Amazon Linux 2023 : libsoup3, libsoup3-devel (ALAS2023-2026-1393)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1393 advisory. A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an...

Amazon Linux 2023 : nodejs22, nodejs22-devel, nodejs22-full-i18n (ALAS2023-2026-1403)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1403 advisory. Bypass File System Permissions using crafted symlinks CVE-2025-55130 A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using th...

Important: kernel6.12

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: use dstdevrcu in sksetupcaps CVE-2025-40170 In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: add seqadj extension for natted connections CVE-2025-68206 In the Linux kernel...

Amazon Linux 2 : cri-tools, --advisory ALAS2-2026-3135 (ALAS-2026-3135)

The version of cri-tools installed on the remote host is prior to 1.32.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3135 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary Z...

Amazon Linux 2 : nerdctl, --advisory ALAS2-2026-3146 (ALAS-2026-3146)

The version of nerdctl installed on the remote host is prior to 2.2.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3146 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP...

Important: python3-urllib3

Issue Overview: urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression...

Amazon Linux 2023 : nerdctl (ALAS2023-2026-1401)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1401 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processe...

Amazon Linux 2 : golang, --advisory ALAS2-2026-3136 (ALAS-2026-3136)

The version of golang installed on the remote host is prior to 1.24.12-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3136 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP...

Important: libsoup

Issue Overview: A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: tcpmetrics: use dstdevnetrcu CVE-2025-40075 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.4 Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this...

Medium: nerdctl

Issue Overview: SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. CVE-2025-47914 SSH servers parsing GSSAPI authentication requests do not validate the number...

Amazon Linux 2 : aws-nitro-enclaves-cli, --advisory ALAS2NITRO-ENCLAVES-2026-086 (ALASNITRO-ENCLAVES-2026-086)

The version of aws-nitro-enclaves-cli installed on the remote host is prior to 1.4.4-0. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2026-086 advisory. openssl: rust-openssl Use-After-Free in Md::fetch and Cipher::fetch CVE-2025-3416 Tenable has extracted...

Amazon Linux 2 : ImageMagick, --advisory ALAS2-2026-3132 (ALAS-2026-3132)

The version of ImageMagick installed on the remote host is prior to 6.9.10.97-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3132 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to...

Amazon Linux 2023 : nerdctl (ALAS2023-2026-1400)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1400 advisory. SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2026-117 (ALASKERNEL-5.4-2026-117)

The version of kernel installed on the remote host is prior to 5.4.302-222.455. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.4-2026-117 advisory. In the Linux kernel, the following vulnerability has been resolved: tcpmetrics: use dstdevnetrcu CVE-2025-40075...

Amazon Linux 2 : rsync, --advisory ALAS2-2026-3157 (ALAS-2026-3157)

The version of rsync installed on the remote host is prior to 3.1.2-11. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3157 advisory. A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a...

Amazon Linux 2 : amazon-ecr-credential-helper, --advisory ALAS2ECS-2026-095 (ALASECS-2026-095)

The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.11.0-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-095 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service whe...

Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2026-1374)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1374 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processe...

Amazon Linux 2023 : libpng, libpng-devel, libpng-static (ALAS2023-2026-1390)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1390 advisory. LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-rea...

Important: golang

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 cmd/go: bypass of flag sanitization ca...