Msrc Cbl2 Cmake 3.21.4-18 On Cbl Mariner 2.0 vulnerabilities

CVE-2025-59375 [HIGH] CWE-770 libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing. libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our cu

CVE-2025-9086 [HIGH] Out of bounds read for cookie path Out of bounds read for cookie path FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to tr

CVE-2025-9301 [MEDIUM] CWE-617 cmake cmForEachCommand.cxx ReplayItems assertion cmake cmForEachCommand.cxx ReplayItems assertion FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is

CVE-2025-5916 [LOW] CWE-190 Libarchive: integer overflow while reading warc files at archive_read_support_format_warc.c Libarchive: integer overflow while reading warc files at archive_read_support_format_warc.c FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most rec

CVE-2025-5917 [LOW] CWE-787 Libarchive: off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c Libarchive: off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recen

CVE-2025-5918 [LOW] CWE-125 Libarchive: reading past eof may be triggered for piped file streams Libarchive: reading past eof may be triggered for piped file streams FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sourc

CVE-2024-48615 [HIGH] CWE-476 Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function header_pax_extension at rchive_read_support_format_tar.c:1844:8. Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function header_pax_extension at rchive_read_support_format_tar.c:1844:8. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially af

CVE-2024-8176 [HIGH] CWE-674 Libexpat: expat: improper restriction of xml entity expansion depth in libexpat Libexpat: expat: improper restriction of xml entity expansion depth in libexpat FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure ver

CVE-2025-0725 [HIGH] CWE-120 gzip integer overflow gzip integer overflow FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this

CVE-2024-57970 [MEDIUM] CWE-126 libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long li libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname. FAQ: Is Azure Linux the only Microsoft product that includ

CVE-2025-0167 [LOW] netrc and default credential leak netrc and default credential leak FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to trans

CVE-2024-8096 [MEDIUM] CWE-295 OCSP stapling bypass with GnuTLS OCSP stapling bypass with GnuTLS FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed