passing a pointer returned by the corresponding getter back into the setter causes the setter to read from a stale point...

Amazon Linux 2023 : python3.11-pip, python3.11-pip-wheel (ALAS2023-2026-1665)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1665 advisory. pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such...

Amazon Linux 2023 : cargo, clippy, rust (ALAS2023-2026-1676)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1676 advisory. Double-Free / Use-After-Free UAF in the IntoIter::drop and ThinVec::clear functions in the thinvec crate. A panic in ptr::dropinplace skips setting the length to zero. CVE-2026-6654 Tenable has extract...

Amazon Linux 2023 : curl, curl-minimal, libcurl (ALAS2023-2026-1699)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1699 advisory. When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory. CVE-2026-3805 Tenable has extracted the preceding description block...

Amazon Linux 2023 : nspr, nspr-devel, nss (ALAS2023-2026-1703)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1703 advisory. Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. CVE-2026-6766 Other...

Amazon Linux 2023 : firefox (ALAS2023-2026-1706)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1706 advisory. libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document. CVE-2026-41080 Tenable has extracted the preceding description block directly from the test...

Amazon Linux 2023 : perl-Text-CSV_XS (ALAS2023-2026-1697)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1697 advisory. CSVXS versions before 1.62 for Perl have a use-after-free whenregistered callbacks extend the Perl argument stack, which may enabletype confusion or memory corruption. CVE-2026-7111 Tenable has extract...

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2026-1710)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1710 advisory. In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through pskbcopy CVE-2026-46300 Tenable has extracted the preceding description block...

Amazon Linux 2023 : socat (ALAS2023-2026-1701)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1701 advisory. readline.sh in socat through 1.8.0.1 relies on the /tmp/$USER/stderr2 file. CVE-2024-54661 Tenable has extracted the preceding description block directly from the tested product security advisory. Note...

Amazon Linux 2023 : python3-pip, python3-pip-wheel (ALAS2023-2026-1689)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1689 advisory. pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferr...

Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2026-1708)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1708 advisory. In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through pskbcopy CVE-2026-46300 Tenable has extracted the preceding description block...

Amazon Linux 2023 : bpftool6.18, kernel6.18, kernel6.18-devel (ALAS2023-2026-1709)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1709 advisory. In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through pskbcopy CVE-2026-46300 Tenable has extracted the preceding description block...

Amazon Linux 2023 : ruby3.4, ruby3.4-bundled-gems, ruby3.4-default-gems (ALAS2023-2026-1690)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1690 advisory. ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB...

Amazon Linux 2023 : ImageMagick, ImageMagick-c++, ImageMagick-c++-devel (ALAS2023-2026-1704)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1704 advisory. Stack buffer overflow in XTileImage CVE-2026-42050 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Nessus has not tested for this iss...

Amazon Linux 2 : kernel, --advisory ALAS2-2026-3307 (ALAS-2026-3307)

The version of kernel installed on the remote host is prior to 4.14.355-282.729. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3307 advisory. In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through...

Amazon Linux 2023 : cuda-toolkit (ALAS2023NVIDIA-2026-278)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023NVIDIA-2026-278 advisory. NVIDIA CUDA Toolkit contains a vulnerability in command cuobjdump where a user may cause an out-of-bound write by passing in a malformed ELF file. A successful exploit of this vulnerability may le...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through pskbcopy CVE-2026-46300 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.15 Extra. Visit this page to learn more about Amaz...