Amazon Linux 2

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2020-1477 Related CVEs: CVE-2018-18751 Upstream summary: An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2020-1460 Related CVEs: CVE-2018-11439 Upstream summary: The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file. (CVE-2018-11439) […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2019-1374 Related CVEs: CVE-2018-20532 CVE-2018-20533 CVE-2018-20534 Upstream summary: There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2019-1320 Related CVEs: CVE-2018-10689 Upstream summary: blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2019-1324 Related CVEs: CVE-2017-15111 CVE-2017-15112 Upstream summary: It was discovered that keycloak-httpd-client-install uses a predictable log file name in /tmp. A local attacker could create a symbolic link to a […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2019-1311 Related CVEs: CVE-2018-19208 Upstream summary: In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2019-1173 Related CVEs: CVE-2015-9262 Upstream summary: _XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow.(CVE-2015-9262) […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2019-1158 Related CVEs: CVE-2018-1113 Upstream summary: Setup in Amazon Linux 2 added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2019-1151 Related CVEs: CVE-2017-18198 CVE-2017-18199 CVE-2017-18201 Upstream summary: A heap corruption bug was found in the way libcdio handled processing of ISO files. An attacker could potentially use this flaw […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2018-1076 Related CVEs: CVE-2018-1063 Upstream summary: Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary […]