ALAS2-2025-3039

Amazon Linux 2 Security Advisory: ALAS2-2025-3039
Advisory Released Date: 2025-10-27
Advisory Updated Date: 2025-10-27

Severity: Low

References: CVE-2025-8961
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

A vulnerability was identified in LibTIFF 4.7.0. This issue affects the function May of the file tiffcrop.c of the component tiffcrop. The manipulation leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. (CVE-2025-8961)

Affected Packages:

compat-libtiff3

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update compat-libtiff3 or yum update --advisory ALAS2-2025-3039 to update your system.

New Packages:

aarch64:
    compat-libtiff3-3.9.4-12.amzn2.0.7.aarch64
    compat-libtiff3-debuginfo-3.9.4-12.amzn2.0.7.aarch64

i686:
    compat-libtiff3-3.9.4-12.amzn2.0.7.i686
    compat-libtiff3-debuginfo-3.9.4-12.amzn2.0.7.i686

src:
    compat-libtiff3-3.9.4-12.amzn2.0.7.src

x86_64:
    compat-libtiff3-3.9.4-12.amzn2.0.7.x86_64
    compat-libtiff3-debuginfo-3.9.4-12.amzn2.0.7.x86_64

Additional References

Release Notes: Amazon Linux 2 Release Notes

Red Hat: CVE-2025-8961

Mitre: CVE-2025-8961