Amazon Linux 2023 Security Advisory: ALAS2023-2025-1119
Advisory Released Date: 2025-08-08
Advisory Updated Date: 2025-08-08
Severity:
Important
Issue Overview:
A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior. (CVE-2025-7424)
Affected Packages:
libxslt
Issue Correction:
Run dnf update libxslt --releasever 2023.8.20250808 or dnf update --advisory ALAS2023-2025-1119 --releasever 2023.8.20250808 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
New Packages:
aarch64:
libxslt-debuginfo-1.1.43-1.amzn2023.0.2.aarch64
libxslt-devel-1.1.43-1.amzn2023.0.2.aarch64
python3-libxslt-debuginfo-1.1.43-1.amzn2023.0.2.aarch64
libxslt-debugsource-1.1.43-1.amzn2023.0.2.aarch64
python3-libxslt-1.1.43-1.amzn2023.0.2.aarch64
libxslt-1.1.43-1.amzn2023.0.2.aarch64
src:
libxslt-1.1.43-1.amzn2023.0.2.src
x86_64:
python3-libxslt-debuginfo-1.1.43-1.amzn2023.0.2.x86_64
python3-libxslt-1.1.43-1.amzn2023.0.2.x86_64
libxslt-debugsource-1.1.43-1.amzn2023.0.2.x86_64
libxslt-debuginfo-1.1.43-1.amzn2023.0.2.x86_64
libxslt-1.1.43-1.amzn2023.0.2.x86_64
libxslt-devel-1.1.43-1.amzn2023.0.2.x86_64