Amazon Linux 2023 Security Advisory: ALAS2023-2026-1395
Advisory Released Date: 2026-02-05
Advisory Updated Date: 2026-02-05
Severity:
Important
Issue Overview:
Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string. (CVE-2025-13151)
Affected Packages:
libtasn1
Issue Correction:
Run dnf update libtasn1 --releasever 2023.10.20260202 or dnf update --advisory ALAS2023-2026-1395 --releasever 2023.10.20260202 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
New Packages:
aarch64:
libtasn1-debugsource-4.19.0-1.amzn2023.0.6.aarch64
libtasn1-devel-4.19.0-1.amzn2023.0.6.aarch64
libtasn1-4.19.0-1.amzn2023.0.6.aarch64
libtasn1-tools-4.19.0-1.amzn2023.0.6.aarch64
libtasn1-tools-debuginfo-4.19.0-1.amzn2023.0.6.aarch64
libtasn1-debuginfo-4.19.0-1.amzn2023.0.6.aarch64
src:
libtasn1-4.19.0-1.amzn2023.0.6.src
x86_64:
libtasn1-debugsource-4.19.0-1.amzn2023.0.6.x86_64
libtasn1-4.19.0-1.amzn2023.0.6.x86_64
libtasn1-debuginfo-4.19.0-1.amzn2023.0.6.x86_64
libtasn1-tools-4.19.0-1.amzn2023.0.6.x86_64
libtasn1-tools-debuginfo-4.19.0-1.amzn2023.0.6.x86_64
libtasn1-devel-4.19.0-1.amzn2023.0.6.x86_64