Amazon Linux 2023 Security Advisory: ALAS2023-2026-1656
Advisory Released Date: 2026-05-14
Advisory Updated Date: 2026-05-14
Severity:
Medium
Issue Overview:
As per upstream advisory: libXpm Out-of-bounds read in xpmNextWord() (CVE-2026-4367)
Affected Packages:
libXpm
Issue Correction:
Run dnf update libXpm --releasever 2023.11.20260511 or dnf update --advisory ALAS2023-2026-1656 --releasever 2023.11.20260511 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
New Packages:
aarch64:
libXpm-devel-debuginfo-3.5.17-3.amzn2023.0.2.aarch64
libXpm-debugsource-3.5.17-3.amzn2023.0.2.aarch64
libXpm-debuginfo-3.5.17-3.amzn2023.0.2.aarch64
libXpm-3.5.17-3.amzn2023.0.2.aarch64
libXpm-devel-3.5.17-3.amzn2023.0.2.aarch64
src:
libXpm-3.5.17-3.amzn2023.0.2.src
x86_64:
libXpm-debuginfo-3.5.17-3.amzn2023.0.2.x86_64
libXpm-debugsource-3.5.17-3.amzn2023.0.2.x86_64
libXpm-devel-debuginfo-3.5.17-3.amzn2023.0.2.x86_64
libXpm-3.5.17-3.amzn2023.0.2.x86_64
libXpm-devel-3.5.17-3.amzn2023.0.2.x86_64