Msrc Azl3 Tensorflow 2.16.1-9 On Azure Linux 3.0 vulnerabilities

CVE-2025-66418 [HIGH] CWE-770 urllib3 allows an unbounded number of links in the decompression chain urllib3 allows an unbounded number of links in the decompression chain Mariner: Mariner GitHub_M: GitHub_M Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-66293 [HIGH] CWE-125 LIBPNG has an out-of-bounds read in png_image_read_composite LIBPNG has an out-of-bounds read in png_image_read_composite Mariner: Mariner GitHub_M: GitHub_M Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-66471 [HIGH] CWE-409 urllib3 Streaming API improperly handles highly compressed data urllib3 Streaming API improperly handles highly compressed data Mariner: Mariner GitHub_M: GitHub_M Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-34297 [HIGH] CWE-190 KissFFT Integer Overflow Heap Buffer Overflow via kiss_fft_alloc KissFFT Integer Overflow Heap Buffer Overflow via kiss_fft_alloc Mariner: Mariner VulnCheck: VulnCheck Customer Action Required: Yes

CVE-2025-13837 [LOW] CWE-400 Out-of-memory when loading Plist Out-of-memory when loading Plist Mariner: Mariner PSF: PSF Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-61727 [MEDIUM] Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509 Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509 Mariner: Mariner Go: Go Customer Action Required: Yes

CVE-2025-12084 [MEDIUM] CWE-407 Quadratic complexity in node ID cache clearing Quadratic complexity in node ID cache clearing Mariner: Mariner PSF: PSF Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-13836 [MEDIUM] CWE-400 Excessive read buffering DoS in http.client Excessive read buffering DoS in http.client Mariner: Mariner PSF: PSF Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-64720 [HIGH] CWE-125 LIBPNG is vulnerable to a buffer overflow in `png_image_read_composite` via incorrect palette premultiplication LIBPNG is vulnerable to a buffer overflow in `png_image_read_composite` via incorrect palette premultiplication Mariner: Mariner GitHub_M: GitHub_M Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-65018 [HIGH] CWE-787 LIBPNG is vulnerable to a heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` LIBPNG is vulnerable to a heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` Mariner: Mariner GitHub_M: GitHub_M Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-64505 [MEDIUM] CWE-125 LIBPNG is vulnerable to a heap buffer overflow in `png_do_quantize` via malformed palette index LIBPNG is vulnerable to a heap buffer overflow in `png_do_quantize` via malformed palette index Mariner: Mariner GitHub_M: GitHub_M Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-64506 [MEDIUM] CWE-125 LIBPNG is vulnerable to a heap buffer over-read in `png_write_image_8bit` with grayscale+alpha or RGB/RGBA images LIBPNG is vulnerable to a heap buffer over-read in `png_write_image_8bit` with grayscale+alpha or RGB/RGBA images Mariner: Mariner GitHub_M: GitHub_M Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-66221 [MEDIUM] CWE-67 Werkzeug safe_join() allows Windows special device names Werkzeug safe_join() allows Windows special device names Mariner: Mariner GitHub_M: GitHub_M Customer Action Required: Yes

CVE-2025-10966 [MEDIUM] missing SFTP host verification with wolfSSH missing SFTP host verification with wolfSSH Mariner: Mariner curl: curl Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-47912 [MEDIUM] Insufficient validation of bracketed IPv6 hostnames in net/url Insufficient validation of bracketed IPv6 hostnames in net/url FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with

CVE-2025-58189 [MEDIUM] ALPN negotiation error contains attacker controlled information in crypto/tls ALPN negotiation error contains attacker controlled information in crypto/tls FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of

CVE-2025-58185 [MEDIUM] Parsing DER payload can cause memory exhaustion in encoding/asn1 Parsing DER payload can cause memory exhaustion in encoding/asn1 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries

CVE-2025-61723 [HIGH] Quadratic complexity when parsing some invalid inputs in encoding/pem Quadratic complexity when parsing some invalid inputs in encoding/pem FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source li

CVE-2025-8291 [MEDIUM] ZIP64 End of Central Directory (EOCD) Locator record offset not checked ZIP64 End of Central Directory (EOCD) Locator record offset not checked FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sour

CVE-2025-61725 [HIGH] Excessive CPU consumption in ParseAddress in net/mail Excessive CPU consumption in ParseAddress in net/mail FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is