Amazon Linux 2023 Security Advisory: ALAS2023-2026-1791
Advisory Released Date: 2026-06-08
Advisory Updated Date: 2026-06-08
Severity:
Medium
References:
FAQs regarding Amazon Linux ALAS/CVE Severity
FAQs regarding Amazon Linux ALAS/CVE Severity
Issue Overview:
An unsoundness issue (RUSTSEC-2026-0097) was found in the bundled Rust rand crate used by device-mapper-persistent-data. ThreadRng methods use unsafe code that can create aliased mutable references when a custom logger accesses rand::rng() or rand::thread_rng() during reseeding, resulting in undefined behavior.
Affected Packages:
device-mapper-persistent-data
Issue Correction:
Run dnf update device-mapper-persistent-data --releasever 2023.12.20260608 or dnf update --advisory ALAS2023-2026-1791 --releasever 2023.12.20260608 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
New Packages:
aarch64:
device-mapper-persistent-data-debuginfo-0.9.0-7.amzn2023.0.4.aarch64
device-mapper-persistent-data-0.9.0-7.amzn2023.0.4.aarch64
device-mapper-persistent-data-debugsource-0.9.0-7.amzn2023.0.4.aarch64
src:
device-mapper-persistent-data-0.9.0-7.amzn2023.0.4.src
x86_64:
device-mapper-persistent-data-debuginfo-0.9.0-7.amzn2023.0.4.x86_64
device-mapper-persistent-data-0.9.0-7.amzn2023.0.4.x86_64
device-mapper-persistent-data-debugsource-0.9.0-7.amzn2023.0.4.x86_64