Medium: nerdctl

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

Medium: vte291

Issue Overview: GNOME VTE before 0.76.3 allows an attacker to cause a denial of service memory consumption via a window resize escape sequence, a related issue to CVE-2000-0476. CVE-2024-37535 Affected Packages: vte291 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit...

Medium: thunderbird

Issue Overview: A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above CVE-2023-6349 Affected Packages: thunderbird Note:...

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: md: fix kmemleak of rdev-serial CVE-2024-26900 In the Linux kernel, the following vulnerability has been resolved: dyndbg: fix old BUGON in control parser CVE-2024-35947 In the Linux kernel, the following...

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: disallow timeout for anonymous sets CVE-2023-52620 In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add NULL ptr dereference checking at the end of attrallocatefra...

Important: rust

Issue Overview: RUSTSEC-2024-0006 NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0006.html NOTE: https://github.com/comex/rust-shlex/security/advisories/GHSA-r7qv-8r2h-pg27 Affected Packages: rust Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section f...

Low: indent

Issue Overview: A flaw was found in Indent. This issue may allow a local user to use a specially-crafted file to trigger a heap-based buffer overflow, which can lead to an application crash. CVE-2024-0911 Affected Packages: indent Issue Correction: Run dnf update indent --releasever 2023.3.202402...

Medium: kernel

Issue Overview: A flaw has been found in Xen. An unprivileged guest can cause Denial of Service DoS of the host by sending network packets to the backend, causing the backend to crash. CVE-2023-46838 A Null pointer dereference problem was found in idafree in lib/idr.c in the Linux Kernel. This...

Medium: nginx

Issue Overview: The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local...

Medium: kernel

Issue Overview: 2023-07-06: The severity level was changed from important to medium. A flaw was found in the handling of stack expansion in the Linux kernel 6.1 through 6.4, aka "Stack Rot". The maple tree, responsible for managing virtual memory areas, can undergo node replacement without proper...

Important: openssl

Issue Overview: The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve...

Important: mariadb105

Issue Overview: Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

Low: wget

Issue Overview: No CVE associated with this advisory Affected Packages: wget Issue Correction: Run dnf update wget --releasever 2023.0.20230322 or dnf update --advisory ALAS2023-2023-012 --releasever 2023.0.20230322 to update your system. More information on how to update your system can be found...

Important: kernel

Issue Overview: A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol L2TP. A missing lock when clearing skuserdata can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service. CVE-2022-4129 In...

Important: kernel

Issue Overview: A use-after-free flaw was found in the Linux kernel's NFC LLCP protocol implementation in the way the user performs manipulation with an unknown input for the llcpsockbind function. This flaw allows a local user to crash or escalate their privileges on the system. CVE-2020-25670 A...

Important: kernel

Issue Overview: A flaw was found in the Linux kernel. When reusing a socket with an attached dccpshctxccid as a listener, the socket will be used after being released leading to denial of service DoS or a potential code execution. The highest threat from this vulnerability is to data...

Important: ca-certificates

Issue Overview: Update of ca-certificates to version 2018.2.22-65.1.24.amzn1 addresses the expiring IdentTrust DST Root CA X3, which affected some Let's Encrypt TLS certificates. The effect of the expiring certificate would be an inability of OpenSSL to validate impacted certificates issued by...

Important: nerdctl

Issue Overview: An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state a...

Important: nerdctl

Issue Overview: An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state a...

Important: amazon-cloudwatch-agent

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

Important: runfinch-finch

Issue Overview: An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state a...

Important: runfinch-finch

Issue Overview: An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state a...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: i40e: remove read access to debugfs files CVE-2025-39901 In the Linux kernel, the following vulnerability has been resolved: exfat: validate cluster allocation bits of the allocation bitmap CVE-2025-40307 In the...

Important: dnsmasq

Issue Overview: A Denial of Service DoS vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet. CVE-2026-4890 A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause...

Important: python-pillow

Issue Overview: Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0. CVE-2026-42308 Pillow is...

Medium: libsoup

Issue Overview: OOB Read via Integer Overflow on libsoup through libsoup/websocket/soup-websocket-connection.c via processframe leads to Undefined Behavior CVE-2026-0716 A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF Carriage Return Line Feed Injection,...

Important: python-twisted

Issue Overview: The twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending a crafted TCP DNS packet containing deeply chained compression pointers. This flaw bypasse...

