Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags "Dirty Frag" and other issues in Amazon Linux kernels: https://aws.amazon.com/security/security-bulletins/2026-027-aws/ CVE-2026-43284 In the Linux kernel, the...

Important: kernel-livepatch-6.12.74-98.124

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - Revert to operating out-of-place To mitigate this issue, we recommend that customers disable loading of the algifaead module by running the following commands: echo "install algifaead /bin/fals...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - Revert to operating out-of-place To mitigate this issue, we recommend that customers disable loading of the algifaead module by running the following commands as an administrator user: echo...

Important: python3.14

Issue Overview: When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters. CVE-2026-0672 The fix for CVE-2026-0672, which rejected control characters...

Medium: libvncserver

Issue Overview: LibVNCServer versions 0.9.15 and prior fixed in commit 009008e contain a heap out-of-bounds read vulnerability in the UltraZip encoding handler that allows a malicious VNC server to cause information disclosure or application crash. Attackers can exploit improper bounds checking i...

Important: amazon-efs-utils

Issue Overview: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used...

Important: corosync

Issue Overview: A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol UDP packet. This can lead to an out-of-bounds read, causing a...

Medium: gvfs

Issue Overview: A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its passive mode PASV response. The client unconditionally trusts this information and attempts to connect to the specified endpoint,...

Important: kernel-livepatch-5.10.245-245.983

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: usb: qmiwwan: initialize MAC header offset in qmimuxrxfixup CVE-2025-68192 Affected Packages: kernel-livepatch-5.10.245-245.983 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: scsi: core: ufs: Fix a hang in the error handler CVE-2025-38119 In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton against conversion to 0 bits CVE-2025-38556 In the Linux...

Medium: containerd

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

Medium: firefox

Issue Overview: HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if hbmalloc returns NULL before using placement new to construc...

Important: gnupg2

Issue Overview: In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys. CVE-2026-24882 Affected Packages: gnupg2 Issue Correction: Run dnf update gnupg2 --releasever 2023.10.20260216 or dnf update...

Important: gnupg2

Issue Overview: In GnuPG before 2.4.9, armorfilter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. For ExtendedLTS, 2.2.51 and later are fixed versions. CVE-2025-68973 Affected Packages: gnupg2 Issue Correction: Ru...

Important: docker

Issue Overview: SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. CVE-2025-47914 SSH servers parsing GSSAPI authentication requests do not validate the number...

Important: docker

Issue Overview: SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. CVE-2025-47914 SSH servers parsing GSSAPI authentication requests do not validate the number...

Important: ansible

Issue Overview: A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure IE of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these...

Medium: soci-snapshotter

Issue Overview: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not...

Medium: audiofile

Issue Overview: Audiofile v0.3.7 was discovered to contain a NULL pointer dereference via the ModuleState::setup function. CVE-2025-50950 Affected Packages: audiofile Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Cor...

Important: tomcat9

Issue Overview: Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could...

Medium: python-pip

Issue Overview: When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by usin...

Medium: libtiff

Issue Overview: Multiple potential integer overflow in tiffcp.c in libtiff = 4.5.1 can allow remote attackers to cause a denial of service application crash or possibly execute an arbitrary code via a crafted tiff image which triggers a heap-based buffer overflow. CVE-2023-40745 libtiff up to...

Important: gimp

Issue Overview: A parsing vulnerability was found in the GNU Image Manipulation Program GIMP. This flaw allows an unauthenticated, remote attacker to trick a GIMP user into opening a malicious PSD file, possibly enabling the execution of unauthorized code within the GIMP process. CVE-2023-44442...

Important: tomcat10

Issue Overview: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or...

Medium: libblockdev

Issue Overview: LPE from allowactive to root in libblockdev via udisks CVE-2025-6019 Affected Packages: libblockdev Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run...

Important: containerd

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

Medium: tomcat9

Issue Overview: Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, fr...

