Amazon Linux 2023 Security Advisory: ALAS2023-2026-1517
Advisory Released Date: 2026-04-01
Advisory Updated Date: 2026-04-01
Severity:
Important
Issue Overview:
YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter.
The heap overflow occurs when class names exceed the initial 512-byte allocation.
The base64 decoder could read past the buffer end on trailing newlines.
strtok mutated n->type_id in place, corrupting shared node data.
A memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return. (CVE-2026-4177)
Affected Packages:
perl-YAML-Syck
Issue Correction:
Run dnf update perl-YAML-Syck --releasever 2023.10.20260330 or dnf update --advisory ALAS2023-2026-1517 --releasever 2023.10.20260330 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
New Packages:
aarch64:
perl-YAML-Syck-debuginfo-1.37-1.amzn2023.0.1.aarch64
perl-YAML-Syck-debugsource-1.37-1.amzn2023.0.1.aarch64
perl-YAML-Syck-tests-1.37-1.amzn2023.0.1.aarch64
perl-YAML-Syck-1.37-1.amzn2023.0.1.aarch64
src:
perl-YAML-Syck-1.37-1.amzn2023.0.1.src
x86_64:
perl-YAML-Syck-debuginfo-1.37-1.amzn2023.0.1.x86_64
perl-YAML-Syck-1.37-1.amzn2023.0.1.x86_64
perl-YAML-Syck-tests-1.37-1.amzn2023.0.1.x86_64
perl-YAML-Syck-debugsource-1.37-1.amzn2023.0.1.x86_64