ALAS2023-2025-1036

Amazon Linux 2023 Security Advisory: ALAS2023-2025-1036
Advisory Released Date: 2025-06-23
Advisory Updated Date: 2025-06-23
Severity: Medium
Issue Overview:

YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified (CVE-2025-40908)


Affected Packages:

perl-YAML-LibYAML


Issue Correction:
Run dnf update perl-YAML-LibYAML --releasever 2023.7.20250623 to update your system.

New Packages:
aarch64:
    perl-YAML-LibYAML-debugsource-0.82-4.amzn2023.0.3.aarch64
    perl-YAML-LibYAML-debuginfo-0.82-4.amzn2023.0.3.aarch64
    perl-YAML-LibYAML-0.82-4.amzn2023.0.3.aarch64

src:
    perl-YAML-LibYAML-0.82-4.amzn2023.0.3.src

x86_64:
    perl-YAML-LibYAML-debuginfo-0.82-4.amzn2023.0.3.x86_64
    perl-YAML-LibYAML-debugsource-0.82-4.amzn2023.0.3.x86_64
    perl-YAML-LibYAML-0.82-4.amzn2023.0.3.x86_64

Additional References

Release Notes:  Amazon Linux 2023 Release Notes

Red Hat: CVE-2025-40908

Mitre: CVE-2025-40908