Amazon Linux 2 Security Advisory: ALAS2-2025-2966
Advisory Released Date: 2025-08-19
Advisory Updated Date: 2025-08-19
Severity:
Important
Issue Overview:
A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior. (CVE-2025-7424)
Affected Packages:
libxslt
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update libxslt or yum update --advisory ALAS2-2025-2966 to update your system.
New Packages:
aarch64:
libxslt-1.1.28-6.amzn2.0.5.aarch64
libxslt-devel-1.1.28-6.amzn2.0.5.aarch64
libxslt-python-1.1.28-6.amzn2.0.5.aarch64
libxslt-debuginfo-1.1.28-6.amzn2.0.5.aarch64
i686:
libxslt-1.1.28-6.amzn2.0.5.i686
libxslt-devel-1.1.28-6.amzn2.0.5.i686
libxslt-python-1.1.28-6.amzn2.0.5.i686
libxslt-debuginfo-1.1.28-6.amzn2.0.5.i686
src:
libxslt-1.1.28-6.amzn2.0.5.src
x86_64:
libxslt-1.1.28-6.amzn2.0.5.x86_64
libxslt-devel-1.1.28-6.amzn2.0.5.x86_64
libxslt-python-1.1.28-6.amzn2.0.5.x86_64
libxslt-debuginfo-1.1.28-6.amzn2.0.5.x86_64