ALAS2DOCKER-2025-094

Amazon Linux 2 Security Advisory: ALAS2DOCKER-2025-094
Advisory Released Date: 2026-01-05
Advisory Updated Date: 2026-01-05

Severity: Medium

References: CVE-2025-61729
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption. (CVE-2025-61729)

Affected Packages:

docker

Note:

This advisory is applicable to Amazon Linux 2 - Docker Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update docker or yum update --advisory ALAS2DOCKER-2025-094 to update your system.

New Packages:

aarch64:
    docker-25.0.14-1.amzn2.0.1.aarch64
    docker-debuginfo-25.0.14-1.amzn2.0.1.aarch64

src:
    docker-25.0.14-1.amzn2.0.1.src

x86_64:
    docker-25.0.14-1.amzn2.0.1.x86_64
    docker-debuginfo-25.0.14-1.amzn2.0.1.x86_64

Additional References

Release Notes: Amazon Linux 2 Release Notes

Red Hat: CVE-2025-61729

Mitre: CVE-2025-61729