Important: kernel-livepatch-6.1.134-150.224

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix potential memory corruption in nvmetcprecvpdu CVE-2025-21927 Affected Packages: kernel-livepatch-6.1.134-150.224 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Important: cri-tools

Issue Overview: The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. CVE-2024-24790 The net/http package accepted data in the chunked transfer encoding...

Important: tomcat10

Issue Overview: Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: btrfs: do not clean up repair bio if submit fails CVE-2022-49168 In the Linux kernel, the following vulnerability has been resolved: bfq: Update cgroup information before merging bio CVE-2022-49413 In the Linux...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: btrfs: handle errors from btrfsdecref properly CVE-2024-46753 In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: extend RCU protection in igmp6send CVE-2025-21759 In the Linux kernel,...

Medium: pcs

Issue Overview: Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This...

Medium: nerdctl

Issue Overview: Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: Squashfs: check the inode number is not the invalid value of zero CVE-2024-26982 In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix bfqq uaf in bfqlimitdepth CVE-2024-53166 In the...

Medium: python-pip

Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...

Medium: python3.11-pip

Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...

Medium: rust

Issue Overview: The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::sethost. CVE-2023-53159 Affected Packages: rust Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference...

Medium: iniparser

Issue Overview: Heap-based Buffer Overflow vulnerability in iniparserdumpsectionini in iniparser allows attacker to read out of bound memory CVE-2025-0633 Affected Packages: iniparser Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the differenc...

Important: thunderbird

Issue Overview: Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100. CVE-2022-29912 The parent process would not properly check whether the Speech Synthesis feature is...

Medium: python-pillow

Issue Overview: Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library PIL 1.1.7 and earlier allows remote attackers to cause a denial of service crash via a crafted PhotoCD file. CVE-2016-2533 Affected Packages: python-pillow Note: This...

Medium: binutils

Issue Overview: https://www.gnu.org/software/binutils/ nm =2.43 is affected by: Incorrect Access Control. The type of exploitation is: local. The component is: nm --without-symbol-version function. CVE-2024-57360 A vulnerability, which was classified as problematic, was found in GNU Binutils up t...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix bfqq uaf in bfqlimitdepth CVE-2024-53166 In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix NULL pointer dereference on certain command aborts CVE-2024-57981 In the...

Important: emacs

Issue Overview: A flaw was found in the Emacs text editor. Improper handling of custom "man" URI schemes allows attackers to execute arbitrary shell commands by tricking users into visiting a specially crafted website or an HTTP URL with a redirect. CVE-2025-1244 Affected Packages: emacs Note: Th...

Important: amazon-cloudwatch-agent

Issue Overview: Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. CVE-2024-34155 Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a...

Medium: expat

Issue Overview: An issue was discovered in libexpat before 2.6.4. There is a crash within the XMLResumeParser function because XMLStopParser can stop/suspend an unstarted parser. CVE-2024-50602 Affected Packages: expat Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit...

Medium: ghostscript

Issue Overview: PS interpreter - check Indexed colour space index NOTE: https://bugs.ghostscript.com/showbug.cgi?id=707990 NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=85bd9d2f4b792fe67aef22f1a4117457461b8ba6 NOTE:...

Low: gsl

Issue Overview: GSL GNU Scientific Library through 2.8 has an integer signedness error in gslsimansolvemany in siman/siman.c. When params.ntries is negative, incorrect memory allocation occurs. CVE-2024-50610 Affected Packages: gsl Issue Correction: Run dnf update gsl --releasever 2023.6.20250218...

Important: ecs-service-connect-agent

Issue Overview: Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions sendOverloadError is going to assume the active request exists when envoy.loadshedpoints.http1serverabortdispatch is configured. If activerequest is nullptr, only onMessageBeginImpl is called...

Medium: haproxy

Issue Overview: Inconsistent interpretation of HTTP requests 'HTTP Request/Response Smuggling' issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL Access Control List set on the product. As a result, the attacker may obtain...