ALAS2023-2026-1417

Amazon Linux 2023 Security Advisory: ALAS2023-2026-1417
Advisory Released Date: 2026-02-05
Advisory Updated Date: 2026-02-05

Severity: Important

References: CVE-2026-23490
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2. (CVE-2026-23490)

Affected Packages:

python-pyasn1

Issue Correction:
Run dnf update python-pyasn1 --releasever 2023.10.20260202 or dnf update --advisory ALAS2023-2026-1417 --releasever 2023.10.20260202 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation

New Packages:

noarch:
    python3-pyasn1-0.4.8-4.amzn2023.0.3.noarch
    python-pyasn1-doc-0.4.8-4.amzn2023.0.3.noarch
    python3-pyasn1-modules-0.4.8-4.amzn2023.0.3.noarch

src:
    python-pyasn1-0.4.8-4.amzn2023.0.3.src

Additional References

Release Notes: Amazon Linux 2023 Release Notes

Red Hat: CVE-2026-23490

Mitre: CVE-2026-23490