Package updates are available for Amazon Linux 2 that fix the following vulnerabilities: CVE-2025-10158: A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue.
3.1.2-11.amzn2.0.63.1.2-11.amzn2.0.6