Important: libcap

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

Medium: java-1.8.0-openjdk

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 a...

Important: amazon-cloudwatch-agent

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

Medium: pam

Issue Overview: A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020. CVE-2025-8941 Affected...

Important: gimp

Issue Overview: GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a...

Important: tomcat9

Issue Overview: Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could...

Important: git-lfs

Issue Overview: Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symboli...

Important: kernel-livepatch-6.12.46-66.121

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: bamdma: Fix DT error handling for num-channels/ees CVE-2025-39923 In the Linux kernel, the following vulnerability has been resolved: tcp: Clear tcpsksk-fastopenrsk in tcpdisconnect. CVE-2025-3995...

Important: kernel-livepatch-6.12.48-67.114

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: tcp: Clear tcpsksk-fastopenrsk in tcpdisconnect. CVE-2025-39955 Affected Packages: kernel-livepatch-6.12.48-67.114 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix invalid derefence of sblvbptr CVE-2022-50516 In the Linux kernel, the following vulnerability has been resolved: scsi: target: targetcoreconfigfs: Add length check to avoid buffer overflow...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix invalid derefence of sblvbptr CVE-2022-50516 In the Linux kernel, the following vulnerability has been resolved: ext4: fix possible double unlock when moving a directory CVE-2023-53626 Affected...

Important: amazon-ecr-credential-helper

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

Important: runfinch-finch

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

Important: rclone

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

Important: oci-add-hooks

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

Important: containerd

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

Important: oci-add-hooks

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

Important: runc

Issue Overview: Placeholder CVE. Details forthcoming CVE-2025-31133 net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to b...

Important: nerdctl

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

Important: kernel-livepatch-6.1.148-173.267

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix backlog accounting in qdiscdequeueinternal CVE-2025-39677 In the Linux kernel, the following vulnerability has been resolved: fs/buffer: fix use-after-free when call bhread helper CVE-2025-39691 In...

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: crypto: essiv - Check ssize for decryption and in-place encryption CVE-2025-40019 Affected Packages: kernel Issue Correction: Run dnf update kernel --releasever 2023.9.20251110 or dnf update --advisory...

Important: nerdctl

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

Low: curl

Issue Overview: Out of bounds read for cookie path NOTE: https://curl.se/docs/CVE-2025-9086.html NOTE: Introduced with: https://github.com/curl/curl/commit/f24dc09d209a2f91ca38d854f0c15ad93f3d7e2d curl-7310 NOTE: Fixed by: https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb62b45dd377113...

Medium: wireshark

Issue Overview: Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file CVE-2025-5601 Affected Packages: wireshark Issue Correction: Run dnf update wireshark --releasever 2023.9.20251110 or dnf update --advisory...

Medium: libssh

Issue Overview: NULL Pointer Dereference vulnerability in the session ID calculation logic of the libssh library. The flaw arises from improper handling of allocation errors during cryptographic operations in the key exchange KEX phase. If a memory allocation fails, the resulting NULL pointer may...

Important: kernel-livepatch-6.1.153-175.280

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: tcp: Clear tcpsksk-fastopenrsk in tcpdisconnect. CVE-2025-39955 Affected Packages: kernel-livepatch-6.1.153-175.280 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Important: kernel-livepatch-6.12.40-64.114

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix backlog accounting in qdiscdequeueinternal CVE-2025-39677 In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: bamdma: Fix DT error handling for num-channels/ees...

Medium: qt5-qt3d

Issue Overview: A weakness has been identified in Open Asset Import Library Assimp 6.0.2. This affects the function Q3DImporter::InternReadFile of the file assimp/code/AssetLib/Q3D/Q3DLoader.cpp. Executing manipulation can lead to heap-based buffer overflow. The attack needs to be launched locall...

Medium: nerdctl

Issue Overview: go-viper's mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data CVE-2025-11065 Affected Packages: nerdctl Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extra...

Important: tigervnc

Issue Overview: A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potential...

Critical: lasso

Issue Overview: A denial of service vulnerability exists in the lassoproviderverifysamlsignature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability. CVE-2025-4640...

Low: lz4

Issue Overview: No CVE associated with this advisory Affected Packages: lz4 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update lz4 or yum update --advisory...

Low: firefox

Issue Overview: No CVE associated with this advisory Affected Packages: firefox Issue Correction: Run dnf update firefox --releasever 2023.9.20251110 or dnf update --advisory ALAS2023-2025-1284 --releasever 2023.9.20251110 to update your system. More information on how to update your system can b...

Low: lz4

Issue Overview: No CVE associated with this advisory Affected Packages: lz4 Issue Correction: Run dnf update lz4 --releasever 2023.9.20251110 or dnf update --advisory ALAS2023-2025-1266 --releasever 2023.9.20251110 to update your system. More information on how to update your system can be found ...

Important: kernel-livepatch-6.1.147-172.266

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix backlog accounting in qdiscdequeueinternal CVE-2025-39677 In the Linux kernel, the following vulnerability has been resolved: fs/buffer: fix use-after-free when call bhread helper CVE-2025-39691 In...

Medium: pam

Issue Overview: A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020. CVE-2025-8941 Affected...

Important: containerd

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

Important: docker

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

Important: amazon-ecr-credential-helper

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

Important: soci-snapshotter

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

Important: docker

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

Important: webkitgtk4

Issue Overview: The issue was addressed with improved memory handling. This issue is fixed in Safari 26, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to an unexpected Safari crash. CVE-2025-43272 A correctness issue was address...

Important: oci-add-hooks

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

Important: xorg-x11-server-Xwayland

Issue Overview: A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potential...

Medium: nerdctl

Issue Overview: go-viper's mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data CVE-2025-11065 Affected Packages: nerdctl Issue Correction: Run dnf update nerdctl --releasever 2023.9.20251110 or dnf update --advisory ALAS2023-2025-1259 --releasever 2023.9.20251110 to...

Important: tomcat

Issue Overview: Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could...

Low: thunderbird

Issue Overview: No CVE associated with this advisory Affected Packages: thunderbird Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update thunderbird or yum...

Important: docker

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

Important: runc

Issue Overview: Placeholder CVE. Details forthcoming CVE-2025-31133 net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to b...

Important: runc

Issue Overview: Placeholder CVE. Details forthcoming CVE-2025-31133 net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to b...