Important: kernel-livepatch-5.10.239-236.958

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cifsoplockbreak CVE-2025-38527 In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix backlog accounting in qdiscdequeueinternal CVE-2025-39677 In the...

Low: libtiff

Issue Overview: A flaw has been found in LibTIFF 4.7.0. This affects the function TIFFmallocExt/TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tiffcmp.c of the component tiffcmp. Executing manipulation can lead to memory leak. The attack is restricted to local execution. The...

Important: libsoup

Issue Overview: A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service DoS. CVE-2025-32049 Affected Packages: libsoup Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

Medium: iperf3

Issue Overview: In iperf before 3.19.1, iperfauth.c has an off-by-one error and resultant heap-based buffer overflow. CVE-2025-54349 In iperf before 3.19.1, iperfauth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt. CVE-2025-54350 Affected...

Medium: coreutils

Issue Overview: A flaw was found in GNU Coreutils. The sort utility's begfield function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash ...

Important: thunderbird

Issue Overview: Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3. CVE-2025-10527 Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component...

Medium: openjpeg2

Issue Overview: openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c. CVE-2025-50952 Affected Packages: openjpeg2 Issue Correction: Run dnf update openjpeg2 --releasever 2023.9.20250929 or dnf update --advisory ALAS2023-2025-1198 --releasever...

Important: kernel-livepatch-6.1.150-174.273

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix backlog accounting in qdiscdequeueinternal CVE-2025-39677 Affected Packages: kernel-livepatch-6.1.150-174.273 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Medium: dcraw

Issue Overview: There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system. CVE-2021-3624 Affected Packages: dcraw Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

Important: microcode_ctl

Issue Overview: Insufficient granularity of access control in the OOB-MSM for some IntelR XeonR 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. CVE-2025-22839 Sequence of processor instructions leads to unexpected behavior for...

Medium: ImageMagick

Issue Overview: ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include insecure functions: SeekBlob, which permits advancing the stream offset beyond the current end without increasing capacity, and WriteBlob,...

Medium: openjpeg2

Issue Overview: openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c. CVE-2025-50952 Affected Packages: openjpeg2 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core a...

Important: firefox

Issue Overview: Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3. CVE-2025-10527 Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cifsoplockbreak CVE-2025-38527 In the Linux kernel, the following vulnerability has been resolved: can: netlink: canchangelink: fix NULL pointer deref of struct canpriv::dosetmod...

Important: kernel-livepatch-5.10.240-238.966

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cifsoplockbreak CVE-2025-38527 In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix backlog accounting in qdiscdequeueinternal CVE-2025-39677 In the...

Important: kernel-livepatch-6.1.141-167.250

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: bridge: mcast: Fix use-after-free during router port configuration CVE-2025-38248 In the Linux kernel, the following vulnerability has been resolved: ACPICA: Refuse to evaluate a method if arguments are missing...

Important: kernel-livepatch-6.1.141-165.249

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: bridge: mcast: Fix use-after-free during router port configuration CVE-2025-38248 In the Linux kernel, the following vulnerability has been resolved: ACPICA: Refuse to evaluate a method if arguments are missing...

Important: kernel-livepatch-6.1.147-172.266

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix backlog accounting in qdiscdequeueinternal CVE-2025-39677 In the Linux kernel, the following vulnerability has been resolved: fs/buffer: fix use-after-free when call bhread helper CVE-2025-39691 In...

Medium: LibRaw

Issue Overview: There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system. CVE-2021-3624 Affected Packages: LibRaw Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

Important: kernel-livepatch-6.12.37-61.105

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix backlog accounting in qdiscdequeueinternal CVE-2025-39677 Affected Packages: kernel-livepatch-6.12.37-61.105 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Important: udisks2

Issue Overview: A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler, which handles requests sent through the D-BUS interface. As two of the parameters of this handle, it receives the...

Medium: libtiff

Issue Overview: A vulnerability was determined in LibTIFF up to 4.5.1. Affected by this issue is the function readSeparateStripsetoBuffer of the file tools/tiffcrop.c of the component tiffcrop. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack...

Important: microcode_ctl

Issue Overview: A potential security vulnerability in some Intelr Processors may allow information disclosure. Intel is releasing microcode updates and prescriptive guidance to mitigate this potential vulnerability. Info:...

Important: thunderbird

Issue Overview: Improper Input Validation vulnerability in Mozilla neqo leads to an unexploitable crash..This issue affects neqo: from 0.4.24 through 0.13.2. CVE-2025-6703 An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also...

Important: firefox

Issue Overview: Improper Input Validation vulnerability in Mozilla neqo leads to an unexploitable crash..This issue affects neqo: from 0.4.24 through 0.13.2. CVE-2025-6703 An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock when cloning inline extents and using qgroups CVE-2021-46987 In the Linux kernel, the following vulnerability has been resolved: uiohvgeneric: Fix another memory leak in error handling paths...

