Amazon Linux 2023 Security Advisory: ALAS2023-2025-1228
Advisory Released Date: 2025-10-27
Advisory Updated Date: 2025-10-27
Severity:
Medium
Issue Overview:
A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash. (CVE-2025-10911)
Affected Packages:
libxslt
Issue Correction:
Run dnf update libxslt --releasever 2023.9.20251027 or dnf update --advisory ALAS2023-2025-1228 --releasever 2023.9.20251027 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
New Packages:
aarch64:
libxslt-debugsource-1.1.43-1.amzn2023.0.3.aarch64
libxslt-debuginfo-1.1.43-1.amzn2023.0.3.aarch64
libxslt-devel-1.1.43-1.amzn2023.0.3.aarch64
python3-libxslt-debuginfo-1.1.43-1.amzn2023.0.3.aarch64
python3-libxslt-1.1.43-1.amzn2023.0.3.aarch64
libxslt-1.1.43-1.amzn2023.0.3.aarch64
src:
libxslt-1.1.43-1.amzn2023.0.3.src
x86_64:
libxslt-debugsource-1.1.43-1.amzn2023.0.3.x86_64
python3-libxslt-debuginfo-1.1.43-1.amzn2023.0.3.x86_64
libxslt-debuginfo-1.1.43-1.amzn2023.0.3.x86_64
libxslt-devel-1.1.43-1.amzn2023.0.3.x86_64
python3-libxslt-1.1.43-1.amzn2023.0.3.x86_64
libxslt-1.1.43-1.amzn2023.0.3.x86_64