ALAS2023-2025-1035

Amazon Linux 2023 Security Advisory: ALAS2023-2025-1035
Advisory Released Date: 2025-06-23
Advisory Updated Date: 2025-06-23

Severity: Important

References: CVE-2025-40914
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow.

CryptX embeds a version of the libtommath library that is susceptible to an integer overflow associated with CVE-2023-36328. (CVE-2025-40914)

Affected Packages:

perl-CryptX

Issue Correction:
Run dnf update perl-CryptX --releasever 2023.7.20250623 to update your system.

New Packages:

aarch64:
    perl-CryptX-debuginfo-0.080-1.amzn2023.0.1.aarch64
    perl-CryptX-debugsource-0.080-1.amzn2023.0.1.aarch64
    perl-CryptX-0.080-1.amzn2023.0.1.aarch64

noarch:
    perl-CryptX-tests-0.080-1.amzn2023.0.1.noarch

src:
    perl-CryptX-0.080-1.amzn2023.0.1.src

x86_64:
    perl-CryptX-debuginfo-0.080-1.amzn2023.0.1.x86_64
    perl-CryptX-debugsource-0.080-1.amzn2023.0.1.x86_64
    perl-CryptX-0.080-1.amzn2023.0.1.x86_64

Additional References

Release Notes: Amazon Linux 2023 Release Notes

Red Hat: CVE-2025-40914

Mitre: CVE-2025-40914