Important: kernel-livepatch-5.10.237-230.949

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ACPICA: Refuse to evaluate a method if arguments are missing CVE-2025-38386 Affected Packages: kernel-livepatch-5.10.237-230.949 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Medium: gstreamer1-plugins-base

Issue Overview: In GStreamer through 1.26.1, the subparse plugin's parsesubriptime function may write data past the bounds of a stack buffer, leading to a crash. CVE-2025-47806 In GStreamer through 1.26.1, the subparse plugin's subripunescapeformatting function may dereference a NULL pointer whil...

Medium: mpg123

Issue Overview: An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to...

Important: microcode_ctl

Issue Overview: Improper buffer restrictions for some IntelR XeonR Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2025-20053 Missing reference to active allocated resource for some IntelR XeonR processors may all...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: idle: Check acpifetchacpidev return value CVE-2022-50327 In the Linux kernel, the following vulnerability has been resolved: cifs: Fix UAF in cifsdemultiplexthread CVE-2023-52572 In the Linux...

Medium: gstreamer1-plugins-good

Issue Overview: GStreamer is a library for constructing graphs of media-handling components. The function qtdemuxparsesbgp in qtdemux.c is affected by a null dereference vulnerability. This vulnerability is fixed in 1.24.10. CVE-2024-47544 In GStreamer through 1.26.1, the isomp4 plugin's...

Low: giflib

Issue Overview: A memory leak out-of-memory in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception or denial of service via a gif format file. CVE-2021-40633 Affected Packages: giflib Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: mm/khugepaged: fix -anonvma race CVE-2023-52935 In the Linux kernel, the following vulnerability has been resolved: netsched: schsfq: reject invalid perturb period CVE-2025-38193 In the Linux kernel, the following...

Important: kernel-livepatch-5.10.238-231.953

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ACPICA: Refuse to evaluate a method if arguments are missing CVE-2025-38386 Affected Packages: kernel-livepatch-5.10.238-231.953 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Important: kernel-livepatch-5.10.238-234.956

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ACPICA: Refuse to evaluate a method if arguments are missing CVE-2025-38386 Affected Packages: kernel-livepatch-5.10.238-234.956 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Medium: python-templated-dictionary

Issue Overview: The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2...

Important: kernel-livepatch-5.10.239-236.958

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ACPICA: Refuse to evaluate a method if arguments are missing CVE-2025-38386 Affected Packages: kernel-livepatch-5.10.239-236.958 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Medium: redis

Issue Overview: TOCTOU in linenoiseHistorySave in linenoise allows local attackers to overwrite arbitrary files and change permissions via a symlink race between fopen"w" on the history path and subsequent chmod on the same path. CVE-2025-9810 Affected Packages: redis Note: This advisory is...

Medium: pki-core

Issue Overview: Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Bootstrap allows Cross-Site Scripting XSS.This issue affects Bootstrap: from 3.4.1 before 4.0.0. CVE-2025-1647 Affected Packages: pki-core Note: This advisory is applicable t...

Medium: edk2

Issue Overview: EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service. CVE-2024-38805 Affected Packages: edk2 Note: This advisory is applicable to Amazon Linux ...

Important: ImageMagick

Issue Overview: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, ImageMagick is vulnerable to heap-buffer overflow read around the handling of images with separate alpha channels when performing image magnification in...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: idle: Check acpifetchacpidev return value CVE-2022-50327 In the Linux kernel, the following vulnerability has been resolved: bpf: Fix helper writes to read-only maps CVE-2024-49861 In the Linux...

Important: wireshark

Issue Overview: SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service CVE-2025-9817 Affected Packages: wireshark Issue Correction: Run dnf update wireshark --releasever 2023.8.20250915 or dnf update --advisory ALAS2023-2025-1175 --releasever 2023.8.20250915 to update your syste...

Medium: glibc

Issue Overview: The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffe...

Important: microcode_ctl

Issue Overview: Improper buffer restrictions for some IntelR XeonR Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2025-20053 Missing reference to active allocated resource for some IntelR XeonR processors may all...

Medium: rust-cargo-c

Issue Overview: tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be...

Important: microcode_ctl

Issue Overview: A potential security vulnerability in some Intelr Processors may allow information disclosure. Intel is releasing microcode updates and prescriptive guidance to mitigate this potential vulnerability. Info:...

Important: kernel-livepatch-6.12.31-35.92

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ACPICA: Refuse to evaluate a method if arguments are missing CVE-2025-38386 Affected Packages: kernel-livepatch-6.12.31-35.92 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Important: kernel-livepatch-6.1.140-154.222

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ACPICA: Refuse to evaluate a method if arguments are missing CVE-2025-38386 Affected Packages: kernel-livepatch-6.1.140-154.222 Issue Correction: Please ensure you have live patching enabled. Run dnf update...