ALAS2023-2025-905

Amazon Linux 2023 Security Advisory: ALAS2023-2025-905
Advisory Released Date: 2025-03-26
Advisory Updated Date: 2025-03-26

Severity: Medium

References: CVE-2023-40403
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information. (CVE-2023-40403)

Affected Packages:

libxslt

Issue Correction:
Run dnf update libxslt --releasever 2023.6.20250317 to update your system.

New Packages:

aarch64:
    libxslt-debugsource-1.1.42-3.amzn2023.aarch64
    libxslt-debuginfo-1.1.42-3.amzn2023.aarch64
    python3-libxslt-debuginfo-1.1.42-3.amzn2023.aarch64
    libxslt-devel-1.1.42-3.amzn2023.aarch64
    python3-libxslt-1.1.42-3.amzn2023.aarch64
    libxslt-1.1.42-3.amzn2023.aarch64

src:
    libxslt-1.1.42-3.amzn2023.src

x86_64:
    libxslt-debugsource-1.1.42-3.amzn2023.x86_64
    libxslt-debuginfo-1.1.42-3.amzn2023.x86_64
    python3-libxslt-debuginfo-1.1.42-3.amzn2023.x86_64
    libxslt-1.1.42-3.amzn2023.x86_64
    libxslt-devel-1.1.42-3.amzn2023.x86_64
    python3-libxslt-1.1.42-3.amzn2023.x86_64

Additional References

Release Notes: Amazon Linux 2023 Release Notes

Red Hat: CVE-2023-40403

Mitre: CVE-2023-40403