Amazon Linux 2023 Security Advisory: ALAS2023-2026-1508
Advisory Released Date: 2026-04-01
Advisory Updated Date: 2026-04-01
Severity:
Important
Issue Overview:
Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible. (CVE-2026-23868)
Affected Packages:
giflib
Issue Correction:
Run dnf update giflib --releasever 2023.10.20260330 or dnf update --advisory ALAS2023-2026-1508 --releasever 2023.10.20260330 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
New Packages:
aarch64:
giflib-devel-5.2.1-9.amzn2023.0.3.aarch64
giflib-debugsource-5.2.1-9.amzn2023.0.3.aarch64
giflib-debuginfo-5.2.1-9.amzn2023.0.3.aarch64
giflib-utils-debuginfo-5.2.1-9.amzn2023.0.3.aarch64
giflib-5.2.1-9.amzn2023.0.3.aarch64
giflib-utils-5.2.1-9.amzn2023.0.3.aarch64
src:
giflib-5.2.1-9.amzn2023.0.3.src
x86_64:
giflib-utils-5.2.1-9.amzn2023.0.3.x86_64
giflib-debugsource-5.2.1-9.amzn2023.0.3.x86_64
giflib-5.2.1-9.amzn2023.0.3.x86_64
giflib-debuginfo-5.2.1-9.amzn2023.0.3.x86_64
giflib-devel-5.2.1-9.amzn2023.0.3.x86_64
giflib-utils-debuginfo-5.2.1-9.amzn2023.0.3.x86_64