Important: kernel-livepatch-6.1.170-213.321

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/rds: reset opnents when zerocopy page pin fails CVE-2026-43494 Affected Packages: kernel-livepatch-6.1.170-213.321 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Important: kernel-livepatch-6.1.168-203.330

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/rds: reset opnents when zerocopy page pin fails CVE-2026-43494 Affected Packages: kernel-livepatch-6.1.168-203.330 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Important: mod_http2

Issue Overview: Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. CVE-2026-23918 Affected Packages: modhttp2 Issue Correction: Run dnf...

Important: containerd

Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

Important: kernel-livepatch-5.10.253-252.1015

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through pskbcopy CVE-2026-46300 Affected Packages: kernel-livepatch-5.10.253-252.1015 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Important: nerdctl

Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

Important: kernel-livepatch-6.18.25-52.107

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through pskbcopy CVE-2026-46300 Affected Packages: kernel-livepatch-6.18.25-52.107 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Important: kernel-livepatch-6.18.16-18.222

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/rds: reset opnents when zerocopy page pin fails CVE-2026-43494 Affected Packages: kernel-livepatch-6.18.16-18.222 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Important: kernel-livepatch-5.10.253-252.1016

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/rds: reset opnents when zerocopy page pin fails CVE-2026-43494 Affected Packages: kernel-livepatch-5.10.253-252.1016 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Medium: ImageMagick

Issue Overview: Stack buffer overflow in XTileImage CVE-2026-42050 Affected Packages: ImageMagick Issue Correction: Run dnf update ImageMagick --releasever 2023.11.20260514 or dnf update --advisory ALAS2023-2026-1704 --releasever 2023.11.20260514 to update your system. More information on how to...

Important: kernel6.12

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through pskbcopy CVE-2026-46300 Affected Packages: kernel6.12 Issue Correction: Run dnf update kernel6.12 --releasever 2023.11.20260514 or dnf update --advisory...

Low: aws-cfn-bootstrap

Issue Overview: No CVE associated with this advisory Affected Packages: aws-cfn-bootstrap Issue Correction: Run dnf update aws-cfn-bootstrap --releasever 2023.11.20260514 or dnf update --advisory ALAS2023-2026-1662 --releasever 2023.11.20260514 to update your system. More information on how to...

Medium: perl-Text-CSV_XS

Issue Overview: CSVXS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption. CVE-2026-7111 Affected Packages: perl-Text-CSVXS Issue Correction: Run dnf update perl-Text-CSVXS --releasever...

Important: python-pip

Issue Overview: pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update...

Medium: nss

Issue Overview: Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. CVE-2026-6766 Other issue in the Libraries component in NSS. This vulnerability was fixed in Firefox 150,...

Important: thunderbird

Issue Overview: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox ESR 140.10.1. CVE-2026-7321 Memory safety bugs present in Firefox ESR 115.35.0, Firefox ESR 140.10.0, Thunderbird ESR 140.10.0, Firefox 150.0.0 and...

Important: docker

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

Important: kernel-livepatch-6.12.80-106.156

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags "Dirty Frag" and other issues in Amazon Linux kernels: https://aws.amazon.com/security/security-bulletins/2026-027-aws/ CVE-2026-43284 Affected Packages:...

Important: kernel-livepatch-6.12.68-92.122

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags "Dirty Frag" and other issues in Amazon Linux kernels: https://aws.amazon.com/security/security-bulletins/2026-027-aws/ CVE-2026-43284 Affected Packages:...

Important: kernel-livepatch-6.1.168-203.330

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags "Dirty Frag" and other issues in Amazon Linux kernels: https://aws.amazon.com/security/security-bulletins/2026-027-aws/ CVE-2026-43284 Affected Packages:...

Important: kernel-livepatch-6.1.164-196.303

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags "Dirty Frag" and other issues in Amazon Linux kernels: https://aws.amazon.com/security/security-bulletins/2026-027-aws/ CVE-2026-43284 Affected Packages:...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags "Dirty Frag" and other issues in Amazon Linux kernels: https://aws.amazon.com/security/security-bulletins/2026-027-aws/ CVE-2026-43284 Affected Packages: kerne...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags "Dirty Frag" and other issues in Amazon Linux kernels: https://aws.amazon.com/security/security-bulletins/2026-027-aws/ CVE-2026-43284 In the Linux kernel, the...