Amazon Linux 2023 Security Advisory: ALAS2023-2025-1194
Advisory Released Date: 2025-09-29
Advisory Updated Date: 2025-09-29
Severity:
Medium
Issue Overview:
A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data. (CVE-2025-5278)
Affected Packages:
coreutils
Issue Correction:
Run dnf update coreutils --releasever 2023.9.20250929 or dnf update --advisory ALAS2023-2025-1194 --releasever 2023.9.20250929 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
New Packages:
aarch64:
coreutils-single-debuginfo-8.32-30.amzn2023.0.4.aarch64
coreutils-single-8.32-30.amzn2023.0.4.aarch64
coreutils-common-8.32-30.amzn2023.0.4.aarch64
coreutils-8.32-30.amzn2023.0.4.aarch64
coreutils-debugsource-8.32-30.amzn2023.0.4.aarch64
coreutils-debuginfo-8.32-30.amzn2023.0.4.aarch64
src:
coreutils-8.32-30.amzn2023.0.4.src
x86_64:
coreutils-single-debuginfo-8.32-30.amzn2023.0.4.x86_64
coreutils-single-8.32-30.amzn2023.0.4.x86_64
coreutils-debugsource-8.32-30.amzn2023.0.4.x86_64
coreutils-common-8.32-30.amzn2023.0.4.x86_64
coreutils-8.32-30.amzn2023.0.4.x86_64
coreutils-debuginfo-8.32-30.amzn2023.0.4.x86_64