Amazon Linux 2 Security Advisory: ALAS2-2025-2942
Advisory Released Date: 2025-07-30
Advisory Updated Date: 2025-07-30
Severity:
Medium
Issue Overview:
A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode. (CVE-2024-2467)
Affected Packages:
perl-Crypt-OpenSSL-RSA
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update perl-Crypt-OpenSSL-RSA to update your system.
New Packages:
aarch64:
perl-Crypt-OpenSSL-RSA-0.28-7.amzn2.0.3.aarch64
perl-Crypt-OpenSSL-RSA-debuginfo-0.28-7.amzn2.0.3.aarch64
i686:
perl-Crypt-OpenSSL-RSA-0.28-7.amzn2.0.3.i686
perl-Crypt-OpenSSL-RSA-debuginfo-0.28-7.amzn2.0.3.i686
src:
perl-Crypt-OpenSSL-RSA-0.28-7.amzn2.0.3.src
x86_64:
perl-Crypt-OpenSSL-RSA-0.28-7.amzn2.0.3.x86_64
perl-Crypt-OpenSSL-RSA-debuginfo-0.28-7.amzn2.0.3.x86_64