ALAS2023-2025-1092

Amazon Linux 2023 Security Advisory: ALAS2023-2025-1092
Advisory Released Date: 2025-08-08
Advisory Updated Date: 2025-08-08
Severity: Medium
Issue Overview:

The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::coded_input_stream::CodedInputStream::skip_group parsing of unknown fields in untrusted input. (CVE-2025-53605)


Affected Packages:

rust


Issue Correction:
Run dnf update rust --releasever 2023.8.20250808 or dnf update --advisory ALAS2023-2025-1092 --releasever 2023.8.20250808 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation

New Packages:
aarch64:
    rust-debuginfo-1.88.0-1.amzn2023.0.2.aarch64
    cargo-debuginfo-1.88.0-1.amzn2023.0.2.aarch64
    cargo-1.88.0-1.amzn2023.0.2.aarch64
    clippy-debuginfo-1.88.0-1.amzn2023.0.2.aarch64
    clippy-1.88.0-1.amzn2023.0.2.aarch64
    rust-analyzer-debuginfo-1.88.0-1.amzn2023.0.2.aarch64
    rustfmt-debuginfo-1.88.0-1.amzn2023.0.2.aarch64
    rustfmt-1.88.0-1.amzn2023.0.2.aarch64
    rust-1.88.0-1.amzn2023.0.2.aarch64
    rust-analyzer-1.88.0-1.amzn2023.0.2.aarch64
    rust-std-static-1.88.0-1.amzn2023.0.2.aarch64
    rust-debugsource-1.88.0-1.amzn2023.0.2.aarch64
    rust-doc-1.88.0-1.amzn2023.0.2.aarch64

noarch:
    rust-debugger-common-1.88.0-1.amzn2023.0.2.noarch
    rust-std-static-wasm32-unknown-unknown-1.88.0-1.amzn2023.0.2.noarch
    rust-std-static-wasm32-wasip1-1.88.0-1.amzn2023.0.2.noarch
    rust-toolset-srpm-macros-1.88.0-1.amzn2023.0.2.noarch
    rust-gdb-1.88.0-1.amzn2023.0.2.noarch
    rust-lldb-1.88.0-1.amzn2023.0.2.noarch
    rust-toolset-1.88.0-1.amzn2023.0.2.noarch
    rust-src-1.88.0-1.amzn2023.0.2.noarch

src:
    rust-1.88.0-1.amzn2023.0.2.src

x86_64:
    rust-debuginfo-1.88.0-1.amzn2023.0.2.x86_64
    clippy-debuginfo-1.88.0-1.amzn2023.0.2.x86_64
    rust-analyzer-1.88.0-1.amzn2023.0.2.x86_64
    rust-std-static-1.88.0-1.amzn2023.0.2.x86_64
    rust-analyzer-debuginfo-1.88.0-1.amzn2023.0.2.x86_64
    cargo-1.88.0-1.amzn2023.0.2.x86_64
    cargo-debuginfo-1.88.0-1.amzn2023.0.2.x86_64
    rustfmt-debuginfo-1.88.0-1.amzn2023.0.2.x86_64
    clippy-1.88.0-1.amzn2023.0.2.x86_64
    rustfmt-1.88.0-1.amzn2023.0.2.x86_64
    rust-1.88.0-1.amzn2023.0.2.x86_64
    rust-debugsource-1.88.0-1.amzn2023.0.2.x86_64
    rust-doc-1.88.0-1.amzn2023.0.2.x86_64

Additional References

Release Notes:  Amazon Linux 2023 Release Notes

Red Hat: CVE-2025-53605

Mitre: CVE-2025-53605