Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2026-1381)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1381 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processe...

Amazon Linux 2 : libsoup, --advisory ALAS2-2026-3142 (ALAS-2026-3142)

The version of libsoup installed on the remote host is prior to 2.56.0-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3142 advisory. A flaw in libsoup's HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-sid...

Amazon Linux 2023 : python3-pyasn1, python3-pyasn1-modules (ALAS2023-2026-1417)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1417 advisory. pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. Th...

Amazon Linux 2 : libxml2, --advisory ALAS2-2026-3144 (ALAS-2026-3144)

The version of libxml2 installed on the remote host is prior to 2.9.1-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3144 advisory. A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the...

Amazon Linux 2023 : captree, libcap, libcap-devel (ALAS2023-2026-1389)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1389 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processe...

Amazon Linux 2 : kernel, --advisory ALAS2-2026-3161 (ALAS-2026-3161)

The version of kernel installed on the remote host is prior to 4.14.355-280.713. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3161 advisory. In the Linux kernel, the following vulnerability has been resolved: net: iptunnel: prevent perpetual headroom grow...

Amazon Linux 2 : python-pip, --advisory ALAS2-2026-3147 (ALAS-2026-3147)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3147 advisory. urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire respon...

Amazon Linux 2023 : python3-pip, python3-pip-wheel (ALAS2023-2026-1416)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1416 advisory. urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire...

Amazon Linux 2023 : python3.13-pip, python3.13-pip-wheel (ALAS2023-2026-1413)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1413 advisory. urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire...

Amazon Linux 2023 : unzip (ALAS2023-2026-1422)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1422 advisory. Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service resource consumption, aka a better zip bomb issue. CVE-2019-13232 Tenable has extracted the...

Amazon Linux 2023 : libsoup3, libsoup3-devel (ALAS2023-2026-1394)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1394 advisory. A flaw in libsoup's HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, ...

Medium: golist

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

Medium: soci-snapshotter

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

Medium: libcap

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

Medium: golist

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: tcpmetrics: use dstdevnetrcu CVE-2025-40075 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.15 Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this...

Important: kernel-livepatch-6.1.158-180.294

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: remove never-working support for setting nsh fields CVE-2025-40254 Affected Packages: kernel-livepatch-6.1.158-180.294 Issue Correction: Please ensure you have live patching enabled. Run dnf upda...

Important: libsoup

Issue Overview: A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This...

Important: kernel6.12

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: use dstdevrcu in sksetupcaps CVE-2025-40170 In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: add seqadj extension for natted connections CVE-2025-68206 In the Linux kernel...

Important: python3-urllib3

Issue Overview: urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression...