Amazon Linux 2023 Security Advisory: ALAS2023-2025-1131
Advisory Released Date: 2025-08-08
Advisory Updated Date: 2025-08-08
Severity:
Medium
Issue Overview:
The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet.
An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name.
This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition. (CVE-2025-24294)
Affected Packages:
ruby3.2
Issue Correction:
Run dnf update ruby3.2 --releasever 2023.8.20250808 or dnf update --advisory ALAS2023-2025-1131 --releasever 2023.8.20250808 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
New Packages:
aarch64:
ruby3.2-rubygem-io-console-debuginfo-0.6.0-184.amzn2023.0.3.aarch64
ruby3.2-rubygem-psych-debuginfo-5.0.1-184.amzn2023.0.3.aarch64
ruby3.2-devel-3.2.8-184.amzn2023.0.3.aarch64
ruby3.2-bundled-gems-3.2.8-184.amzn2023.0.3.aarch64
ruby3.2-debugsource-3.2.8-184.amzn2023.0.3.aarch64
ruby3.2-bundled-gems-debuginfo-3.2.8-184.amzn2023.0.3.aarch64
ruby3.2-rubygem-psych-5.0.1-184.amzn2023.0.3.aarch64
ruby3.2-rubygem-rbs-debuginfo-2.8.2-184.amzn2023.0.3.aarch64
ruby3.2-rubygem-json-2.6.3-184.amzn2023.0.3.aarch64
ruby3.2-debuginfo-3.2.8-184.amzn2023.0.3.aarch64
ruby3.2-rubygem-json-debuginfo-2.6.3-184.amzn2023.0.3.aarch64
ruby3.2-rubygem-bigdecimal-debuginfo-3.1.3-184.amzn2023.0.3.aarch64
ruby3.2-libs-debuginfo-3.2.8-184.amzn2023.0.3.aarch64
ruby3.2-rubygem-bigdecimal-3.1.3-184.amzn2023.0.3.aarch64
ruby3.2-3.2.8-184.amzn2023.0.3.aarch64
ruby3.2-rubygem-io-console-0.6.0-184.amzn2023.0.3.aarch64
ruby3.2-rubygem-rbs-2.8.2-184.amzn2023.0.3.aarch64
ruby3.2-libs-3.2.8-184.amzn2023.0.3.aarch64
noarch:
ruby3.2-rubygem-minitest-5.25.1-184.amzn2023.0.3.noarch
ruby3.2-rubygems-3.4.19-184.amzn2023.0.3.noarch
ruby3.2-rubygems-devel-3.4.19-184.amzn2023.0.3.noarch
ruby3.2-rubygem-power_assert-2.0.3-184.amzn2023.0.3.noarch
ruby3.2-rubygem-rake-13.0.6-184.amzn2023.0.3.noarch
ruby3.2-rubygem-irb-1.6.2-184.amzn2023.0.3.noarch
ruby3.2-rubygem-test-unit-3.5.7-184.amzn2023.0.3.noarch
ruby3.2-default-gems-3.2.8-184.amzn2023.0.3.noarch
ruby3.2-rubygem-rexml-3.3.9-184.amzn2023.0.3.noarch
ruby3.2-rubygem-rdoc-6.5.1.1-184.amzn2023.0.3.noarch
ruby3.2-rubygem-typeprof-0.21.3-184.amzn2023.0.3.noarch
ruby3.2-rubygem-rss-0.3.1-184.amzn2023.0.3.noarch
ruby3.2-rubygem-bundler-2.4.19-184.amzn2023.0.3.noarch
ruby3.2-doc-3.2.8-184.amzn2023.0.3.noarch
src:
ruby3.2-3.2.8-184.amzn2023.0.3.src
x86_64:
ruby3.2-rubygem-bigdecimal-debuginfo-3.1.3-184.amzn2023.0.3.x86_64
ruby3.2-rubygem-psych-debuginfo-5.0.1-184.amzn2023.0.3.x86_64
ruby3.2-devel-3.2.8-184.amzn2023.0.3.x86_64
ruby3.2-3.2.8-184.amzn2023.0.3.x86_64
ruby3.2-debugsource-3.2.8-184.amzn2023.0.3.x86_64
ruby3.2-libs-debuginfo-3.2.8-184.amzn2023.0.3.x86_64
ruby3.2-rubygem-psych-5.0.1-184.amzn2023.0.3.x86_64
ruby3.2-rubygem-io-console-0.6.0-184.amzn2023.0.3.x86_64
ruby3.2-rubygem-rbs-2.8.2-184.amzn2023.0.3.x86_64
ruby3.2-bundled-gems-debuginfo-3.2.8-184.amzn2023.0.3.x86_64
ruby3.2-rubygem-json-debuginfo-2.6.3-184.amzn2023.0.3.x86_64
ruby3.2-debuginfo-3.2.8-184.amzn2023.0.3.x86_64
ruby3.2-rubygem-io-console-debuginfo-0.6.0-184.amzn2023.0.3.x86_64
ruby3.2-rubygem-json-2.6.3-184.amzn2023.0.3.x86_64
ruby3.2-rubygem-rbs-debuginfo-2.8.2-184.amzn2023.0.3.x86_64
ruby3.2-bundled-gems-3.2.8-184.amzn2023.0.3.x86_64
ruby3.2-rubygem-bigdecimal-3.1.3-184.amzn2023.0.3.x86_64
ruby3.2-libs-3.2.8-184.amzn2023.0.3.x86_64