Amazon Linux 2023 Security Advisory: ALAS2023-2026-1705
Advisory Released Date: 2026-05-15
Advisory Updated Date: 2026-05-25
Severity:
Medium
Issue Overview:
Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt. (CVE-2026-41989)
Affected Packages:
libgcrypt
Issue Correction:
Run dnf update libgcrypt --releasever 2023.11.20260514 or dnf update --advisory ALAS2023-2026-1705 --releasever 2023.11.20260514 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
New Packages:
aarch64:
libgcrypt-debuginfo-1.10.2-1.amzn2023.0.3.aarch64
libgcrypt-debugsource-1.10.2-1.amzn2023.0.3.aarch64
libgcrypt-devel-debuginfo-1.10.2-1.amzn2023.0.3.aarch64
libgcrypt-1.10.2-1.amzn2023.0.3.aarch64
libgcrypt-devel-1.10.2-1.amzn2023.0.3.aarch64
src:
libgcrypt-1.10.2-1.amzn2023.0.3.src
x86_64:
libgcrypt-debuginfo-1.10.2-1.amzn2023.0.3.x86_64
libgcrypt-1.10.2-1.amzn2023.0.3.x86_64
libgcrypt-debugsource-1.10.2-1.amzn2023.0.3.x86_64
libgcrypt-devel-debuginfo-1.10.2-1.amzn2023.0.3.x86_64
libgcrypt-devel-1.10.2-1.amzn2023.0.3.x86_64